News:

Congratulations!
 You've won the News Item Lottery! Your prize? Reading this news item! :)

Forum hacked - 2011-01-31

Started by Isaac Eiland-Hall, February 01, 2011, 04:12:07 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Isaac Eiland-Hall

Looks like we were hacked. I copied the database and installed from fresh files, but it means all attachments are gone.

I'll see if I can clean things up and offer the previous version of the forum on another subdomain. This will take a few days due to really really really bad timing.

Please report any problems you find.

EDIT: Actually, looks like certain things point to the old installation, which... may be good or may be bad. I'll still be investigating...... :-/

VictorKoehler

#1
I would like to congratulate him! Although the forum be with some problems, I realized yesterday 00:40 (World Time
Brasilia, without daylight saving) a message upon entering the forum. Did everything right, disconnected users (like me Sign in with time "forever"), and tried to fix the forum.

I have information about something, when I joined the forum, a virus entered my computer:

A message warning of the Java (TM) 6 Update 20 of Sun Microsystems. I do not understand the message and my Anti-virus (AVG Anti-Virus Free Edition 9) instantly deleted a virus.
Virus Name:
JS/Downloader.Agent

Folder of Infection
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\H2B37C81\jkehgrg_co_cc[1].htm

Warning!
Who connected between 31.01.2011 and 02.01.2011 in different countries, I recommend that you update your anti-virus and search for data from the browser to an anti-virus, it is easier to find an infection in the Temporary Files Internet Explorer (IE).

Thank you for correcting the problem IgorEliezer year
wrong.

I better remember and save the password on my computer.
After the forum to be hacked, I'd forgotten the password, the
is my luck that was saved in Google Chrome





Translated by Google Translate


Download of the PAK64.Brasil b3ta here

Václav

I have seen these:
- forum displays only default thread unread/read identify icons
- only text New (or Nové in my language) is displayed instead picture with that text

Chybami se člověk učí - ale někteří lidé jsou nepoučitelní

paco_m

Just turn off Javascript and if you were affected by this reinstall your InternetExplorer deleting all its config and temp files or better use another browser ;)

Foxglove


Václav

Quote from: paco_m on February 02, 2011, 10:49:02 AM
Just turn off Javascript and if you were affected by this reinstall your InternetExplorer deleting all its config and temp files or better use another browser ;)
I use Firefox.

Chybami se člověk učí - ale někteří lidé jsou nepoučitelní

paco_m

Quote from: VaclavMacurek on February 02, 2011, 11:23:57 AM
I use Firefox.
If the informations about this virus are correct it infects only IE

Václav

We shall see what we shall see.
Don't say hop before jump.

Chybami se člověk učí - ale někteří lidé jsou nepoučitelní

IgorEliezer

Quote from: VaclavMacurek on February 02, 2011, 10:39:29 AM
- forum displays only default thread unread/read identify icons
- only text New (or Nové in my language) is displayed instead picture with that text

It's likely all custom images, including language ones, were lost during the process.

Don't worry, I'll especially take care of it.


VictorKoehler

Quote from: paco_m on February 02, 2011, 10:49:02 AM
Just turn off Javascript and if you were affected by this reinstall your InternetExplorer deleting all its config and temp files or better use another browser ;)
I use Coogle Chrome, I opened the forum by an extension of Chrome called "IE Tab ", it displays the IE browser in Chrome.
Do not listen to any problem on the computer, anti-virus does not allowed.


Download of the PAK64.Brasil b3ta here

An_dz

I use Opera and no problems at all.
I only found two problems, the forum's Simutrans theme have gone. And I received some spams.

VictorKoehler

 just look at all the issues, because this hacker, not
there are no images of any theme, users who have opted
by different themes, just in WHITE!


Download of the PAK64.Brasil b3ta here

jamespetts

The favicon.ico is still missing.
Download Simutrans-Extended.

Want to help with development? See here for things to do for coding, and here for information on how to make graphics/objects.

Follow Simutrans-Extended on Facebook.

paco_m

Quote from: An_dz on February 03, 2011, 01:39:59 AM
And I received some spams.

That's bad, seems that they got all the email addresses from the forum registration :S

An_dz

Quote from: paco_m on February 03, 2011, 05:23:33 PM
That's bad, seems that they got all the email addresses from the forum registration :S
I think so, have you received any message talking about weight loss? I think the email was an_dy_pagodeira@hotmail.com and I also received an ivitation in Windows Live Messenger to enter in Adult talk chat group.

Still missing Simutrans theme, it was so cool. :D

isidoro

Quote from: paco_m on February 03, 2011, 05:23:33 PM
That's bad, seems that they got all the email addresses from the forum registration :S

I'm lucky.  My email address has no spam.  And now, it hasn't either.  So, I don't think they got our email addresses.

IgorEliezer

Again, just to make sure:

Quote from: IgorEliezer on February 02, 2011, 04:20:38 PM
It's likely all custom images, including language ones, were lost during the process.

Don't worry, I'll especially take care of it.

So, all custom images: favicons, language images, forum theme images and mostly a part of custom material was lost due to forum reinstall (see 1st post), in other words, we (Isaac) installed the forum again from scratch with the database we had. The attachments mostly is safe, although we had thought otherwise.

Last, I'll reupload all custom content whenever I have the proper settings to do so. But, think, we didn't lose anything important. :D

EDIT:

Quote from: An_dz on February 03, 2011, 01:39:59 AM
And I received some spams.

And those who received too: This forum is set up so that user profiles (including e-mail addresses) are hidden from visitors; this means spambots and malicious "visitors" can't capture your personal data so easily. But there are two simple means so that they can still get your e-mail address:

1) signing up for account, since only forum members can open user profiles;
2) a forum member carelessly posts his e-mail on public, since spambots can "read" the public posts.

Then, if you want, I would recommend you to:

- don't post your e-mail address as well as any personal data on public;
- hide your e-mail address from public by setting "Hide my e-mail" on your user profile (besides, if someone wants it, they'll ask you, and we admins can access it safely).

That's all.

paco_m

IgorEliezer, regardeless of the settings in my user profile the email address is stores in the forums database.
As we already know the hacker corrupted the forum software and this implies that he had also access to the database and all our mail accounts and was able to download the full list of user data  :P

Václav

I hope following words won't cause any ban on me:

Dear, paco_m, what you wrote seems be clear - but I have following experience with spam:

1. At all times you cannot be sure that somewhere will appear your e-mail address in usable form
2. Don't make any answer on spam and spam-like messages* - and after sometime you shall not be target of those messages
3. Set very strict filter
4. E-mail address without password is not so dangerous as it seems be - if you keep in mind points 2 and 3

* - messages from addresses you know that they are safe - but in other addressees are e-mail adresses you don't know (messages name often begins FWD: FWD: )

Chybami se člověk učí - ale někteří lidé jsou nepoučitelní

paco_m

Quote from: VaclavMacurek on February 04, 2011, 10:10:06 AM
I hope following words won't cause any ban on me
why do you think you could get banned for this?

However I was not asking for help or hints what to do, the email I used to register in this forum is already so spammed that I don't care; actually I stopped reading the inbox of this mail account years ago and have another mail for real correspondence ;)
Just wanted to comment the situation, personally I don't have a problem with that.

Václav

Someone could understand those words bad.

Chybami se člověk učí - ale někteří lidé jsou nepoučitelní

IgorEliezer

Quote from: paco_m on February 04, 2011, 08:31:20 AM
IgorEliezer, regardeless of the settings in my user profile the email address is stores in the forums database.
As we already know the hacker corrupted the forum software and this implies that he had also access to the database and all our mail accounts and was able to download the full list of user data  :P

I know. But I was speaking of spambots, not about hackers. A hacking attach is not as often as a bot that "reads" the forums everyday.

An_dz

Hey guys, you're doing to much mess. It's clear that it was a coincidence these spam I received.
Quote from: IgorEliezer on February 04, 2011, 12:40:57 AM
Then, if you want, I would recommend you to:

- don't post your e-mail address as well as any personal data on public;
- hide your e-mail address from public by setting "Hide my e-mail" on your user profile (besides, if someone wants it, they'll ask you, and we admins can access it safely).
My settings are ok, I always do it on every site and I haven't posted my email somewhere. Probably one of my friend got viruses. Maybe a virus on windows live messenger. See, nobody more received spams. I just told a possibility.

Václav

#23
Quote from: IgorEliezer on February 04, 2011, 12:40:57 AM
- hide your e-mail address from public by setting "Hide my e-mail" on your user profile (besides, if someone wants it, they'll ask you, and we admins can access it safely).
I found that my e-mail is hidden (I think this would not be changed at all in future - at least for some time) - but it was public before hack attack. It is okay - but this is not reflected in list of users - where still e-mails are showed.

-->
And as I found few whiles ago, one else result of hack attack was disappearing of icons for some smileys - arrow, exclaim, idea, question, red x, award.

Chybami se člověk učí - ale někteří lidé jsou nepoučitelní

IgorEliezer

#24
Quote from: VaclavMacurek on February 05, 2011, 07:36:16 PMAnd as I found few whiles ago, one else result of hack attack was disappearing of icons for some smileys - arrow, exclaim, idea, question, red x, award.

I managed to rescue the original forum theme and all custom stuff, including icons, from my old computer.

@All: If something related to the forum theme is missing due to the attack, don't worry, it's all recoverable. Sit tight, I'll upload them when I'll be able to.

Now, I'm locking this topic. This discussion has lasted too long.

Isaac Eiland-Hall

As I said before, it will take me a few days. I was involved in TWO shows last week - designing sound and running sound for one; running sound and singing in another.

I am nearly back, but due to issues I don't want to describe, I will not start on this until later today and tomorrow; however, that's the latest. So please bear with me.

I have all of the old files. The reason the attachments work is because certain forum settings are still pointing to the old directories.

VS

If you wonder why language suddenly changed to English:

To fix problems with moderator features, I switched to "new" theme. Thus, we also lost language packs... for some time, forum interface will be English only.

My projects... Tools for messing with Simutrans graphics. Graphic archive - templates and some other stuff for painters. Development logs for most recent information on what is going on. And of course pak128!