| Author |
 Topic  |
|
taropatch
Average Member
USA
741 Posts |
 Posted - 21 December 2004 : 09:50:38
|
I use snitz on a couple sites - one serving as a small intranet (really internet) for my company.
This server was hacked last night. My index.html page has been deleted and my forum/default.asp says:quote:
This appears to be a server vulnerability, not a snitz vulnerability. I know that I have to work this out with my webhost but, in your opinion, how likely is it that my other html or asp files have been corrupted. Or if my snitz access database was compromised? Not that there is any valuable info there but I wonder if I should replace all my files. 
Oh yeah, and fyi, I'm running 3.4.04 with all fixes applied. |
Edited by - taropatch on 21 December 2004 09:51:35 |
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 21 December 2004 : 09:55:03
|
| Who are you hosted with (if you dont mind me asking)? I've had this problem but only when dealing with free hosts (websamba) |
-Stim |
 |
|
|
taropatch
Average Member
USA
741 Posts |
Posted - 21 December 2004 : 10:16:32
|
As long as the moderators do not mind me saying... my site is hosted at readyhosting.com.
And this appears to affect more than just the default.asp pages because simply restoring those pages has not fixed the problem. Looks like all .asp pages have been overwritten. |
Edited by - taropatch on 21 December 2004 10:21:41 |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 21 December 2004 : 11:14:50
|
Have you reported it to your host ? the security of the servers is their responsibility.
Don't replace your files until you have informed your Host, they may want to take a look |
|
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 21 December 2004 : 11:18:18
|
| Yes, and they might want to know of any vulnerabilities that may exist |
-Stim |
|
|
|
taropatch
Average Member
USA
741 Posts |
Posted - 21 December 2004 : 12:36:54
|
| Yes, first thing I did was report it to the host. I'm still waiting to hear back on whether they can restore the files. Also what happened and what steps they've taken to assure me that the hacker doesn't do the same thing tomorrow. |
|
|
|
Nina
Starting Member
34 Posts |
Posted - 21 December 2004 : 13:32:36
|
I got the same message on my Snitz forum page this morning. Fortunately, the rest of my site didn't get touched.
I emailed my web host about it, and he got back to me immediately. He says they're working it out and trying to find out what the problem might be. They're also trying to get back all the info on my forum. My host is wonderful! The techs aren't going to leave for holiday vacation until this problem is solved. 
If anyone is unhappy with their web host, I would highly recommend the one I use. Any time I email them a question - they're on it immediately.
Here's their site:
http://www.siterightnow.com/index.html
-Nina |
|
|
|
taropatch
Average Member
USA
741 Posts |
Posted - 21 December 2004 : 14:01:02
|
FYI, I found this info on my own:
http://www.viruslist.com/en/weblog
It appears that the vulnerability is in phpbb. Should windows hosts have this vulnerability (i.e. customers running phpbb instead of an asp forum like snitz)? |
Edited by - taropatch on 21 December 2004 14:02:32 |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 21 December 2004 : 14:12:44
|
| you can still run phpBB under windows, so yes, any server runing phpbb would be vunerable if their security is not that good. |
|
|
|
taropatch
Average Member
USA
741 Posts |
Posted - 21 December 2004 : 16:57:25
|
Thanks everyone. What a royal pain in the you know what.
Anyway, my webhost is too slow for me to restore so I uploaded my own files. Also took the opportunity to upgrade to 3.4.05. |
|
|
|
PeeWee.Inc
Senior Member
United Kingdom
1893 Posts |
Posted - 21 December 2004 : 18:26:40
|
| Did you back-up the files incase the webhost wants to see whats within them? |
De Priofundus Calmo Ad Te Damine |
|
|
|
taropatch
Average Member
USA
741 Posts |
Posted - 21 December 2004 : 20:39:27
|
quote:
Originally posted by PeeWee.Inc
Did you back-up the files incase the webhost wants to see whats within them?
I did not, but I didn't delete those files either. My webhost removed all the files that had been corrupted (i.e. all asp/php/htm/shtm files overwritten by the worm's own code.) It was at that time that I restored my asp files. The webhost told me that they could try restoring to a backup but it would be much faster for me to do it myself. |
|
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 21 December 2004 : 21:06:47
|
I wonder how it affected snitz....
Supposedly it only infects phpBB... unless your running phpBB also?? |
-Stim |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 21 December 2004 : 21:24:11
|
| Did you not read how the virus work Stim? If a user on his host's server had phpbb, the virus could infect the server through thier phpbb forum and infect ALL asp/php/htm/shtm files. |
Support Snitz Forums
|
|
|
|
taropatch
Average Member
USA
741 Posts |
Posted - 21 December 2004 : 21:24:37
|
I suspect someone on the shared server is running phpbb without the updated fixes which allowed the hacker to execute the worm. This affected everyone on the server including me even though it has nothing to do with snitz.
More info: http://news.zdnet.com/2100-1009_22-5499725.html?tag=nl.e589 |
Edited by - taropatch on 21 December 2004 22:15:29 |
|
|
|
Da_Stimulator
DEV Team Forum Moderator
USA
3373 Posts |
Posted - 21 December 2004 : 23:02:54
|
quote:
The worm only attacks widely used message board software called PHP Bulletin Board. Other than displaying the text message, it does nothing malicious to infected computers, according to antivirus firm Kaspersky Labs.
- http://www.msnbc.msn.com/id/6742668/
I guess that would make this article wrong, taropatch you never mentioned whether or not it affected your db |
-Stim |
|
|
|
Topic |
|
Topic Locked
