| Author |
Topic |
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
 Posted - 2007-12-04 : 14:11:59
|
For about 30 minutes ago, all pages has a refresh of 0 seconds and are redirected to another site.<meta name="copyright" content="This Forum code is Copyright (C) 2000-02 Michael Anderson, Pierre Gorissen, Huw Reddick and Richard Kinser, Non-Forum Related code is Copyright (C) SQLTeam.com 2007WE ARE LANGSON SECURITY TEAM FROM VIETNAM.YOU SITE HAVE MANY BUG.I TRY CLOSE IT.PLEASE FIX THE BUG AND OPEN AGAIN FOR SECURE.THANK.MYSITE IS www.xxx.yyy <meta http-equiv="Refresh" content="0;url=http://xxx.yyy/zz">">I have removed link text...
E 12°55'05.25"N 56°04'39.16" |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2007-12-04 : 14:13:43
|
DO NOT USE THE REDIRECTED SITE.They want your username and password only...
E 12°55'05.25"N 56°04'39.16" |
 |
|
|
Zoroaster
Aged Yak Warrior
702 Posts |
Posted - 2007-12-04 : 14:24:48
|
It is still doing it, only way to post is to his stop button before redirect.
Future guru in the making. |
|
|
|
Zoroaster
Aged Yak Warrior
702 Posts |
Posted - 2007-12-04 : 14:26:59
|
It's this part that is doing it in the html source: <meta http-equiv="Refresh" content="0;url=http://vietbacschool.com/ls">">
Future guru in the making. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2007-12-04 : 14:32:11
|
| I have notified Bill via two email addresses that I have for him. I know I've got a cell phone number for him, but I've got to locate it first. Once I find it, I'll send him a text message.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/ |
|
|
|
Zoroaster
Aged Yak Warrior
702 Posts |
Posted - 2007-12-04 : 14:33:23
|
Apparently (according to snitz) there are a number of exploits for SNITZ forums in versions prior to 3.4.0.6. Looks like these jokers took advantage of one.
Future guru in the making. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2007-12-04 : 14:34:46
|
| Text message has been sent.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/ |
|
|
|
Zoroaster
Aged Yak Warrior
702 Posts |
Posted - 2007-12-04 : 15:10:39
|
If you use firefox 3.0 (Beta) it has an option in ADVANCED and GENERAL to "Warn me before redirecting to another page", this effectively prevents this hack from working for your session. Just in case anyone wants a workaround until it is fixed.
Future guru in the making. |
|
|
|
Zoroaster
Aged Yak Warrior
702 Posts |
Posted - 2007-12-04 : 15:52:51
|
I just noticed this:Please welcome our newest member: vietnam1. It is likely this was the account they used, not sure if there is any way it can be traced?
Future guru in the making. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2007-12-04 : 16:39:26
|
| Looks like Bill locked his account already.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/ |
|
|
|
Haywood
Posting Yak Master
221 Posts |
Posted - 2007-12-04 : 16:47:02
|
| Looks like they just tried on another large SQL forum site too - Wynkoop's got some 'odd' posts going on in thier forums.If they were really white-hat's they would've patched it and modd'd some of the forums for a while; given you guys a bit of a needed break... ;) |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2007-12-04 : 16:52:19
|
Site ok now!
E 12°55'05.25"N 56°04'39.16" |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2007-12-04 : 16:55:03
|
yup.bill fixed it  _______________________________________________Causing trouble since 1980blog: http://weblogs.sqlteam.com/mladenpSSMS Add-in that does a few things: www.ssmstoolspack.com |
|
|
|
graz
Chief SQLTeam Crack Dealer
4149 Posts |
Posted - 2007-12-04 : 16:55:35
|
| We're back. Give me two seconds and I'll write something up.=================================================Creating tomorrow's legacy systems today. One crisis at a time. |
|
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2007-12-04 : 16:56:03
|
| Think the attack has fulfilled it's objective of getting Bill innundated with calls and emails.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
|
|
|
graz
Chief SQLTeam Crack Dealer
4149 Posts |
Posted - 2007-12-04 : 17:05:40
|
| I should title this something clever like "Anatomy of a Hack". But the real title is "Why Bill took so long to figure this out". :)First, Thanks to Tara for sending me a text message that the site was down. Around December 1st Snitz announced a new security hole. I usually get those emailed to me and get them fixed right away. I'm not sure what happened this time but I didn't get the announcement. The hacker used that to get in and update the database Snitz uses. I don't think anything else on the site or server was compromised -- at least I haven't found anything yet. If SQLTeam suddenly starts redirecting you to pictures of Yaks in compromising positions we'll know I didn't get it cleared out all the way. :)Now the embarrassing part. They updated a table named CONFIG_NEW. That's the new configuration table that Snitz uses. As soon as I saw what was going on I was certain it was in the database. A quick check of the OLD configuration table, CONFIG, showed nothing wrong. Then the wild goose chase started. Finally I circled back around, checked the right configuration table and fixed it very quickly. The account is locked and the hole fixed so I'm not anticipating any problems.My apologies for this. This is the second time that Snitz has been hacked. That's the downside of running a popular piece of software for the forums. It's very easy for hackers to attack it once a hole is found.=================================================Creating tomorrow's legacy systems today. One crisis at a time. |
|
|
|
Van
Constraint Violating Yak Guru
462 Posts |
Posted - 2007-12-04 : 17:15:52
|
| Good job fixing it Graz. I'd cut the pay to Tkizer, Peso, Kristen, and the other regulars here you've hired by 50% for letting this happen. It might not be their fault but at least you can take it out on someone. hehe, jk Good job catching it and letting Graz know. I had also sent him an email.I will admit that I thought maybe I had gotten some spyware or something on my pc here at work from it and being a new contractor at this place I was a bit worried. If anyone needs any ammo, I have some bullets that I've been sweating out. |
|
|
|
graz
Chief SQLTeam Crack Dealer
4149 Posts |
Posted - 2007-12-04 : 17:19:55
|
| Van,I'm not sure what that comment is supposed to mean but I don't appreciate it. The moderators do a thankless job for no pay and I appreciate every minute they can put in. If it's a joke you need a smiley or something to give us a clue. And if it's a joke it's in very poor taste.-Bill=================================================Creating tomorrow's legacy systems today. One crisis at a time. |
|
|
|
Van
Constraint Violating Yak Guru
462 Posts |
Posted - 2007-12-04 : 17:22:16
|
| It's most definitely a joke, I edited it and put a "hehe, jk" in the middle of the first paragraph. I would hope that they knew it was a joke, but if not...sorry. |
|
|
|
graz
Chief SQLTeam Crack Dealer
4149 Posts |
Posted - 2007-12-04 : 17:22:50
|
| I would also like to extend a big thanks to everyone that emailed me. I received too many emails to respond to each one individually but I don't want to say thanks to all of you.-Bill=================================================Creating tomorrow's legacy systems today. One crisis at a time. |
|
|
|
Van
Constraint Violating Yak Guru
462 Posts |
Posted - 2007-12-04 : 17:28:27
|
| You are welcome Bill. |
|
|
|
Next Page
|
Site hacked