JeffM Posted January 1, 2005 Posted January 1, 2005 The last 4 or 5 times I have tried to log into hhplace I get a screen that shimmies and says Red Devils Crew from Saudia Arabia. Any one know what thats about? Jeff
Nicole Posted January 1, 2005 Posted January 1, 2005 The last 4 or 5 times I have tried to log into hhplace I get a screen that shimmies and says Red Devils Crew from Saudia Arabia. Any one know what thats about? Jeff I got it too. I tried running a google search for it, but I did not come up with anything obviously relevant. (I also checked my PC for viruses, but did not find any.) the truth shall make you fret
Jeff Posted January 1, 2005 Posted January 1, 2005 The site got hacked (defaced) by some moron hacking crew.. Don't know they did it. I think the securety problem is at the ISP who hosts this site, they don't run the latest and greatest php yet. We were also not running the latest board software. I upgraded this now, so any known vulnerabilities there should be solved now. Good thing the database and all messages were kept intact. Greetz, Jeff --- "She's going shopping, shopping for shoe-oe-oe-oes She wants them in magenta and Caribbean blue-ue-ue-ue" - Imelda, Mark Knopfler
jo Posted January 1, 2005 Posted January 1, 2005 Looks like hackers got into the site, and deleted (or moved) all of the forum software, and all of the messages. The replacement page also contained a Flash File. My computer is set to NOT display those, but it is quite likely that the file MAY have had a virus attached. If you saw an animation at that time, I suggest that you take whatever steps you need to do, in order to ensure that no viruses, trojans, or keylogger programs have been left on your machine by them. Thankfully, the forum and the messages have all reappeared so I can only assume that someone had the foresight to take a backup copy beforehand and which has now been reinstalled. It is possible that a few messages from the early hours of January 1st are missing; it'll need an administrator to confirm that. I have seen forums go down for weeks at a time after a hack like that, and once saw a forum that disappeared alltogether because no-one had archived any of the existing messages. When hackers deleted the forum, it was all gone, for ever. <edit>Jeff posted at the same time</edit>
JeffM Posted January 1, 2005 Author Posted January 1, 2005 Thanks everyone. I did run my antivirus as soon as I saw it thinking it must be my end. And I am certainly glad the site has been resurrected with no obvious problems. Lets hope our host does the right think and does what is required to make the site safer for the future. All the best for the new year JeffM
Jinx Posted January 1, 2005 Posted January 1, 2005 I quess it was just Santy that hit hhplace, nothing more nothing less. More info about Santy http://www.fsecure.fi/v-descs/santy_a.shtml "Santy is a worm was found at December 21st, 2004. It uses a vulnerability in popular phpBB discussion forum software to spread and it uses Google search engine to find vulnerable servers. It does not infect end user computers."
Arctic Posted January 1, 2005 Posted January 1, 2005 Thanks for the link, that was an interesting angle that I didn't think of. t:B What's all the fuss about?
Jeff Posted January 2, 2005 Posted January 2, 2005 I quess it was just Santy that hit hhplace, nothing more nothing less. More info about Santy http://www.fsecure.fi/v-descs/santy_a.shtml "Santy is a worm was found at December 21st, 2004. It uses a vulnerability in popular phpBB discussion forum software to spread and it uses Google search engine to find vulnerable servers. It does not infect end user computers." Although it's well possible the person(s) who hacked the site used this same vulnerability, I'm pretty sure it wasn't the Santy worm. The symptoms were al different from the ones known from the worm. Anyway's, we are up and running again and that's what is important. :-) Greetz, Jeff --- "She's going shopping, shopping for shoe-oe-oe-oes She wants them in magenta and Caribbean blue-ue-ue-ue" - Imelda, Mark Knopfler
PJ Posted January 2, 2005 Posted January 2, 2005 The first time I enountered the "hacked" graphic, it started a countdown from 10. I closed my browser's window at 7 and ran my online anti-virus program. It found no viruses. I then ran my anti-spyware program and found one suspect file (McRegWiz) that tried add itself to my startup registry. I promptly deleted it. Since this site was hacked without any apparent data destruction, that makes us very lucky. But now that a vulnerability has been identified, it must be corrected. Hackers have a tendency to spread news of intrusions and vulnerabilities to other hackers. And who knows how malicious the next attack may be? click .... click .... click .... The sensual sound of stiletto heels on a hard surface.
Becky Posted January 2, 2005 Posted January 2, 2005 I saw the "Red Devils Crew" image too - I was interested to find out what would happen after the countdown. An image of an explosion happened after the 10, 9, 8...........etc then it went to a new image which I did a print screen of. I guess l was rather stupid in leaving it countdown as something malicious may have happened to my PC, but its fairly secure. At first I didn't know if it was some New Year thing that the owner of the site had done, but it soon registered that someone had hacked the site. I'm so glad that everything is back to normal. Happy New Year everyone. Becks. So many shoes & boots to buy in so little time!!
jo Posted January 2, 2005 Posted January 2, 2005 Whilst the details of what is backed up, when and how it is done, and where it is stored, should not be up for public airing, I do hope that all of the user data is backed up on a very regular basis so that the forum can be quickly reloaded should something more serious happen in the future.
JeffM Posted January 2, 2005 Author Posted January 2, 2005 I too saw this (McRegWiz) and thought it was legit because I use McAfee internet security software. I assumed that they were related in some way so gave permission for it to access the internet. I have just done a search on it and it is part of McAfee.com, legally or not I am not sure yet. I will run a spyware check and see what that finds. Jeff
Skirted-UK Posted January 2, 2005 Posted January 2, 2005 I have run Nortons AV and SpyBot several times since I viewed the Red Devils Crew page and found nothing. Both Norton's and SpyBot have been updated recently. "You can check out anytime you like, but you can never leave ! " The Eagles, "Hotel California"
JeffM Posted January 2, 2005 Author Posted January 2, 2005 I have completed a full check on my system and have found nothing. I can only assume that McRegWiz is part of McAfee. com in turn part of McAfee internet security. I think it is the registration wisard. PJ do you McAfee installed on your computer? Jeff
Dawn HH Posted January 2, 2005 Posted January 2, 2005 As you fellows and gals know, I don't have a PC, but my 2 cans and a piece of rope, (My Msn web-tv 2 system), also picked up the hacker from Saudi Arabia. I normally don't pick up viruses as I don't have any hard-drive and therefore have no need for virus protection. In the year that I have been on the internet, this is the first time that I have encountered anything like this. It did cause me to lose an evening of posting, (Which is little to worry about), to the good people of the HH Place Forum, but thankfully everything else seems to be intact and back on line. Maybe this incident should cause the powers-to-be to check into more and better safeguards for the HH Place Forum. Have a very happy and prosperous New Year everyone. Cheers--- Dawn HH High Heeled Boots Forever!
genebujold Posted January 2, 2005 Posted January 2, 2005 For those of you still scratching their heads about what more you can do to protect your computers... 1. Update your Antivirus software to the latest version, then update your antivirus definition files. I recommend Norton Antivirus. Better yet, get Norton Internet Security (which also includes the Antivirus, and a lot more (see link, below). 2. Download and install the following programs: a. AdAware: http://www.lavasoftusa.com/software/adaware/ b. Spybot: http://www.safer-networking.org/en/download/ 3. In each program, check for the latest updates. 4. Run the programs, first AdAware, then Spybot. The default configurations are fine. Strongly consider getting a personal firewall. The best one on the market right now is Symantec's Norton Internet Security, which includes both a firewall and Symantec's Antivirus, as well as a spam-blocker plug-in for your e-mail (and more!): http://www.symantec.com/sabu/nis/nis_pe/ If you're connected via broadband and running behind a router with NAT, such as most Linksys and Netgear products, you're in luck. With an up-to-date and properly configure firmware, your router is the best protection you have against keeping hackers out of your computer! It does nothing against viruses or trojans, however, as most of those are spread via e-mail.
PJ Posted January 3, 2005 Posted January 3, 2005 I have completed a full check on my system and have found nothing. I can only assume that McRegWiz is part of McAfee. com in turn part of McAfee internet security. I think it is the registration wisard. PJ do you McAfee installed on your computer? Jeff I use the online version of McAfee so it's updated automatically (firewall and anti-virus). I suspect since the alert popped up simultaneously with the countdown graphic, I assumed it was malicious. And as for spyware, I use Spy Sweeper software. At one time, I used Adaware, Spybot and Spy Sweeper. But when I would run Spy Sweeper after Adaware and Spybot, it would find things they missed. click .... click .... click .... The sensual sound of stiletto heels on a hard surface.
Jinx Posted January 3, 2005 Posted January 3, 2005 Although it's well possible the person(s) who hacked the site used this same vulnerability, I'm pretty sure it wasn't the Santy worm. The symptoms were al different from the ones known from the worm. Anyway's, we are up and running again and that's what is important. :-) Yes you're right, it was not santy. Anyhow, Red Devils Crew did not get any credit for hacking hhplace.org (or virtual server it is running on) becouse site admins were fast enough to recover site(s) back up and running before hack was approved And like you said, best thing is that we are back in business again
Firefox Posted January 4, 2005 Posted January 4, 2005 Congrats to Jeff for the back up and getting everything running so quickly again!
Bubba136 Posted January 4, 2005 Posted January 4, 2005 Yes. I agree with FF. If Jeff hadn't recognized the problem and fixed it so quickly, we would could have been in really bad shape. Thaks, Jeff for your quick reaction. Being mentally comfortable in your own mind is the key to wearing heels in public.
genebujold Posted January 4, 2005 Posted January 4, 2005 Thanks to Jeff, phpBB is safe. However, if you haven't taken the steps I outlined above, your computers are still vulnerable to spreading voluminous crap around the internet! Thanks in advance for taking the appropriate steps to secure yourselves. - Gene'
Bubba136 Posted January 5, 2005 Posted January 5, 2005 While I realize there are a plethora of computer savy and technically qualified internet managers among the members of this forum (I am not one of them), I also believe that Jeff is well qualified to sort out cause and affect of our recent hacking incident. While I am sure he appreciates the advice and counsel he constantly receives from us, I have faith that, since this is his board, he is more acutely aware of the various versions and limitations of the softwear being used than we would like to recognize. Since I have difficulty decerning an Internet server from a IHOP server, I am content to allow him to operate and maintain this forum as he believes is best. Being mentally comfortable in your own mind is the key to wearing heels in public.
genebujold Posted January 6, 2005 Posted January 6, 2005 While I realize there are a plethora of computer savy and technically qualified internet managers among the members of this forum (I am not one of them), I also believe that Jeff is well qualified to sort out cause and affect of our recent hacking incident. While I am sure he appreciates the advice and counsel he constantly receives from us, I have faith that, since this is his board, he is more acutely aware of the various versions and limitations of the softwear being used than we would like to recognize. Since I have difficulty decerning an Internet server from a IHOP server, I am content to allow him to operate and maintain this forum as he believes is best. As one who's primary business is networking security, I'm not only able to discern the difference between an Internet sever and an IHOP server, but I'm also qualified to render assistance, not to Jeff (it's his board), but to the other members of this forum who may wish to improve their personal security, but are unsure of which direction to take. However, I thank those who did post messages concerning this issue. Most online endeavors are fairly collective efforts, involving the owner of the board, a number of moderators and sysops, the ISP, and the board members themselves. We have a saying in the corporate networking industry: The greatest area of vulnerability is physical security. If someone has physical access to your computer, they own it, regardless of how tightly you may have battened down your hatches. Therefore, the greatest strength with respect to security rests with the individual user. Despite recent advances in automated security systems, it's still the reports by individual users of the systems that account for more than 90% of all detected intrusions. I re-read all the posts in this thread, and there wasn't a single one that was out of line. In fact, the posts themselves say a great deal about how much we care that our online community remains intact, free from malicious outsiders.
Bubba136 Posted January 6, 2005 Posted January 6, 2005 I beg your pardon! If you took my comments as inference that you, or anyone else, were out of line in questioning Jeff's ability as a fourm host, I believe you should read my comment again -- only this time without the built-in defensive attitude. I wasn't insinuating that you or anyone else that offered suggestions to Jeff as to how he should handle the situation were out of line. I was just voicing my support for his ability. Afterall we all have proof positive of his abilities because of what we constantly see and do here. As for the other members technical qualifications, well, we've only their word. Being mentally comfortable in your own mind is the key to wearing heels in public.
genebujold Posted January 6, 2005 Posted January 6, 2005 I beg your pardon! If you took my comments as inference that you, or anyone else, were out of line in questioning Jeff's ability as a fourm host, I believe you should read my comment again -- only this time without the built-in defensive attitude. I wasn't insinuating that you or anyone else that offered suggestions to Jeff as to how he should handle the situation were out of line. I was just voicing my support for his ability. Afterall we all have proof positive of his abilities because of what we constantly see and do here. As for the other members technical qualifications, well, we've only their word. Huh? I wasn't insinuating anything of the kind! Merely that there's a problem, Jeff's doing his job, and so are the members of this board. If anything, your message indicated no one should help Jeff run his board. While most board/forum monitors/owners do quite well, most also welcome inputs from their members. I did, during the 9-1/2 years I ran numerous boards. Jeff - you any different?
Bubba136 Posted January 6, 2005 Posted January 6, 2005 OK, sorry if I misunderestood. I apologize. However, I wasn't saying that members shouldn't offer him suggestons. I was merely expressing my view that despite all of the well meaning suggestions, Jeff be allowed to select the best course of action required to fix the problem. Being mentally comfortable in your own mind is the key to wearing heels in public.
genebujold Posted January 7, 2005 Posted January 7, 2005 OK, sorry if I misunderestood. I apologize. However, I wasn't saying that members shouldn't offer him suggestons. I was merely expressing my view that despite all of the well meaning suggestions, Jeff be allowed to select the best course of action required to fix the problem. I agree completely! Isn't it nice when apparent differences of opinion turn out to be nothing more than simple miscommunication? Those of you who're married probably recognize this quite well! It's so prevalent, in fact, it's the cornerstone concept used by many marriage counselors to help couples "bury the hatchet." Thanks, Bubba, for taking the high road.
Jeff Posted January 8, 2005 Posted January 8, 2005 Huh? I wasn't insinuating anything of the kind! Merely that there's a problem, Jeff's doing his job, and so are the members of this board. If anything, your message indicated no one should help Jeff run his board. While most board/forum monitors/owners do quite well, most also welcome inputs from their members. I did, during the 9-1/2 years I ran numerous boards. Jeff - you any different? No difference there... I read all comments and whenever they seem usefull I'll use them to the better. I'm not an allmighty know-it-all administrator. Greetz, Jeff --- "She's going shopping, shopping for shoe-oe-oe-oes She wants them in magenta and Caribbean blue-ue-ue-ue" - Imelda, Mark Knopfler
Recommended Posts