Unoffical empeg BBS

Quick Links: Empeg FAQ | Software | RioCar.Org | Hijack | jEmplode | emphatic
Repairs: Repairs | Addons: Eutronix | Cases

Topic Options
#367826 - 11/11/2016 06:29 Riocar.org going down for now
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7830
Loc: Seattle, WA
Something compromised my VPS and I can't identify how or if it's still a problem. I did get proof from the provider from a tcpdump showing my host participating in a recent DDoS and suspect it's something that came in via a PHP exploit of some sort. So for now RioCar.org is going down till I can identify the issue and resolve it. No current ETA.

It's been a while since I've done much security side, anyone up to date on what web vulnerability scanner software is both safe to use and knows how to detect vulnerabilities in various PHP files?
_________________________
Tom

Top
#367827 - 11/11/2016 08:33 Re: Riocar.org going down for now [Re: drakino]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5651
Loc: Wivenhoe, Essex, UK
I've used https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

It isn't PHP specific, but it is actively maintained and you get to run it locally.

Is it time to just make RioCar.org static ? I'm wondering how much work it would be to spider it and then add some htaccess mappings/tweak some of the static output ?
_________________________
Remind me to change my signature to something more interesting someday

Top
#367828 - 11/11/2016 16:38 Re: Riocar.org going down for now [Re: drakino]
matthew_k
pooh-bah

Registered: 12/02/2002
Posts: 2287
Loc: Berkeley, California
+1 on making it a static site at this point, I'd like to see the content stay available for posterity. Put it on github and let any changes happen via pull request?

Top
#367829 - 11/11/2016 16:39 Re: Riocar.org going down for now [Re: drakino]
matthew_k
pooh-bah

Registered: 12/02/2002
Posts: 2287
Loc: Berkeley, California
BTW, this hardly seems on topic for the off topic board. :-)

Top
#367830 - 11/11/2016 16:42 Re: Riocar.org going down for now [Re: drakino]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7830
Loc: Seattle, WA
A static conversion of it was my plan, one day...
_________________________
Tom

Top
#367831 - 11/11/2016 16:51 Re: Riocar.org going down for now [Re: drakino]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5651
Loc: Wivenhoe, Essex, UK
I'm happy to take the files/database and give it a bash at some point. Probably not for the next few months though frown
_________________________
Remind me to change my signature to something more interesting someday

Top
#368322 - 06/02/2017 12:51 Re: Riocar.org going down for now [Re: drakino]
LittleBlueThing
addict

Registered: 11/01/2002
Posts: 604
Loc: Reading, UK
Any progress - I want to look at the FAQ so I'm motivated to hack at the problem if I can get hold of the DB etc smile
_________________________
LittleBlueThing Running twin 30's

Top
#368323 - 06/02/2017 13:50 Re: Riocar.org going down for now [Re: LittleBlueThing]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5651
Loc: Wivenhoe, Essex, UK
I haven't had the time I'm afraid, not likely to in the immediate future.

I'm happy to host it alongside empegbbs, if someone can make it into a static site.

Or maybe import it into a mediawiki or similar ?

Tom has the databases etc


Edited by andy (06/02/2017 13:50)
_________________________
Remind me to change my signature to something more interesting someday

Top
#368326 - 06/02/2017 21:46 Re: Riocar.org going down for now [Re: drakino]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7830
Loc: Seattle, WA
I'll need to finish the static conversion, and it was started before the site went down. There's private details in the RioCar DB that go beyond what is in the board DB, and it would be more effort to purge that and hand over the files to someone else. It's mostly from some of the community event signups/coordination that were a part of the ancient RioCar.org era.

The ability to access the data from the web side was intentionally broken long ago, but the raw info in the DB hadn't been fully scrubbed.

No promises, but I'm hoping an upcoming vacation and some recent stress relief will let my mind focus enough to wrap up the static conversion part. Steps left there are to retool the script to pull from a VM of the server, instead of the live site, and get the VM up to date with the snapshot from before the web intrusion.

I have a personal goal to try and get to this soon. It's a good distracting project to work on, and has some decent progress already. The idea and work for the conversion started well before the outage, as the code that runs the site is too ancient to run on up to date PHP installs. As it was, RioCar.org threw a number of depreciation warnings, and the codebase is a mess. Part of that is due to securing the site by intentionally breaking parts of the site that weren't seeing any changes like the old front news page. Thankfully the PHP version the site ran on still received critical security patches, but it wasn't enough to stop whatever lightly exploited the server to help participate in a DDoS on other servers.

I hear the community wanting it back, and thank you to those in the community helping with the stress relief by speaking out about current events.
_________________________
Tom

Top