The International Simutrans Forum

 

Author Topic: Forum hacked - 2011-01-31  (Read 13274 times)

0 Members and 1 Guest are viewing this topic.

Offline Isaac.Eiland-Hall us

  • Benevolent Dictator
  • Administrator
  • *
  • Posts: 3651
  • PanamaCityPC.com/support/
    • Facebook Profile
  • Languages: EN
Forum hacked - 2011-01-31
« on: February 01, 2011, 04:12:07 AM »
Looks like we were hacked. I copied the database and installed from fresh files, but it means all attachments are gone.

I'll see if I can clean things up and offer the previous version of the forum on another subdomain. This will take a few days due to really really really bad timing.

Please report any problems you find.

EDIT: Actually, looks like certain things point to the old installation, which... may be good or may be bad. I'll still be investigating...... :-/
« Last Edit: February 01, 2011, 03:50:01 PM by IgorEliezer »

Offline VictorKoehler

  • *
  • Posts: 157
  • Ahh... Os Transportes de hoje em dia...
    • VK Simutrans - Absolutamente Tudo sobre Simutrans!
Re: Forum hacked - 2011-01-31, in Brazil 2011-02-1
« Reply #1 on: February 01, 2011, 02:25:58 PM »
I would like to congratulate him! Although the forum be with some problems, I realized yesterday 00:40 (World Time
Brasilia, without daylight saving) a message upon entering the forum. Did everything right, disconnected users (like me Sign in with time "forever"), and tried to fix the forum.

I have information about something, when I joined the forum, a virus entered my computer:

A message warning of the Java (TM) 6 Update 20 of Sun Microsystems. I do not understand the message and my Anti-virus (AVG Anti-Virus Free Edition 9) instantly deleted a virus.
Virus Name:
JS/Downloader.Agent

Folder of Infection
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\H2B37C81\jkehgrg_co_cc[1].htm

Warning!
Who connected between 31.01.2011 and 02.01.2011 in different countries, I recommend that you update your anti-virus and search for data from the browser to an anti-virus, it is easier to find an infection in the Temporary Files Internet Explorer (IE).

Thank you for correcting the problem IgorEliezer year
wrong.

I better remember and save the password on my computer.
After the forum to be hacked, I'd forgotten the password, the
is my luck that was saved in Google Chrome




Translated by Google Translate
« Last Edit: February 01, 2011, 10:39:22 PM by VictorKoehler »

Offline Václav

  • Devotee
  • *
  • Posts: 3267
  • formerly VaclavMacurek
  • Languages: CZ, EN
Re: Forum hacked - 2011-01-31
« Reply #2 on: February 02, 2011, 10:39:29 AM »
I have seen these:
- forum displays only default thread unread/read identify icons
- only text New (or Nové in my language) is displayed instead picture with that text

Offline paco_m

  • *
  • Posts: 170
Re: Forum hacked - 2011-01-31
« Reply #3 on: February 02, 2011, 10:49:02 AM »
Just turn off Javascript and if you were affected by this reinstall your InternetExplorer deleting all its config and temp files or better use another browser ;)

Offline Foxglove

  • *
  • Posts: 116
  • Languages: EN, RU
Re: Forum hacked - 2011-01-31
« Reply #4 on: February 02, 2011, 11:07:14 AM »
but it means all attachments are gone.
Not really, as I can see.

Offline Václav

  • Devotee
  • *
  • Posts: 3267
  • formerly VaclavMacurek
  • Languages: CZ, EN
Re: Forum hacked - 2011-01-31
« Reply #5 on: February 02, 2011, 11:23:57 AM »
Just turn off Javascript and if you were affected by this reinstall your InternetExplorer deleting all its config and temp files or better use another browser ;)
I use Firefox.

Offline paco_m

  • *
  • Posts: 170
Re: Forum hacked - 2011-01-31
« Reply #6 on: February 02, 2011, 01:20:23 PM »
I use Firefox.
If the informations about this virus are correct it infects only IE

Offline Václav

  • Devotee
  • *
  • Posts: 3267
  • formerly VaclavMacurek
  • Languages: CZ, EN
Re: Forum hacked - 2011-01-31
« Reply #7 on: February 02, 2011, 01:39:11 PM »
We shall see what we shall see.
Don't say hop before jump.

Offline IgorEliezer br

  • Devotee
  • Administrator
  • *
  • Posts: 4087
  • Cake recipes are cool... REALLY!
    • Igor Eliezer Architect and Urban Planner/Arquiteto e Urbanista
  • Languages: PT, EN, AutoLISP, Python
Re: Forum hacked - 2011-01-31
« Reply #8 on: February 02, 2011, 04:20:38 PM »
- forum displays only default thread unread/read identify icons
- only text New (or Nové in my language) is displayed instead picture with that text

It's likely all custom images, including language ones, were lost during the process.

Don't worry, I'll especially take care of it.


Offline VictorKoehler

  • *
  • Posts: 157
  • Ahh... Os Transportes de hoje em dia...
    • VK Simutrans - Absolutamente Tudo sobre Simutrans!
Re: Forum hacked - 2011-01-31
« Reply #9 on: February 03, 2011, 12:17:58 AM »
Just turn off Javascript and if you were affected by this reinstall your InternetExplorer deleting all its config and temp files or better use another browser ;)
I use Coogle Chrome, I opened the forum by an extension of Chrome called "IE Tab ", it displays the IE browser in Chrome.
Do not listen to any problem on the computer, anti-virus does not allowed.

Offline An_dz

  • Web Admin
  • Administrator
  • *
  • Posts: 2900
  • D'oh
    • by An_dz
  • Languages: pt, en, it, (de)
Re: Forum hacked - 2011-01-31
« Reply #10 on: February 03, 2011, 01:39:59 AM »
I use Opera and no problems at all.
I only found two problems, the forum's Simutrans theme have gone. And I received some spams.

Offline VictorKoehler

  • *
  • Posts: 157
  • Ahh... Os Transportes de hoje em dia...
    • VK Simutrans - Absolutamente Tudo sobre Simutrans!
Re: Forum hacked - 2011-01-31 - Consequences
« Reply #11 on: February 03, 2011, 01:53:23 AM »
 just look at all the issues, because this hacker, not
there are no images of any theme, users who have opted
by different themes, just in WHITE!

Offline jamespetts gb

  • Simutrans-Extended project coordinator
  • Devotee
  • *
  • Posts: 18721
  • Cake baker
    • Bridgewater-Brunel
  • Languages: EN
Re: Forum hacked - 2011-01-31
« Reply #12 on: February 03, 2011, 10:23:16 AM »
The favicon.ico is still missing.

Offline paco_m

  • *
  • Posts: 170
Re: Forum hacked - 2011-01-31
« Reply #13 on: February 03, 2011, 05:23:33 PM »
And I received some spams.

That's bad, seems that they got all the email addresses from the forum registration :S

Offline An_dz

  • Web Admin
  • Administrator
  • *
  • Posts: 2900
  • D'oh
    • by An_dz
  • Languages: pt, en, it, (de)
Re: Forum hacked - 2011-01-31
« Reply #14 on: February 03, 2011, 10:47:13 PM »
That's bad, seems that they got all the email addresses from the forum registration :S
I think so, have you received any message talking about weight loss? I think the email was an_dy_pagodeira@hotmail.com and I also received an ivitation in Windows Live Messenger to enter in Adult talk chat group.

Still missing Simutrans theme, it was so cool. :D

Offline isidoro

  • Devotee
  • *
  • Posts: 1129
Re: Forum hacked - 2011-01-31
« Reply #15 on: February 03, 2011, 11:33:56 PM »
That's bad, seems that they got all the email addresses from the forum registration :S

I'm lucky.  My email address has no spam.  And now, it hasn't either.  So, I don't think they got our email addresses.

Offline IgorEliezer br

  • Devotee
  • Administrator
  • *
  • Posts: 4087
  • Cake recipes are cool... REALLY!
    • Igor Eliezer Architect and Urban Planner/Arquiteto e Urbanista
  • Languages: PT, EN, AutoLISP, Python
Re: Forum hacked - 2011-01-31 (did you get spams? Please read this)
« Reply #16 on: February 04, 2011, 12:40:57 AM »
Again, just to make sure:

It's likely all custom images, including language ones, were lost during the process.

Don't worry, I'll especially take care of it.

So, all custom images: favicons, language images, forum theme images and mostly a part of custom material was lost due to forum reinstall (see 1st post), in other words, we (Isaac) installed the forum again from scratch with the database we had. The attachments mostly is safe, although we had thought otherwise.

Last, I'll reupload all custom content whenever I have the proper settings to do so. But, think, we didn't lose anything important. :D

EDIT:

And I received some spams.

And those who received too: This forum is set up so that user profiles (including e-mail addresses) are hidden from visitors; this means spambots and malicious "visitors" can't capture your personal data so easily. But there are two simple means so that they can still get your e-mail address:

1) signing up for account, since only forum members can open user profiles;
2) a forum member carelessly posts his e-mail on public, since spambots can "read" the public posts.

Then, if you want, I would recommend you to:

- don't post your e-mail address as well as any personal data on public;
- hide your e-mail address from public by setting "Hide my e-mail" on your user profile (besides, if someone wants it, they'll ask you, and we admins can access it safely).

That's all.
« Last Edit: February 04, 2011, 01:02:48 AM by IgorEliezer »

Offline paco_m

  • *
  • Posts: 170
Re: Forum hacked - 2011-01-31
« Reply #17 on: February 04, 2011, 08:31:20 AM »
IgorEliezer, regardeless of the settings in my user profile the email address is stores in the forums database.
As we already know the hacker corrupted the forum software and this implies that he had also access to the database and all our mail accounts and was able to download the full list of user data  :P

Offline Václav

  • Devotee
  • *
  • Posts: 3267
  • formerly VaclavMacurek
  • Languages: CZ, EN
Re: Forum hacked - 2011-01-31
« Reply #18 on: February 04, 2011, 10:10:06 AM »
I hope following words won't cause any ban on me:

Dear, paco_m, what you wrote seems be clear - but I have following experience with spam:

1. At all times you cannot be sure that somewhere will appear your e-mail address in usable form
2. Don't make any answer on spam and spam-like messages* - and after sometime you shall not be target of those messages
3. Set very strict filter
4. E-mail address without password is not so dangerous as it seems be - if you keep in mind points 2 and 3

* - messages from addresses you know that they are safe - but in other addressees are e-mail adresses you don't know (messages name often begins FWD: FWD: )

Offline paco_m

  • *
  • Posts: 170
Re: Forum hacked - 2011-01-31
« Reply #19 on: February 04, 2011, 02:26:20 PM »
I hope following words won't cause any ban on me
why do you think you could get banned for this?

However I was not asking for help or hints what to do, the email I used to register in this forum is already so spammed that I don't care; actually I stopped reading the inbox of this mail account years ago and have another mail for real correspondence ;)
Just wanted to comment the situation, personally I don't have a problem with that.

Offline Václav

  • Devotee
  • *
  • Posts: 3267
  • formerly VaclavMacurek
  • Languages: CZ, EN
Re: Forum hacked - 2011-01-31
« Reply #20 on: February 04, 2011, 03:08:35 PM »
Someone could understand those words bad.

Offline IgorEliezer br

  • Devotee
  • Administrator
  • *
  • Posts: 4087
  • Cake recipes are cool... REALLY!
    • Igor Eliezer Architect and Urban Planner/Arquiteto e Urbanista
  • Languages: PT, EN, AutoLISP, Python
Re: Forum hacked - 2011-01-31
« Reply #21 on: February 04, 2011, 06:45:12 PM »
IgorEliezer, regardeless of the settings in my user profile the email address is stores in the forums database.
As we already know the hacker corrupted the forum software and this implies that he had also access to the database and all our mail accounts and was able to download the full list of user data  :P

I know. But I was speaking of spambots, not about hackers. A hacking attach is not as often as a bot that "reads" the forums everyday.

Offline An_dz

  • Web Admin
  • Administrator
  • *
  • Posts: 2900
  • D'oh
    • by An_dz
  • Languages: pt, en, it, (de)
Re: Forum hacked - 2011-01-31
« Reply #22 on: February 05, 2011, 12:44:16 PM »
Hey guys, you're doing to much mess. It's clear that it was a coincidence these spam I received.
Then, if you want, I would recommend you to:

- don't post your e-mail address as well as any personal data on public;
- hide your e-mail address from public by setting "Hide my e-mail" on your user profile (besides, if someone wants it, they'll ask you, and we admins can access it safely).
My settings are ok, I always do it on every site and I haven't posted my email somewhere. Probably one of my friend got viruses. Maybe a virus on windows live messenger. See, nobody more received spams. I just told a possibility.

Offline Václav

  • Devotee
  • *
  • Posts: 3267
  • formerly VaclavMacurek
  • Languages: CZ, EN
Re: Forum hacked - 2011-01-31
« Reply #23 on: February 05, 2011, 07:36:16 PM »
- hide your e-mail address from public by setting "Hide my e-mail" on your user profile (besides, if someone wants it, they'll ask you, and we admins can access it safely).
I found that my e-mail is hidden (I think this would not be changed at all in future - at least for some time) - but it was public before hack attack. It is okay - but this is not reflected in list of users - where still e-mails are showed.

-->
And as I found few whiles ago, one else result of hack attack was disappearing of icons for some smileys - arrow, exclaim, idea, question, red x, award.
« Last Edit: February 05, 2011, 08:44:17 PM by VaclavMacurek »

Offline IgorEliezer br

  • Devotee
  • Administrator
  • *
  • Posts: 4087
  • Cake recipes are cool... REALLY!
    • Igor Eliezer Architect and Urban Planner/Arquiteto e Urbanista
  • Languages: PT, EN, AutoLISP, Python
Re: Forum hacked - 2011-01-31
« Reply #24 on: February 07, 2011, 01:37:43 AM »
And as I found few whiles ago, one else result of hack attack was disappearing of icons for some smileys - arrow, exclaim, idea, question, red x, award.

I managed to rescue the original forum theme and all custom stuff, including icons, from my old computer.

@All: If something related to the forum theme is missing due to the attack, don't worry, it's all recoverable. Sit tight, I'll upload them when I'll be able to.

Now, I'm locking this topic. This discussion has lasted too long.
« Last Edit: February 07, 2011, 02:53:57 AM by IgorEliezer »

Offline Isaac.Eiland-Hall us

  • Benevolent Dictator
  • Administrator
  • *
  • Posts: 3651
  • PanamaCityPC.com/support/
    • Facebook Profile
  • Languages: EN
Re: Forum hacked - 2011-01-31
« Reply #25 on: February 07, 2011, 02:38:57 PM »
As I said before, it will take me a few days. I was involved in TWO shows last week - designing sound and running sound for one; running sound and singing in another.

I am nearly back, but due to issues I don't want to describe, I will not start on this until later today and tomorrow; however, that's the latest. So please bear with me.

I have all of the old files. The reason the attachments work is because certain forum settings are still pointing to the old directories.

Offline VS

  • Senior Plumber (Devotee)
  • Devotee
  • *
  • Posts: 4855
  • Vladimír Slávik
    • VS's Simutrans site
  • Languages: CS,EN
Re: Forum hacked - 2011-01-31
« Reply #26 on: February 08, 2011, 10:02:14 AM »
If you wonder why language suddenly changed to English:

To fix problems with moderator features, I switched to "new" theme. Thus, we also lost language packs... for some time, forum interface will be English only.