Donate Now Goal amount for this year: 3000 USD, Received: 1207 USD (40%)

Results 1 to 8 of 8
Like Tree3Likes
  • 3 Post By Munkholm

Thread: Damn hackers!

  1. #1
    Administrator Munkholm's Avatar
    Join Date
    December 7, 2010
    Location
    Kingdom of Denmark
    Posts
    4,209
    Current Local Time
    08:19 PM

    Angry Damn hackers!

    I'm sorry to inform everybody that the forum got hacked today.


    We where in the middle of migrating the forum to the next hosting plan, due to the lack of CPU power on the old plan. Right in the middle of this migration, hackers successfully managed to enter some faulty code into the datastore, causing all request to revitforum.org to be redirected. Sadly they also managed to use the SMTP server to send out spam mail, appearing to be comming from webmaster@revitforum.org

    I will highly encourage everyone to change their forum passwords. Better safe than sorry, right?

    The good news is that the forum is now migrated to a faster VPS, and that the host quickly restored everything to a state just prior to the hack.

    The bad news is, that even though we had a rather recent backup to restore from, there will be missing a few hours. And no, there's NO way to restore those. Sorry!

    I'm truly sorry for the inconvenience this may have caused everyone, and will see if there's further that can be done to prevent something like this happening again.


    Here's a thread at vB with more info....
    Last edited by Munkholm; March 24th, 2012 at 12:43 AM. Reason: Link to vB

  2. #2
    Administrator Munkholm's Avatar
    Join Date
    December 7, 2010
    Location
    Kingdom of Denmark
    Posts
    4,209
    Current Local Time
    08:19 PM
    Having had a bit more time to investigate this issue, it seems like it might be a exploit en the vbSEO plugin. Have just applied the latest patch for vbSEO, and the technical crew at Servint is investigating the server - Hopefully they'll figure out for sure how this happened, so we can prevent it from happening again!
    gwnelson, rpict and Drew like this.

  3. #3
    Moderator
    "I am NOT a Revit tutor!"
    Dave Jones's Avatar
    Join Date
    December 7, 2010
    Location
    San Luis Obispo, California USA
    Posts
    4,486
    Current Local Time
    11:19 AM
    Quote Originally Posted by Munkholm View Post
    Having had a bit more time to investigate this issue, it seems like it might be a exploit en the vbSEO plugin. Have just applied the latest patch for vbSEO, and the technical crew at Servint is investigating the server - Hopefully they'll figure out for sure how this happened, so we can prevent it from happening again!
    I'm just glad that I don't have your job...damned hackers!

  4. #4
    Autodesk JeffH's Avatar
    Join Date
    December 13, 2010
    Location
    The Ivory Tower (Manchester NH)
    Posts
    763
    Current Local Time
    02:19 PM
    I saw this happen last evening. I actually thought My computer got hacked/virus attacked for a few minutes. Then I realized it was the site and not me.

  5. #5
    Member hypnox1's Avatar
    Join Date
    December 9, 2010
    Location
    The Mothership
    Posts
    170
    Current Local Time
    01:19 PM
    I'm sort of curious why Anon even hit this site. They have a tendency to go after people that **** them off and not really go after random sites.

  6. #6
    Administrator Munkholm's Avatar
    Join Date
    December 7, 2010
    Location
    Kingdom of Denmark
    Posts
    4,209
    Current Local Time
    08:19 PM
    My guess is that they "just" wanted to abuse our system to help them spread a message. (Redirecting http requests, and abusing the SMTP system)
    The hack itself, was in that way rather harmless - Apparently they made no attempts to ruin anything... But just to be sure, I chose to have the forum restored to a known clean state, instead of trying to clean up after them.

  7. #7
    Member JeffreyMcGrew's Avatar
    Join Date
    December 10, 2010
    Location
    Oakland, ca
    Posts
    294
    Current Local Time
    11:19 AM
    Sometimes hacks like this are automated. We've had simular attacks on our website, where it's not a 'hacker' exactly, but instead a script that's just looking for easy weaknesses to exploit as part of a larger scheme.

    So I don't think hackers or Anon 'singled out' RevitForum; instead someone who's looking to push their agenda (and is looking for sites to do it) most likely is running a script that is trying to take over ANY website running this forum software.

  8. #8
    Administrator Munkholm's Avatar
    Join Date
    December 7, 2010
    Location
    Kingdom of Denmark
    Posts
    4,209
    Current Local Time
    08:19 PM
    Exactly my thoughts Jeffery. Lots of other vB forums have been hit by the same hacker, or script, which is taking advantage of faulty code in the vbSEO add-on.

    vbSEO posted this official apology, but I wish that they would have notified me by email, when they launced the patch back in January (They claim that they DID sent it by email, but never the less I didn't get it), since I rarely visit their site.

    FWIW, the server get's attacked several times per day, by hackers, or more likely scripts, looking for a way in. The server is locked down pretty damn tight, so unless there's more faulty code in vB or one of the add-ons, it's not likely that they'll get in again.
    Last edited by Munkholm; March 26th, 2012 at 05:30 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •