WTF is this goons crap

Status
Not open for further replies.
CJPC said:
Well seems to happened again, got a nice vB error message though, may help you track down the issue:

Parse error: parse error, unexpected '<' in /XXX/includes/functions.php(2080) : eval()'d code on line 1

(guessing its from lotsa custom code, good luck finding it!)

(that sounded evil and devious, but I know how finding a needle in a haystack is, it blows :/)

Not a bug in the forum code proper, it is a result of the crackers lack of knowledge, or sloppy work.
 
I know WHAT"s happening, just not HOW, **YET**.

I have a script that fixes it.

LER
PS: I'm not going to say more in a non-staff forum.
 
damaged said:
Not a bug in the forum code proper, it is a result of the crackers lack of knowledge, or sloppy work.

Well ya, i know, just may help track it down (tho thats more of a general error, could be anywhere by adding in a bogus mark etc...)

Nevermind !
 
I tried getting to the home page earlier and kept getting redirected. Why would anyone want to attack a satellite forum. What a bunch of a**holes.
 
There are some posts that have been corrupted by... (well you know)... If you come across them, please post in this thread the link and we will clean it up.... Also a piece of advice is to set your browser to high security so that when you click on the corrupted thread or post, you are not re-directed to the... (you know) site.
 
Sean Mota said:
There are some posts that have been corrupted by... (well you know)... If you come across them, please post in this thread the link and we will clean it up.... Also a piece of advice is to set your browser to high security so that when you click on the corrupted thread or post, you are not re-directed to the... (you know) site.

It happened earlier when i tried to get the main web page ( http://www.satelliteguys.us/ ). I guess that page is still php, so it was affected a few times as well. But that goon crap is on my proxy's blocked list now.
 
I think we could be all set now (crosses fingers)

There is a bug in the version of vBulletin we are running which is a slightly older version. The "hack" was able to happen because I enabled "show template names" in the forum software setup options a few days ago. This option was turned on so I could easily find portions of code so I could add that code to our new software which I have been working on for the past few weeks.

I am told with this option on a hacker can issue a simple web site url with a few added options on the end to cause the havoc we have been having the past two days.

In addition to turning this option off, I have also been sent a new php file for our software which we can put in place IF this happens again.

The good news is that our server the entire time was very secure, no root kits were installed, no one had root access. Checking out http://www.zone-h.org/en/defacements/filter/filter_defacer=g00ns/ we were very lucky as this hack group has destroyed other sites and servers. This list of their past hacks actually shows how good our security is compaired to other sites.

i consider ourselves VERY lucky, and not only lucky to have been spared the wrath that this group is known for, but also very lucky to have a guy like Larry Rosenman (you know him as LER) who worked like crazy over the past few days restoring our server whenever we were down.

Because of the problems I was going to do the new software upgrade today, however now I am going to keep an eye on the site and see how it goes, if we are redirected again I will apply the PHP patch I was sent.

I am keeping a close eye on this and thank all of you for your patience and understanding. :)
 
Thanks LER and Scott, and the rest of the mods who helped out on this one!! This truly shows how great our staff here is!
 
Pepper said:
so is g00ns-forums.net vulnerable to the same hack? someone should try it and redirect them back here.

We'd end up with thousands of people as pissed off as us coming here thinking that SatGuys hacked their site.

There's nothing a techno-weenie can do that a good old-fashioned firebomb couldn't do better. ;)
 
I would think that if they are smart enough to do what they have already done to many websites then they would be very smart in covering their tracks on not being traced back to any individuals. I would imagine that at least the server they are doing this from would be shut down or be made to shut the site down. I wonder how many registered to read their forums since it wanted people to do so before they could even read anything. I wonder if those people would be in trouble as well.
 
The sheer arrogance of these guys! They claim Constitutional freedom of speech protection for their activities. I don't think the courts will see it that way.

Their right to swing their fist ends where it comes into contact with my nose.
 
Status
Not open for further replies.

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)

Top