Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#281098 - 04/05/2006 12:07 yesterday's board downtime
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
I visited the board right before it was taken down yesterday, and my Firefox went nuts, getting cookie requests from places I'd never heard of and so forth.

The attacker has inserted IFRAMEs at the top that caused a cascade of other things to load, yet strangely, nothing ever appeared on my screen. The evil images and such were still part of the page, and thus showed up in the list of AdBlock-able elements. I have no idea why it happened this way, but I added another 50+ rules to AdBlock to cover it. The next time I stumble on a hacked web page that's playing the same game, I'll hopefully not even notice it!

Top
#281099 - 04/05/2006 12:11 Re: yesterday's board downtime [Re: DWallach]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
I saved the hacked page, which resulted in Firefox saving 650+ files (jpegs, gifs and html).
_________________________
Remind me to change my signature to something more interesting someday

Top
#281100 - 04/05/2006 13:20 Re: yesterday's board downtime [Re: DWallach]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Based on the feedback on the UBBThreads site, this seems to have been the intent. They would exploit one board, and then get a script into the system that could add the iframe to every php and html file found on the server. While the exploit didn't happen on the empeg board, it was affected alongside many other files on the server. Thankfully Vito caught this really quick and had Apache turned off in less then 15 minutes.

I'd also like to thank Vito for the cleanup script he wrote. With a quick bit of python, he had every file on the server cleaned up pretty quickly.

Top