Forums Were Hacked

Some dufus hacked the forum, well it was one file actually but it redirected all links to some crappy image saying the site was hacked by Gayboy or Jackoff some name other name, though I think the ones I listed are closer to what is should be.

Anyway it was an very easy fix. Lets say as hacks go this was about as simple as it could be and only effected the forums and didnt do anything else as I could see other than the directed to the cheesy image. Of course it helps that I keep recent backups so even if the whole of the forums was wiped very little would actually be lost.

Of course the ancient invision board that is being used here is fairly easy to hack into, I just am too lazy and don't want to put in the effort to save everything and change over the forums to something newer and more secure. It would be really easy to do to change if I didn't have to keep users and posts, but it is a fair bit of work to get it to transfer over what is here. Actually I have created a new up to date version but everything here would be lost so I have not done it.

He must have been jealous about the last post I made last night that there is a new team member and that the dorkus was not the new member.

Further check is that is appears to be someone on AOL that was the hiker. Dont know if it will make much difference, but I just added a whole swath of AOL ip range into the banned list. Next step would be to ban all AOL ip's.

Then next step would be nuking existing setup and starting anew with something different.

Hi, SJR.

Banning AOL IP addresses won't solve anything, unless the hacker had a static IP address, because AOL changes IP addresses for each member every time they log on (and sometimes even with every page they surf to), except in some cases which are restricted to broadband users only (only broadband users can have a static IP address on AOL). In other words, banning an AOL IP address is more likely to wind up banning someone who had nothing to do with the hacking than it is to ban the hacker.


This post has been edited by Giovanna del'Arco on Mar 21 2007, 08:37 PM

I know this but I banned as such, 123.123.*.* (the 123 numbers are not AOL, just using as example) which means that if they are on AOL, which I am not even sure on but that was the ip they used for what they did, and I think a dialup ip is not where you would be going through because of how slow it would be even if for a short bit but I figure even though they would get a new ip everytime they log in the first part is likely to stay the same as I think AOL and other dial up ip's would tend to use the first part for a region, the last 3 would change the most and the last 6 would likely be the most that would change especially in the short term. Besides I dont think many AOLers come here anyway so I am fine with banning the entire AOL ip range if necessary.

Like I said the next step after that one would be nuking the forums as they currently exist. Maybe existing in a locked state buried down the directory level but non posting on this one. A new one would be vastly different and probably a bit user unfriendly.

Basically what was done was similar to what started at SN before it nosed dived into basic death.

Hi, SJR.

I'm on AOL (not at the moment, and I usually don't come here through AOL, but I have come here through AOL a few times in the past), on dialup.

I've also had a wide variety of IP addresses through AOL, including different first parts (sometimes I've had three digits and sometimes 2, for example, in the first part).

Many of the larger providers can have multiple ranges of ip addresses and each county's division may actually have more ranges. You can do a lookup on the domain name(s) to see which they have then you can ban all of them however it would take a fair bit of effort which is what you are hoping to avoid... and it appears that Giovanna would be affected as well which is probably not what you intend. And if a person actually knows a few things then faking their ip address source is not that terribly hard to do and then no filter will fix that...

Do you actually have the list of steps to move the data and posts or is it actually not possible? I am willing to help but I have never looked into the exact procedure.

wowsher

This post has been edited by wowsher on Mar 28 2007, 06:03 AM