| [ Total Views: 1185 | Total Replies: 21 | Thread Id: 7253 ] |
|
|
 vanderaj
A.k.a.: Andrew van der Stock
Super Administrator
a suffusion of yellow
Posts: 3122
Threads: 437
Registered: August 26th, 2002
Member Is Offline
Location: Colorado Springs, CO, USA
Theme: UltimaBB Pro Yellow
Mood: In the family again
|
 posted on June 7th, 2003 at 12:48 AM |
|
|
Security breach
We've had a security breach. I will be taking some action in the next few days to clear this up.
Your passwords are hashed in a one way hash, but we have to assume that they have been taken and brute forced.
What you NEED to do:
If your password here is shared with ANY systems you care about, change the password on the other system. You account and posts here mean nothing in
the grand scheme of things, but your systems need to be protected.
If you see any demands for credit card numbers, send cheques or similar DO NOT SEND THEM. Fraud will result.
If you have submitted a credit card number to "aussieveedubbers", you MUST notify your bank now that a fraudulent event has occurred, and
find out how to report fraudulent transactions. Please e-mail me at ajv@greebo.net, and I will help you if I can find the right people in your bank.
It's usually "card services" and people like Amex have this number printed on the card itself. You're only liable for the first
$50 on the card once you've reported the event.
Andrew
|
|
|
 Grey 57
A.k.a.: Dean
Son of Jim - Creator of Good
Old Grey Cruiser
Posts: 2937
Threads: 355
Registered: August 25th, 2002
Member Is Offline
Location: Phillip Island
Theme: UltimaBB Pro Blue ( Default )
Mood: (OoVoO) (OVO).
|
| posted on June 7th, 2003 at 12:57 AM |
|
|
Do we need to change our password for the forum, Andrew?
|
|
|
vanderaj
A.k.a.: Andrew van der Stock
Super Administrator
a suffusion of yellow
Posts: 3122
Threads: 437
Registered: August 26th, 2002
Member Is Offline
Location: Colorado Springs, CO, USA
Theme: UltimaBB Pro Yellow
Mood: In the family again
|
| posted on June 7th, 2003 at 01:05 AM |
|
|
Don't just yet - the attacker has free range on our server, and can simply re-grab them, or just reset your password.
The administrative passwords have been changed, but I don't think it'll help you guys. I bet it doesn't help me either until I can
figure out how to close the attack window.
Andrew
|
|
|
Shani
Seriously Crusin Dubber
Posts: 147
Threads: 19
Registered: June 4th, 2003
Member Is Offline
Location: Tassieland
Theme: UltimaBB Pro Blue ( Default )
Mood: Freezin'
|
| posted on June 7th, 2003 at 08:14 AM |
|
|
I'm not sure I fully understand but...
As long as we don't keep anything even remotely important on the computer (mind you there ARE my save games in Rollercoaster Tycoon) we should be
fine?
Mine is set up so it doesn't matter if we have to format in a hurry, we use it to play. |
|
|
fatboy
Wolfsburg Wizard
Disciple of Kol
Posts: 603
Threads: 48
Registered: November 1st, 2002
Member Is Offline
Location: Belgrave Victoria
Theme: UltimaBB Pro Blue ( Default )
Mood: Hungry!
|
| posted on June 7th, 2003 at 09:49 AM |
|
|
Andrew,
From a professional point of view when you find out what they have done can you let me know ?
Also if need any help tracking IP 's give me a shout I can usually track them to any city and ISp without any effort (Actaully I'm sure you
can as well :thumb )
" Captain Picard, why are there no Indians on the Enterprise ? Don't you need IT Support ? "
|
|
|
Quickbug
Officially Full-On Dubber
Posts: 363
Threads: 16
Registered: September 24th, 2002
Member Is Offline
Location: Roselands NSW
Theme: UltimaBB Pro Blue ( Default )
Mood: Plucked...
|
| posted on June 7th, 2003 at 10:46 AM |
|
|
FRICKERS!!
|
|
|
haugmichael
Seriously Crusin Dubber
Posts: 146
Threads: 28
Registered: August 26th, 2002
Member Is Offline
Location: Gravesend
Theme: UltimaBB Pro Blue ( Default )
|
| posted on June 7th, 2003 at 12:20 PM |
|
|
Who do I send the bill to when I have my systems back up and running again because of someone's neglet of installing some sort of password
protection.
Surely you must have relised that as this site is viewed world wide that there are some unscrubulious people out there that want to hack any place
they can.
Why was I not informed via e-mail that there has been a breach, I don't always look in the general chit chat section of thi forum.
|
|
|
Brad
Wolfsburg Elder
Posts: 3764
Threads: 332
Registered: August 24th, 2002
Member Is Offline
Location: SE QLD, Mt Nebo
Theme: UltimaBB Pro Blue ( Default )
Mood: Manx Buggy Building
|
| posted on June 7th, 2003 at 03:09 PM |
|
|
Hacks
Hey, settle down, the site being hacked does not effect your own computer or files. They are still at as much risk as they were before. Your log into
the forum is not opening a gateway up into your HDD in anyway.
If you are worried about it download a fire wall like Zone Alert.
I can't beleive how quick some poeple are to start looking for someone to BLAME . The people with the issues here are not the forum. It sits on a
server which I rent and have COMMERCIAL Webistes on. These maybe effected as the worm is inside the fence now. The general populations fences are
unbreached.
Regards,
Brad
|
|
|
duncombemu
A.k.a.: Mark Atkins
Seriously Crusin Dubber
Posts: 199
Threads: 39
Registered: January 4th, 2003
Member Is Offline
Location: Coffs Harbour, NSW
Theme: UltimaBB Psyche Blue
Mood: Be cool.
|
| posted on June 7th, 2003 at 03:58 PM |
|
|
Calm down, it's not the end of the world!
Please, Buggy Brad is right.
Everyone calm down. This type of thing can't effect our computers here in VW land.
Just remember, the forum administration guys, volunteer their time for what I beleive is 'some fun with a pet subject, namely VW's'.
Some of us aren't letting them enjoy themselves.
So please lay off the admin people, they want to have fun too. They are working very hard to 'fix' this 'glitch', so we can all
get back, and we must 'get back', to what's its all about, FUN.
Please settle down be This is not the End of the World!
Regards,
Mark:kiss
Don't ever let anyone tell you, "It can't be done."
|
|
|
fatboy
Wolfsburg Wizard
Disciple of Kol
Posts: 603
Threads: 48
Registered: November 1st, 2002
Member Is Offline
Location: Belgrave Victoria
Theme: UltimaBB Pro Blue ( Default )
Mood: Hungry!
|
| posted on June 7th, 2003 at 04:36 PM |
|
|
I'm calm - I dont want to know what they did to this site (It pretty irrelivant from an end user point of view).
Part of the work I do is making sites secure and testing sites to see if they can be hacked. I would just be interested in finding out the mechanics
they used to get in.
Thats all - Smile Be Happy.
Is the hehehe thing realted to this ?
" Captain Picard, why are there no Indians on the Enterprise ? Don't you need IT Support ? "
|
|
|
vanderaj
A.k.a.: Andrew van der Stock
Super Administrator
a suffusion of yellow
Posts: 3122
Threads: 437
Registered: August 26th, 2002
Member Is Offline
Location: Colorado Springs, CO, USA
Theme: UltimaBB Pro Yellow
Mood: In the family again
|
| posted on June 7th, 2003 at 06:40 PM |
|
|
As far as I can tell, the following things have occured, that have no reasonable explanation:
the censor words changed. There were a lot more of them after not having any for months.
And then there was "hehehehe" for double spaces.
Then someone said that a newbie was asked to submit their credit card details - we will NEVER need your credit card details, so NEVER submit them to
us.
Plus a few administrivative things went wrong that are unexplainable.
Anyway, we run this place as a "best effort", nothing in life is totally risk free. The breach we suffered will probably cause our ISP more
angst than you folks.
Michael, I am happy to take on board your suggestion that we e-mail people in the future. It will require everyone to keep their e-mail address up to
date, though.
This place is protected by username and passwords, although you can choose to stay logged in if you let XMB save a cookie on your computer.
The threats against the board are fairly low - essentially reputation loss (for us), data (message) loss (for everyone), and account issues (such as
someone taking over another person's account). We could go to client-side certificates for authentication, and force people to log in every time,
but I don't think the hassle is worth it. Certainly the cost of mitigation is much higher than the cost of accepting the risk.
I was in the process of doing a code review to minimize the risk of being hacked. Code reviews are what I do for a living, but I have limited time to
do them, and XMB is not a small product. This will simply force me to speed up doing the job.
Andrew
|
|
|
fatboy
Wolfsburg Wizard
Disciple of Kol
Posts: 603
Threads: 48
Registered: November 1st, 2002
Member Is Offline
Location: Belgrave Victoria
Theme: UltimaBB Pro Blue ( Default )
Mood: Hungry!
|
| posted on June 7th, 2003 at 07:06 PM |
|
|
Sounds like a "Script Kiddie" trying their luck.
If the newbie was asked via email then can they please forward it to me.
Thanks
" Captain Picard, why are there no Indians on the Enterprise ? Don't you need IT Support ? "
|
|
|
OvalGlen
Custom Title Time!
Posts: 1361
Threads: 46
Registered: August 27th, 2002
Member Is Offline
Location: Liverpool.
Theme: UltimaBB Pro Blue ( Default )
Mood: Change
|
| posted on June 7th, 2003 at 09:11 PM |
|
|
Fatboy just as a matter of interest, last month I received a Virus via Email attachment which I thought was from a friend.
After quarantine and delete etc, I tried to send a Very Angry return email to this sender but it would not go through.
Can these Scum block any incoming emails.?
Regards,Glenn>
|
|
|
toybug
A.k.a.: Dougie
Casual Dubber
Posts: 26
Threads: 9
Registered: December 2nd, 2002
Member Is Offline
Location: Pakenham
Theme: UltimaBB Pro Blue ( Default )
Mood: as always DAMM FINE
|
| posted on June 7th, 2003 at 10:45 PM |
|
|
course of reply
I have noticed that the controlers have absolute right of removal for any post they deam as incorrect as per the rules Is there any form of redress
if a post is removed for no other reason than the moderater dislikes the post.
I have noticed of late there seems to be a lot of editing going on that is not done by originater can it be mandatory that it reqires 2 moderators to
change or delete a post and that the originator be informed
|
|
|
fatboy
Wolfsburg Wizard
Disciple of Kol
Posts: 603
Threads: 48
Registered: November 1st, 2002
Member Is Offline
Location: Belgrave Victoria
Theme: UltimaBB Pro Blue ( Default )
Mood: Hungry!
|
| posted on June 7th, 2003 at 11:26 PM |
|
|
Ovalglen,
Pretty much depends on how good they are.
When you say you thought it came from a friend is it because it came from "John" or did it actually appear to come from your friends email
address.
It is very easy to send emails with fake return email addresses.
In late march I posted a Virus Warning here as I had recieved a number of viri emails. I have my own mail server and set up differrent addresses for
differant purposes so I was fairly certain that the sender got my address from here.
Anyway it was a pretty sloppy attempt and although the user had set up a fake return address from the header info it was possible to trace the user to
London. I notified the ISP in question and sent them all the relevent info.
I should have posted an update but I was pretty busy and forgot about to now.
Anyway the ISP ( NTL if ne1 cares ) contacted me about a week after to let me know that although they could not release details they had "Taken
appropraite action" against the user - probably just a standard reply but it gave me a wrm fuzzy feeling.
If it came from "John" then it will likely be a situation like the above, if it actaully appeared to come from a friends email then it is
most likely that your friend was infected by a "Worm" and may not have even realised it - a worm will replicate itself by sending itself on
to everyone in your friends email address book.
There are programs out there that will allow you to send virtually untraceable emails.
Hope this helps, generally I wouldn't bother even following any of this kind of stuff up and the only reason I did in the above example was:
1. They probably got the email address here
2. They sent me a few of em
3. They were crap at it.
This is a link to my Virus Warning
http://www.aussieveedubbers.com/forum/viewthread.php?tid=4723
[Edited on 7-6-2003 by fatboy]
" Captain Picard, why are there no Indians on the Enterprise ? Don't you need IT Support ? "
|
|
|
Stanley
Compulsive Aussie Vee Dubber
I guess the reward is in the doing of it
Posts: 4523
Threads: 270
Registered: March 13th, 2003
Member Is Offline
Location: Karalee...near Ipswich Qld
Theme: UltimaBB Psyche Grey
Mood: caught a bolt of lightning cursed the day I let it go
|
| posted on June 8th, 2003 at 02:16 PM |
|
|
I've noticed that the last couple of weeks I've been getting a lot of junk emails. never had a problem before, could this be linked?. Maybe
it juat an amatuer looking for an easy mailing list.
|
|
|
 kombi_kid
Super Moderator
Good Kid too many projects
Posts: 124
Threads: 341
Registered: August 27th, 2002
Member Is Offline
Location: brisvegas
Theme: UltimaBB Pro Blue ( Default )
|
| posted on June 8th, 2003 at 07:05 PM |
|
|
hey fatboy
i was informed by a guy emailing me that he tried to sign up and it asked for credit card details- not via email etc.
cheers
rhys
it aint just cool its aircool'd
|
|
|
fatboy
Wolfsburg Wizard
Disciple of Kol
Posts: 603
Threads: 48
Registered: November 1st, 2002
Member Is Offline
Location: Belgrave Victoria
Theme: UltimaBB Pro Blue ( Default )
Mood: Hungry!
|
| posted on June 8th, 2003 at 09:38 PM |
|
|
Bugger - not much chance of (me) tracing it then
" Captain Picard, why are there no Indians on the Enterprise ? Don't you need IT Support ? "
|
|
|
vanderaj
A.k.a.: Andrew van der Stock
Super Administrator
a suffusion of yellow
Posts: 3122
Threads: 437
Registered: August 26th, 2002
Member Is Offline
Location: Colorado Springs, CO, USA
Theme: UltimaBB Pro Yellow
Mood: In the family again
|
| posted on June 8th, 2003 at 10:54 PM |
|
|
| Quote: | Originally
posted by kombi_kid
hey fatboy
i was informed by a guy emailing me that he tried to sign up and it asked for credit card details- not via email etc.
cheers
rhys
|
Can you send me that e-mail, anyway? I'd like to follow up.
Thanks,
Andrew
|
|
|
OvalGlen
Custom Title Time!
Posts: 1361
Threads: 46
Registered: August 27th, 2002
Member Is Offline
Location: Liverpool.
Theme: UltimaBB Pro Blue ( Default )
Mood: Change
|
| posted on June 8th, 2003 at 11:16 PM |
|
|
fatboy, it was not his exact email address, I had not heard from him for a while and since he has an unusual name I thought he may have changed his
email address. and I was tired.
Had the "Hey check this out" on attachment, thought he had seen some cool VW and wanted to show me......beware of Brendan
Regards,Glenn>
|
|
|
Barry Barcrest
Learner Dubber
Posts: 9
Threads: 1
Registered: July 1st, 2003
Member Is Offline
Location: Birmingham U.K.
Theme: UltimaBB Pro Blue ( Default )
Mood: Covered in piss
|
| posted on July 1st, 2003 at 09:18 PM |
|
|
You guys are lucky, my servers were taken completely offline... I also had pirate warez CD's uploaded onto them once.
|
|
|
cvisors
Learner Dubber
Posts: 4
Threads: 0
Registered: July 1st, 2003
Member Is Offline
Location: Brunswick West
Theme: UltimaBB Pro Blue ( Default )
|
| posted on July 4th, 2003 at 12:39 AM |
|
|
Its a bloody pain
I have worked as a server admin for many years, NT Solaris Linux, you name it, even a mac heh...
My own machine was cracked into many years ago, and not my a skript kiddie, the good thing was that I kept all my logs, and I know the guy who did it
is now in prison, in the UK...
If you have access to the logs you may be able to work out when this happened, and by who.
A quick question, is the machine which this site is hosted on yours, colocated at your ISP, or is it one with many sites hosted on it?
Benjamin |
|
|
squizy
A.k.a.: Paul
Compulsive Aussie Vee Dubber
Thinking about another dub...maybe
Posts: 4082
Threads: 243
Registered: December 17th, 2002
Member Is Offline
Location: Thornleigh
Theme: UltimaBB Pro Blue
|
| posted on July 4th, 2003 at 12:52 AM |
|
|
Andrew,
I work for a multinational IT org, on an Aust Financial account.
Over the past few months, we have had attempted duplicate type websites setup by would be hackers in an attempt to grab login and credit card details
of customers. This attempt that you have highlighted, sounds similar to this attempted fraud - but not by way of duplication - but by modification of
the aussieveedubbers site.
In our organisation, our firewalls project internal traffic, but it is the attempted grabbing of data external to the firewall that is the exposure in
this case.
Our approach is to contact the relevant authorities [ie Police Fraud Squad], and advise them of the hack - seeing that the hacker was attempting to
grab credit card details by way of a fraudulent script.
I hope this helps. If you require some further details, please u2u me, and I will try and provide some details of who we liaise with.
Regards,
Squiz......
|
|
|
squizy
A.k.a.: Paul
Compulsive Aussie Vee Dubber
Thinking about another dub...maybe
Posts: 4082
Threads: 243
Registered: December 17th, 2002
Member Is Offline
Location: Thornleigh
Theme: UltimaBB Pro Blue
|
| posted on July 4th, 2003 at 12:32 PM |
|
|
Andrew [and any other website administrators],
We have just received notification through work of a competition to commence on 06/07 called the Defacers Challenge, which challenges 6000 individuals
or groups to deface as many websites as possible within a 6 hour period.
It as advised that all web administrators have the latests security patches and virus software applied, and keep an eye out for any suspicious
activity.
Squiz......
|
|
|
Doug Sweetman
Veteran Volks Folk
Nil Bastardo Carborundum
Posts: 2128
Threads: 58
Registered: September 23rd, 2002
Member Is Offline
Location: Perth, W.A
Theme: UltimaBB Pro Blue ( Default )
Mood: sweeeeet 
|
| posted on July 4th, 2003 at 03:05 PM |
|
|
Rather than get antsy about it all, I'd like to say a big thank you to all the admin guys for letting us know. It has started a very interesting
thread - I never knew that there was this many IT proffessionals on the forum.
Keep up the good work !!!:beer
|
|
|
