Hacked again...

Moderator: Mod Squad

User avatar
AzCoupe
Administrator
Posts: 1433
Joined: Sat Nov 09, 2002 10:26 am
Location: Mesa, AZ

Hacked again...

Post #1 by AzCoupe » Sat Jun 08, 2013 11:14 pm

This time they really screwed things up..... I spent nearly the entire day trying to restore the data base. The first time, I used a backup that was done yesterday. While I was able to get the topics back, the post were all jumbled and popping up all over the place. For example, when you clicked on a title, you got post that belonged to another title. And when I tried posting a new topic, it put my post under a different topic, rather than starting a new topic. Not good.....

Next, I restored it using a backup from June 4th. That didn't work either.... same problem. The next backup I had was from May 28, but that was even worse. I think that backup was done right after the last hack, so most of the topics were gone. I finally had to call Host Monster and have them help, as this was obviously way beyond my skill level. They tried all sorts of things and kept me on the phone for three hours. In the end... we had to use the backup from May 21st, which is the one I used last week, because we knew it was OK. Seems the hacker not only deleted the DB this time, they also screwed up the search table and the SQ file, I think? I'm not really sure because I couldn't understand most of the stuff the support tech was trying to tell me. At least they got us back up and running, but once again, we lost all of the topics posted after the 21st. Sorry....

The support tech gave me a lot of good information, so I'm going to try a couple of things that may help to prevent these attacks. I just don't know if I have enough computer savvy to figure it out, but we'll see how it goes. He also said it didn't look like they were trolling for information, just someone being malicious. :evil:

What I really need to do, is find someone who understands all this stuff, and is willing to help.
Looking for Performance Parts, see Classic Inlines
Mike

Image

Click here for larger image & info

nightwatchman59
Registered User
Posts: 56
Joined: Wed Jan 23, 2013 1:00 pm

Re: Hacked again...

Post #2 by nightwatchman59 » Sun Jun 09, 2013 3:10 am

Bless you for your efforts, Mr. Coupe. I have learned a great deal on this site. Thank all of you guys!! My ol' red truck runs better because of you!! :nod:

User avatar
Crosley
VIP Member
Posts: 537
Joined: Fri Nov 08, 2002 9:23 pm
Location: Arizona

Re: Hacked again...

Post #3 by Crosley » Sun Jun 09, 2013 9:04 am

Mike, I am just curious on this hacking;

Is the main server or host company server being hacked or just FordSix forums?

i've never really understood this hacking crap the hooligans do
Tony in AZ...

"130 mph is known as first gear at the Bonneville Salt Flats"

User avatar
80broncoman
Global Moderator
Posts: 3317
Joined: Sat Oct 18, 2003 10:49 pm
Location: The Great state of Ohio!!

Re: Hacked again...

Post #4 by 80broncoman » Sun Jun 09, 2013 5:45 pm

I think hackers should be locked up in a Room with a continuous playing of the movie "groundhog day" over and over with no way to shut it off. A month or 2 should do it.
OAPSE Union Member

Real men don't wear Bowties
When it come to engines If its .001 loose nobody knows, But if its .001 too tight EVERYBODY KNOWS!!
80 bronco FUV (farm utility vehicle)300 T-18 3.50s EFI head, offy C dual plenum, 500 edel carb, 1.7 roller rockers, Crane 260 cam EFI Exh

User avatar
Cool23
Registered User
Posts: 675
Joined: Thu Mar 01, 2007 7:20 pm
Location: Castlemaine Australia
Contact:

Re: Hacked again...

Post #5 by Cool23 » Sun Jun 09, 2013 7:38 pm

Of all the forums I belong to I can not understand why this forum is so popular with the hackers !
V8's are great but Six Inlines Just Fine. Cummins Advert.

The link to my project on this forum http://fordsix.com/forum/viewtopic.php?t=41598

CNC-Dude
Registered User
Posts: 1347
Joined: Wed Nov 19, 2008 6:06 pm
Location: N. Ga.
Contact:

Re: Hacked again...

Post #6 by CNC-Dude » Sun Jun 09, 2013 8:35 pm

Cool23 wrote:Of all the forums I belong to I can not understand why this forum is so popular with the hackers !


For real! I have never seen a forum get hacked so many times before in my life. At least every 4-6 months it seems. They must think you have to be rich to fool with a Ford inline, and that they are going ot hit the jackpot or something.
Image

User avatar
StrangeRanger
VIP Member
Posts: 5789
Joined: Fri Nov 08, 2002 5:54 pm
Location: Copley, OH

Re: Hacked again...

Post #7 by StrangeRanger » Mon Jun 10, 2013 12:33 pm

Over the years there have been literally a handful of people who have been shown the door for anti-social behavior and a slightly larger number who have not been banned but have been chased away for their troll-like postings. I'd almost bet the farm that it's one of them seeking vengeance for imagined wrongs. :roll:
1996 F-150 (tow missile)
1993 Mustang 5.0 (hot rod and auto-x monster)
1982 Tiga Formula Ford (SCCA racecar)
2013 Hyundai Elantra Coupe (daily driver)

User avatar
Asa
Registered User
Posts: 4298
Joined: Thu Nov 28, 2002 2:40 pm
Location: Tampa, Tallahassee, Hangin out in some Florida woods somewhere
Contact:

Re: Hacked again...

Post #8 by Asa » Mon Jun 10, 2013 1:38 pm

Mike, I was thinking that I don't think I've seen any real updates to the forum in a while, I realize that it might be because you've just left the regular skins in place, but I was wondering if the software that the forum runs on has been updated in a while?
If there is an update out there, it might be worth doing as usually security patches get included in them.

Sidenote: any possibility in switching to a different forum software? I know a couple guys that run their own forums on vBulletin, I have no clue if they would be willing to do so, but you might be able to work something out with them about having them monitor it.
If that sounds like an option, I can talk to them and put you in contact if they are willing.
Right and Wrong are just words, what matters is what you do

Susie - a work in progress
Clyde - ya mule!

User avatar
Cool23
Registered User
Posts: 675
Joined: Thu Mar 01, 2007 7:20 pm
Location: Castlemaine Australia
Contact:

Re: Hacked again...

Post #9 by Cool23 » Mon Jun 10, 2013 7:12 pm

CNC-Dude wrote:
Cool23 wrote:Of all the forums I belong to I can not understand why this forum is so popular with the hackers !


For real! I have never seen a forum get hacked so many times before in my life. At least every 4-6 months it seems. They must think you have to be rich to fool with a Ford inline, and that they are going ot hit the jackpot or something.


Yes this forum is hacked more than any other I belong to. When you read about hackers chasing politcal and commercial secrets just what is the attraction here ? You have to feel sorry for Admin here as all they do is create work when I am sure the Admin has better things to do with his time.
V8's are great but Six Inlines Just Fine. Cummins Advert.



The link to my project on this forum http://fordsix.com/forum/viewtopic.php?t=41598

User avatar
AzCoupe
Administrator
Posts: 1433
Joined: Sat Nov 09, 2002 10:26 am
Location: Mesa, AZ

Re: Hacked again...

Post #10 by AzCoupe » Mon Jun 10, 2013 7:47 pm

Like RANGER said, it's probably somebody that has a grudge against us.

As for switching to vBulletin, I doubt the DB is interchangeable from one to the other, so we'd probably have to start over. I'm not willing to do that.... There's just to much good information that we've accumulated over the years. Our DB is over a Gig, which is huge compared to many other forums.

One of our members, who has lots of experience with php and SQ, has stepped up and offered to help. :beer:
Looking for Performance Parts, see Classic Inlines
Mike

Image

Click here for larger image & info

User avatar
JackFish
VIP Member
Posts: 2729
Joined: Thu May 26, 2005 7:31 pm
Location: Winnipeg Manitoba Canada

Re: Hacked again...

Post #11 by JackFish » Tue Jun 11, 2013 12:40 am

Hackers just exploit vulnerabilities for fun.
It's probably nothing personal, just an easy target.
1978 Ford Fairmont station wagon
1978 Ford Fairmont station wagon
Yup, I bought another one.
1996 Chevy Caprice 9C1 (3)
1999 Dodge Ram 2500

Econoline64
Registered User
Posts: 45
Joined: Sun Dec 12, 2010 12:49 pm

Re: Hacked again...

Post #12 by Econoline64 » Tue Jun 11, 2013 12:41 am

Damn Chevy guys... Always out to get us. :bang:
Image

User avatar
ludwig
VIP Member
Posts: 3266
Joined: Wed Jan 28, 2004 12:11 am
Location: Las Vegas, baby!!

Re: Hacked again...

Post #13 by ludwig » Tue Jun 11, 2013 9:45 am

No kidding. They colonized Hot Rod magazine years ago.
Image

Livin' the dream. Dad n' daughter.

datac
Registered User
Posts: 32
Joined: Sun Oct 11, 2009 12:31 am

Re: Hacked again...

Post #14 by datac » Tue Jun 11, 2013 12:13 pm

It's likely nothing to do with the content of the site at all, and everything to do with the phpBB version.

It's usually a kid who's written a script to crawl the web looking for unpatched forum installs, and when he finds them he breaks them- sort of the electronic equivalent of throwing rocks through the windows of neglected/abandoned houses/cars/whatever. He gets to brag about his leet skillz to his buddies, that's about it. Not only has he probably never seen the site before the hack, there's a fair chance he may not even speak the language.
Image

User avatar
CoupeBoy
VIP Member
Posts: 3432
Joined: Fri Nov 08, 2002 12:17 am
Location: Fargo, ND
Contact:

Re: Hacked again...

Post #15 by CoupeBoy » Wed Jun 12, 2013 12:20 pm

AzCoupe wrote:The support tech gave me a lot of good information, so I'm going to try a couple of things that may help to prevent these attacks. I just don't know if I have enough computer savvy to figure it out, but we'll see how it goes. He also said it didn't look like they were trolling for information, just someone being malicious. :evil:

What I really need to do, is find someone who understands all this stuff, and is willing to help.
Which part is it that you need help with? I assume that the host company provides all the security updates for the server? I also assume that they lock down all ports (incoming/outgoing) except the ones required for the site to run (port 80) and for you to remotely connect (if you need to) either via RDP (port 3389 - windows server) or SSH (port 22 -- Linux host).

Which should leave you with only a couple issues to manage.
Site Security (keeping up with the ever changing patches or security modules)
Backup and Disaster recovery (which it sounds like you have been doing)
One of the most important, and often skipped parts of backup/disaster recovery is TESTING that it actually works. Unfortunately you have had to test yours on the real site, ideally they would give you another test forum to work with.

FWIW, I have working knowledge from personal hobby stuff working with PHP and MySQL (which is most likely what this is running on versus MSSQL or PostgreSQL) I work in IT, I know enough to be useful or dangerous about many things computer related. If you need another set of eyes/hands just let me know.
1968 Mustang Daily Driver Rebuild (on hold for the Season 3/1/2015)
1963.5 Falcon Convertible Build (just getting started 3/15/2015)
Case 1830 Skidsteer FordSix Repower Thread (started 4/4/2015)
1970 170/C4
1967 200/C4
1965 240/bellhousing/flywheel/clutch/3.03 bell pattern
1975 250/flexplate
1975 300/flywheel

User avatar
Cool23
Registered User
Posts: 675
Joined: Thu Mar 01, 2007 7:20 pm
Location: Castlemaine Australia
Contact:

Re: Hacked again...

Post #16 by Cool23 » Thu Jun 13, 2013 6:19 pm

I think the hackers have not liked me posting about Ford Australia ceasing production as every time the forum has been hacked the topic has vanished. :roll:
V8's are great but Six Inlines Just Fine. Cummins Advert.



The link to my project on this forum http://fordsix.com/forum/viewtopic.php?t=41598

User avatar
xctasy
VIP Member
Posts: 6416
Joined: Sat Nov 09, 2002 10:40 am
Location: PO Box 7072 Dunedin 9011,South Island, NEW ZEALAND
Contact:

Re: Hacked again...

Post #17 by xctasy » Mon Jun 17, 2013 2:53 am

Cool23 wrote:I think the hackers have not liked me posting about Ford Australia ceasing production as every time the forum has been hacked the topic has vanished. :roll:


Agreed. Although its not just us. Two of my favourite forums. The hackers are mental as anything. Its happened too many times. I took up drinking. The nips are getting bigger as I wait for the database to get healed.

http://www.lyricswow.com/mental-as-anyt ... any-times/
http://www.youtube.com/watch?v=j_X3KmWUog4

Mike and his agents have fixed everything else, especially the moofing issue when we used to lose post information if posting took more than two minutes. Your whole posted data could just vapourise. Now, it really ticks me off when you spend a few hours posting very important information, and it just gets removed. Especially when the information is a consolidation of many years of information. That has happened frequently on the two forums I frequent, and it really grots me off.

Same thing at Four Eyed Pride, althought there are enough haters of that forum around for it not to be a coincidence. LOL, at least yellowbullet guys are fun, and its all about creative freedom. Customisers have been putting five year newer fronts on Fords in Australia all the time, and loving it, where as in the US some feel like its a crime. I've never liked European integrated body contoured headlamps, for me, they are the spawn of satan, but hey, its all about freedom. But that's how car nuts like us have always been, and Long May It Continue

Exhibit A, 15 pages of fun, anti FEP diatribe, an example of why America is great. :beer:

http://www.yellowbullet.com/forum/showt ... p?t=364135


and some other examples.

eg 1 http://forums.corral.net/forums/lounge/ ... pride.html

eg 2 http://www.foxtbirdcougarforums.com/sho ... gone/page2

eg 3 http://www.mustangsacrossamerica.com/fo ... r-is-it-me.


People are around who, due to the American enshrined right to free speech, feel like its there right to call the Admin staff a bunch of fa99ots all because some guys prefer to keep quad headlamps and TRX's on there rusty Foxes. Like me. I don't know when it ever became right to hate people for just networking, but there are people around like that, and we should just be happy that the world is still free enough to nut off. If having a free voice costs this much, then its just fine. More power to free speech!!!!

That's why I love North American websites....you guys allow us all to have opinions and that's why I'll always be here. I refuse to save my posts though, it really grates that the net is still such an unstable place for info, despite the anglelic support of Mike W and is team.


As a point of note, FEP are possibly moving away from vBulletin, its not just FSP that got cybe attacked.

FourEyedPride is moving.
6/16/2013
Due to an unexpected event, we are having to try to move the site to our new host.
We do not yet have a time by which we expect this to be done. We do not believe any data has been lost.
An upgrade may or may not be completed during the course of the move.
We apologize for the inconvenience and deeply appreciate your patience.

Updates will be posted here as things progress.

UPDATE 1 1:30 MST - We are looking at putting up a TEMPORARY forum for those who need to get in touch with one another.
Should we do this, you will have to re-register, it will be completely new and it will disappear once the site is restored.
This temporary board will be a different type of forum software, but similar to what you are used to.

A link will be posted once the forum is installed.

UPDATE 9:30 p.m. MST - You know how ripping into a car to fix one issue winds up snowballing into a much larger mess? Yeah. It's like that.

The good news is that we've got some serious hardware with the new host and once the software is dealt with, it'll be rock solid.
Image
XEC Ltd ICBE's Inter Continental Ballistic Engines-
FAZER 6Bi (M112 & EEC5) or FAZER 6Ti (GT3582 & EEC5) 425 HP 4.1L/250 I-6
FAZER 6V0 3x2-BBL Holley 188 HP 3.3L/200 I-6 or 235 HP 4.1L/250 I-6
X-Flow Engine Components Ltd http://www.xecltd.info/?rd=10

User avatar
80broncoman
Global Moderator
Posts: 3317
Joined: Sat Oct 18, 2003 10:49 pm
Location: The Great state of Ohio!!

Re: Hacked again...

Post #18 by 80broncoman » Mon Jun 17, 2013 10:19 pm

THe offroading club forum I belong to has gotten hit hard a few times.
OAPSE Union Member

Real men don't wear Bowties
When it come to engines If its .001 loose nobody knows, But if its .001 too tight EVERYBODY KNOWS!!
80 bronco FUV (farm utility vehicle)300 T-18 3.50s EFI head, offy C dual plenum, 500 edel carb, 1.7 roller rockers, Crane 260 cam EFI Exh

Return to “REGISTRATION TIPS, RULES & REGULATIONS, or HELP”

Who is online

Users browsing this forum: No registered users and 1 guest