Pop up - virus attack

You can post your questions, problems, kudos and comments about the administration of the website here.
User avatar
The Dieselduck
Administrator
Posts: 2683
Joined: Sun Jul 22, 2007 1:41 pm
Currently located: Nanaimo, British Columbia, Canada (West Coast of Canada)

Pop up - virus attack

Postby The Dieselduck » Tue Apr 24, 2012 3:55 am

Anybody else appearing to get annoying "pop ups" when visiting this site. There should not be but I have a persistent complaint, and I am not seeing any signs of it myself ?
Martin Leduc
Certified Marine Engineer and Webmaster
Martin's Marine Engineering Page
http://www.dieselduck.net

User avatar
JK
Enduring Contributor
Posts: 2676
Joined: Tue Sep 04, 2007 2:29 am
Currently located: East Coast, Canada

Re: pop up?

Postby JK » Wed Apr 25, 2012 3:44 am

I haven't seen it since I talked to you about it :oops:

User avatar
The Dieselduck
Administrator
Posts: 2683
Joined: Sun Jul 22, 2007 1:41 pm
Currently located: Nanaimo, British Columbia, Canada (West Coast of Canada)

The Common Rail has been targeted by "hackers"

Postby The Dieselduck » Wed Apr 25, 2012 4:59 pm

It appears that The Common Rail, our community forum, has been hacked, and the website has been distributing various redirects to spam considered "low threat" by Sophos security software. If you have security software installed, you should get a message like "Malicious Content Blocked", I got the following malware "Mal/Badscr-M" identified as the threat.

From my experimentation it appears to only affect user using Microsoft's Internet Explorer browser. I use Firefox and never saw this issue; also tried Google Chrome and no issues there as well.

There is very little info to go on, it took me quite a while to put the piece together as to what is happening. Right now, I am in the process of figuring out a response and have disabled the forum area. It seems to have resulted from a security breach at my host company, Dreamhost.

As I am downloading the full content of the forum for analysis, Windows Security Essentials detected a backdoor virus in the Avatar folder (...and promptly deleted without giving me more info - arghhh).

I am sorry, especially to those who have been affected directly.

I am in contact with Dreamhost and phpBB to figure out a solution and I will hopefully be back online shortly. - Martin, April 25, 2012, 10:00hrs EST



20:00 hrs EST - The servers were indeed infected, over 260 files were found damaged and have been repaired, others deleted. The site is back up and running and all appears normal, save for some design aspects when using Microsoft Internet Explorer.

I will be upgrading the software so there may be some weird things going on over the next month.

It seems the bonehead uploaded an Avatar that had malicious code in it, which also created a back door to the website - really sucks, I have no idea how much money, or what have you, can drive this type of behaviour.

My wife thinks that the sign of a hacker targeting us is a sign of success, personally I think its so unfortunate that someone would be so smart and waste it on this type of foolish enterprise.

Once again I apologize for the inconvenience this may have caused you. I would also suggest switching to Mozilla Firefox for your browser needs, as it is obviously a more robust program.

- Martin
Martin Leduc
Certified Marine Engineer and Webmaster
Martin's Marine Engineering Page
http://www.dieselduck.net

User avatar
JK
Enduring Contributor
Posts: 2676
Joined: Tue Sep 04, 2007 2:29 am
Currently located: East Coast, Canada

Re: pop up?

Postby JK » Thu Apr 26, 2012 2:43 am

That was quic k Martin, now to go find my avatar, or not!
I agree with you on the type of people who do this. You would think the host would have the security to stop this.

User avatar
The Dieselduck
Administrator
Posts: 2683
Joined: Sun Jul 22, 2007 1:41 pm
Currently located: Nanaimo, British Columbia, Canada (West Coast of Canada)

Re: Pop up - virus attack

Postby The Dieselduck » Thu Apr 26, 2012 12:19 pm

I've disable the avatar feature for now, until I get the program updated, even then I will not allow uploads to the server, I don't think.

Like all marine accidents there is a extensive amount of failures that allowed this incident to go through. I can't put the blame on host company alone, as I have not been very active in making sure the software is religiously updated. The server should have picked that up that wide gaping security hole, but then again the original programmer should have also figured it out, and theres even more blame for Microsoft for their software to have this vulnerability. So you see, plenty of blame to go around. Just like our industry...

The likely scenario is that I approved user...

"Blue Ivy", email: "krgonzales28@yahoo.com" with the IP "202.128.55.170" on March 13, 2012
"ded", email: "seawalker@freemail.ru" with the IP "91.204.228.135" on March 14, 2012

One of these guys, then uploaded virus laden graphic using the upload avatar function, (which was) enabled on this board, which then created a backdoor (opening up all my web server - argggh), which installed code that redirected Internet Explorer users of this board to spam and bullshit websites. At least that's what I am managing to figure out. It looks like it began around March 11 - 15th.

Were back though, somewhat wiser, but ultimately it is very difficult to protect yourself from assholes like these.
Martin Leduc
Certified Marine Engineer and Webmaster
Martin's Marine Engineering Page
http://www.dieselduck.net

User avatar
JK
Enduring Contributor
Posts: 2676
Joined: Tue Sep 04, 2007 2:29 am
Currently located: East Coast, Canada

Re: Pop up - virus attack

Postby JK » Thu Apr 26, 2012 3:15 pm

waaahhhh, I loose my steamship avatar!

User avatar
The Dieselduck
Administrator
Posts: 2683
Joined: Sun Jul 22, 2007 1:41 pm
Currently located: Nanaimo, British Columbia, Canada (West Coast of Canada)

Re: Pop up - virus attack

Postby The Dieselduck » Mon Apr 30, 2012 7:01 am

I turned back on the avatars. But not the upload new, so unfortunately, you will have to choose from the ones I have pre-loaded in the gallery.
Martin Leduc
Certified Marine Engineer and Webmaster
Martin's Marine Engineering Page
http://www.dieselduck.net


Return to “Website Area”

Who is online

Users browsing this forum: No registered users and 0 guests

 

 

cron