Core Decision site got hacked again

Pyro Pilots Lounge. For all topics *not* covered in other DBB forums.

Moderators: fliptw, roid

Post Reply
User avatar
De Rigueur
DBB Admiral
DBB Admiral
Posts: 1189
Joined: Wed Jun 06, 2001 2:01 am
Location: Rural Mississippi, USA

Core Decision site got hacked again

Post by De Rigueur »

Can't access their forum threads.

They're supposed to be coming out with an update soon, too.
User avatar
TigerRaptor
DBB Fleet Admiral
DBB Fleet Admiral
Posts: 2678
Joined: Tue Feb 01, 2000 6:00 am

Post by TigerRaptor »

You can still access the site. But you'll need to hit the stop button before jumps to the next page.
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16125
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Post by Krom »

Heh, again? Tell them to fire whoever is in charge of their internet security. :P
User avatar
Aggressor Prime
DBB Captain
DBB Captain
Posts: 763
Joined: Wed Feb 05, 2003 3:01 am
Location: USA

Post by Aggressor Prime »

It works for me with Firefox.
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

Krom wrote:Heh, again? Tell them to fire whoever is in charge of their internet security. :P
agreed...... :roll:
User avatar
Ferno
DBB Commie Anarchist Thug
DBB Commie Anarchist Thug
Posts: 15153
Joined: Fri Nov 20, 1998 3:01 am

Post by Ferno »

man that's crap.

I can have that fixed in about five minutes.
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

The thing about this that always gets me is that people want more features and more content on the Core Decision Portal but yet they hack the site and cost us time fixing it.

Either way that hack was weak.

Thank You,
Zachary Briggs, Executive Producer
HighOctane Software
(866)328-1886
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

There. Site should be back up. I just love waking up and walking and then having the first thing I hear be, Core Decision got hacked again.

We are also gonna do some upgrades to the site so bear with us on this.

Zach
User avatar
De Rigueur
DBB Admiral
DBB Admiral
Posts: 1189
Joined: Wed Jun 06, 2001 2:01 am
Location: Rural Mississippi, USA

Post by De Rigueur »

zbriggs wrote:The thing about this that always gets me is that people want more features and more content on the Core Decision Portal but yet they hack the site and cost us time fixing it.
I don't think the people who want more content are the ones who did the hacking.

Hope the project is progressing well, Zach.
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

Except for these minor delays not too bad.

Zach
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

OK. We are gonna go ahead and keep the main part of the site down for the next few hours while we make some changes.

If you have any questions or concerns please feel free to give us a call at (866)328-1886.

Thank You,
Zachary Briggs, Executive Producer
HighOctane Software
(866)328-1886
User avatar
woodchip
DBB Benefactor
DBB Benefactor
Posts: 17865
Joined: Tue Jul 06, 1999 2:01 am

Post by woodchip »

Zbriggs, whats your prognostcation as to when we can start beta testing?
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

Hopefully Decemeber or January but don't hold me to that.

Zach
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

OK. The main site is back up but we are still working the forums over.

Zach
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

OK. We have something wierd going on here. When we upgraded the portal it lost the link between the forum's php code and the directories and databases. Anyone have any thoughts on this? They are still there.

Zach
Richard Cranium
DBB Supporter
DBB Supporter
Posts: 1444
Joined: Tue Aug 07, 2001 2:01 am

Post by Richard Cranium »

You do have a backup don't you? Doesn't everyone backup their stuff?

RC
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

Yeah. But that is a work around. The problem is that we are trying to upgrade the php code for security reasons.

Zach
Richard Cranium
DBB Supporter
DBB Supporter
Posts: 1444
Joined: Tue Aug 07, 2001 2:01 am

Post by Richard Cranium »

zbriggs wrote:Yeah. But that is a work around. The problem is that we are trying to upgrade the php code for security reasons.

Zach
What version did you have and what version are you going to?

RC
User avatar
Ferno
DBB Commie Anarchist Thug
DBB Commie Anarchist Thug
Posts: 15153
Joined: Fri Nov 20, 1998 3:01 am

Post by Ferno »

We were using v6.8, and we went to v7.6.
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

We're getting closer. We got the forum theme back and for some people the threads are showing again.

Zach
User avatar
De Rigueur
DBB Admiral
DBB Admiral
Posts: 1189
Joined: Wed Jun 06, 2001 2:01 am
Location: Rural Mississippi, USA

Post by De Rigueur »

Forums now look normal to me.
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

We have determined that the problem seems to occur with FireFox users.
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

OK. We seem to have resolved the issue. If you use FireFox you may need to dump you cache.

Zach
User avatar
Top Wop
DBB Master
DBB Master
Posts: 5104
Joined: Wed Mar 01, 2000 3:01 am
Location: Far from you.
Contact:

Post by Top Wop »

You know there's a flavor of PHP Nuke that comes with all of the security enhancements and plugins. Just plop to your ftp and go.
User avatar
Top Wop
DBB Master
DBB Master
Posts: 5104
Joined: Wed Mar 01, 2000 3:01 am
Location: Far from you.
Contact:

Post by Top Wop »

Here's the link:

http://www.nukefixes.com/

Edit: Some disturbing stuff: Link.

If you dont want the site hacked again then get the Sentenel security add-on or revert to Postnuke (translation scripts avaiable to go PHPNUke to Postnuke). PHPNuke is prone to all sorts of security flaws unless you have a security add-on since the author does not bother to fix them.
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

Actually we just added the sentinel. We don't keep anything on that server that we care about. We don't even keep the database on the server. All the user information is encrypted. I know what you are saying though. We have a custom system we are going to be uploading soon. As we get closer to launch people are going to be hacking the site more.

Zach
User avatar
Instig8
DBB Ace
DBB Ace
Posts: 347
Joined: Wed Jun 20, 2001 2:01 am
Location: Orange County, CA, USA
Contact:

Post by Instig8 »

I didn't see the result of the hack, so I don't know... Most hacks are just bots that exploit a hole in some common software. Bots usually use search engines to find a site to hack, therefore removing software 'signatures' (like software name and version) is a good idea in addition to adding a no-index header to the html.
zbriggs
DBB Ace
DBB Ace
Posts: 215
Joined: Sun Jul 11, 2004 8:22 pm
Location: Michigan
Contact:

Post by zbriggs »

They attached a hitchhiker in the footer is all they did. It was pretty weak.
Unix
DBB Admiral
DBB Admiral
Posts: 1367
Joined: Fri Aug 20, 1999 2:01 am
Location: Omaha, Nebraska
Contact:

Post by Unix »

I had my forums hacked awhile back, and they did the exact same thing to me. I just updated my bb software and that fixed that particular hole.
Post Reply