Author Topic: FSO SEPTEMBER Frame 1 Logs Delayed (Read 4956 times)

Poppy · « **Reply #30 on:** September 09, 2012, 11:54:58 AM »

and again I second FBDragon, thanks for the input and hope you succeed in fixing the hack

Pand · « **Reply #31 on:** September 10, 2012, 01:44:51 PM »

Was the site hit on the 5th or the 6th, and is there an ETA on service restoration?

alpini13 · « **Reply #32 on:** September 10, 2012, 02:12:04 PM »

LOL

sounds like somebody messed with the wrong person,and now they are coming back for revenge.

ghostdancer · « **Reply #33 on:** September 10, 2012, 03:26:26 PM »

Not sure when it happened specifically but it was in the last several days.

No ETA as of yet since we are still trying to track down how they got in. Will update everybody when we have more news on the situation.

Shifty · « **Reply #34 on:** September 10, 2012, 03:57:47 PM »

Quote from: alpini13 on September 10, 2012, 02:12:04 PM

LOL sounds like somebody messed with the wrong person,and now they are coming back for revenge.

I fail to see the humor here. This problem has a negative effect not only on FSO logs but on all events running until the problem is fixed.
Thanks for keeping at it Ghostdancer Midi and Spikes.

CAP1 · « **Reply #35 on:** September 10, 2012, 04:11:16 PM »

Quote from: Shifty on September 10, 2012, 03:57:47 PM

.
Thanks for keeping at it Ghostdancer Midi and Spikes.

seconded. sounds like they're spending every moment of their spare time trying to solve this for us.

Vapor · « **Reply #36 on:** September 10, 2012, 04:14:43 PM »

Salute to those working out the hacking problem. Just a quick question...can someone from HTC post the logs on here until the site is restored? If not, then no big deal. Again, thanks all.

ghostdancer · « **Reply #37 on:** September 10, 2012, 04:26:01 PM »

I will check with Shegotya and Squire about posting the logs here. They would be the raw logs and not pretty at all. You would be able to see who you shot down and types of object destroyed but that is about it.

Oh, and have I mention that I hate hackers.

Tracerfi · « **Reply #38 on:** September 10, 2012, 04:45:32 PM »

Quote from: ghostdancer on September 10, 2012, 04:26:01 PM

Oh, and have I mention that I hate hackers.

who doesn't hate them

Squire · « **Reply #39 on:** September 10, 2012, 07:16:13 PM »

The logs are still there and there is a backup method to scoring the current frames if we have to do that. The data is there. So for now just concentrate on playing the frames and we will see where all this comes out. The September FSO will be scored.

alpini13 · « **Reply #40 on:** September 11, 2012, 12:31:28 AM »

well i for won LOVE hackers...it was a great movie,and angelina jolie is hot

USRanger · « **Reply #41 on:** September 11, 2012, 02:28:30 AM »

HighGTrn · « **Reply #42 on:** September 11, 2012, 11:04:39 AM »

Hey gents. Just my 2 cents... In my opinion (without access to your log files and other tools), it appears that the ahevents.org site is a launching platform for a cross site scripting attack. Here is how it works.

1. Bad guy in Russia hacked ahevents.org via some Web malware content (there are literally hundreds of ways to do this).
2. Now ahevents.org is a launching platform (for lack of better words) for attacks from the Russian site.
3. ahevents.org sits there waiting for a bunch of cartoon pilots to surf to it and check out their FSO scores
a. Cartoon pilot uses a Web browser to surf to ahevents.org
b. Once there, ahevents.org now exploits cartoon pilot's Web browser
c. Once that happens and depending upon how much security is on cartoon pilot's computer...
d. Malware is delivered from Russian site to cartoon pilot's computer
e. Russian dude now has your BoA password (assuming you bank with BoA) and all those nekkid pics of your wife

That's how it works. Best thing to do is reinstall ahevents.org from a known good back up.. Use a web scanner to scan it and go from there. Easier than flying a P38.

S1n1ster

ghostdancer · « **Reply #43 on:** September 11, 2012, 11:45:16 AM »

Yep, they did two things:

1) They installed a mod_rewrite in the .htaccess file and then created additional .htaccess files in the various subdirectories (this causes anybody coming from Google, Bing, Yahoo, etc. search results to be redirect to the Russian site instead of getting to the events site).

2) Next they modified all the JavaScripts to write a hidden iframe on our pages which allows them to run a cross side scripting attack.

We have reinstalled the CMS from a clean backup and the database from a clean backup but it was reinfected (for lack of a better word) shortly after we did this. So basically we have been hunting down exploit / weakness / loop hole that they are using to get in and modify files. Once we track that down and close it up we should be good. Problem with this is just takes a bit of time to hunting down the issue and resolve it and then test to make sure it stays resolved.

Bino · « **Reply #44 on:** September 11, 2012, 11:58:24 AM »

Thank you, Ghostdancer, Spikes, and ForHIM for all the time and effort you folks have been putting into this!

Aces High Bulletin Board

Author Topic: FSO SEPTEMBER Frame 1 Logs Delayed (Read 4956 times)

Poppy

Re: FSO SEPTEMBER Frame 1 Logs Delayed

Pand

Re: FSO SEPTEMBER Frame 1 Logs Delayed

alpini13

Re: FSO SEPTEMBER Frame 1 Logs Delayed

ghostdancer

Re: FSO SEPTEMBER Frame 1 Logs Delayed

Shifty

Re: FSO SEPTEMBER Frame 1 Logs Delayed

CAP1

Re: FSO SEPTEMBER Frame 1 Logs Delayed

Vapor

Re: FSO SEPTEMBER Frame 1 Logs Delayed

ghostdancer

Re: FSO SEPTEMBER Frame 1 Logs Delayed

Tracerfi

Re: FSO SEPTEMBER Frame 1 Logs Delayed

Squire

Re: FSO SEPTEMBER Frame 1 Logs Delayed

alpini13

Re: FSO SEPTEMBER Frame 1 Logs Delayed

USRanger

Re: FSO SEPTEMBER Frame 1 Logs Delayed

HighGTrn

Re: FSO SEPTEMBER Frame 1 Logs Delayed

ghostdancer

Re: FSO SEPTEMBER Frame 1 Logs Delayed

Bino

Re: FSO SEPTEMBER Frame 1 Logs Delayed