29 June 2017, 00:36:00 *

Login with username, password and session length
Welcome to War and Tactics!    War and Tactics Forum has been heavily streamlined to help you find your place of interest faster. Hope you like it!
   
  Home   Forum   Help ! Forum Rules ! Search Calendar Donations Login Register Chat  
Pages: [1]   Go Down
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on Yahoo
Author Topic: WaT hacked and defaced  (Read 3476 times)
TechAdmin
Administrator

*

Offline Offline

Germany

Location: Planet Earth - sometimes...
Posts: 1000




View Profile WWW
« on: 5 March 2012, 22:04:34 »
ReplyReply

On FEB 19th, WaT was hacked (the details are not clear yet but it looks the PW of user "admin" got cracked) and defaced, for some (short) time everybody coming here saw this instead of what you all know:



Thanks to our great host nobody ever realized, not even me (as I only tody connected to my email since 3 weeks), as they restored the original forum straight from their last backup which was only 4 hours old.

Again, hats off to those guys, where would we be without them!  hatsoff

The hack itself is not clear yet (I am waiting for their log details) but I assume it was done by data base injection after cracking the PW of user "admin" (this user name actually, I have said it before, is a NO-NO as it is the first name any hacker will try out), no action required atm by anybody until I have confrimation on what happened exactly.

Will keep you updated,

TA

Logged



"Smile, tomorrow will be worse!"  Murphy
TechAdmin
Administrator

*

Offline Offline

Germany

Location: Planet Earth - sometimes...
Posts: 1000




View Profile WWW
« Reply #1 on: 5 March 2012, 22:17:04 »
ReplyReply

addendum:

The hacker/defacer is well known, here a few links so you guys can see what trouble hostsuar (our host) saved us from:

He himself notified about his hack on 20/2/12 here:

http://www.zone-h.org/archive/notifier=SouTHRaNDA/page=7

http://www.simplemachines.org/community/index.php?topic=464098.0

There is a video of a band "A$G" (you cannot google them because of the "$" character, I will get around this when I find the time) who has a song called "SouthRanda", maybe a hint:

The message the hacker left (which I had assumed to be a code) is most probably the same language the band sings in (Rumanian?) or derived from it:

A.$.G - South Randa


TA
Logged



"Smile, tomorrow will be worse!"  Murphy
stoffel
WaT supporter
WaT Supporter

*

Offline Offline

Netherlands

Location: Eemnes The Netherlands
Posts: 1815


View Profile WWW
« Reply #2 on: 6 March 2012, 10:23:20 »
ReplyReply

 Kwaad So are we safe again?
Didi the one responsible changed his pasword?
Logged

My topics are about my personal opinion, my thoughts and what I think. They do not reflect the official opinion of the ministry of defense of the Netherlands.
Mad_Russian
Captain
***

Offline Offline

United States

Posts: 1321



Co-founder of WaT


View Profile
« Reply #3 on: 6 March 2012, 22:16:13 »
ReplyReply

Good job.

I would guess that if they went after any password they could crack them. Of course the more convoluted the password the safer it is.

In any case the security we have for the site seems to have done exactly what we wanted it to.

Thanks for everything you guys do to keep the site safe.

Good Hunting.

MR
Logged
TechAdmin
Administrator

*

Offline Offline

Germany

Location: Planet Earth - sometimes...
Posts: 1000




View Profile WWW
« Reply #4 on: 6 March 2012, 22:35:46 »
ReplyReply

Good job.

By our host, we staff (myself, especially) failed big time, hasd not brought SMF up to speed fast enough and had not pressured *good* PWs enough...

I would guess that if they went after any password they could crack them. Of course the more convoluted the password the safer it is.

While right with the latter, I think we stil suck (and I  mean *suck*, capitally) with the first: You cannot, as average hacker - not talking FBI, NSA or affiliates - crack a good PW "just like that".

Problem is that even I can crack 50% of the passwords on our site without much effort, want to  know how many members have "password" as password? 3 of 200..., says it all. I also tripped in my tests over 31 (of 260 overall tested) PWs that use their user name in reverse as PW, how not to find out in 0.1 sec for a hacker? (First try: "username"/"password" in all combinations, 2nd try all usernames visible with "password" as PW in all combinations, third try visible usernames with "reverse username" as PW, takes less than a seccond to try out with 200 members...)

OTOH, hacking them simple members is not the prob, hacking a member with admin rights, is, and truly so: With admin rights you have access to the database, i.e. all emails of all members (and it seems this table has been dl-ed on other sites by the same hacker, though our logs dont show anything in this respect, assuming for the moment that we were saved by the inherent sec features we have been building up over the years). Problem is that there is almost always a user with the username "admin" on forums, as that is the standard first UN handed out, and hence also the first target try for hackers, 99% success rate...

In any case the security we have for the site seems to have done exactly what we wanted it to.


It did, but it was not *our* security but *the hosts* ones.

Again (I know I am repeating myself for the umptieht time and tiring everybody, talking to a wall here, but these thing *are* important and will be *more important as we advance in time), while we ppl here try our best, this time the praise is only and all owed to our host (hostsuar.com), we staff ppl missed the attack and any responses completely, had they not alerted us we wouldnt even know about the hack. *They* caught it, and *they* fixed it, myself I was only aware of the attack 10 days later (as you all know I am not around here as often anymore). My personal belief is that only less than 1% of hosts available on the net will do that.

Thanks for everything you guys do to keep the site safe.

Good Hunting.

MR


We try (e.g. by finding an excellent host), but also every pecuniary contribution should help, these guys cost (not much, less for what especially *they* are doing for us, but in the end it has to be paid somehow, talking some 200+ Euros a year here), any contributions welcome: See "Support  WaT" on the front page.

Personally, I think all money we spent so far has proved to be the right investment (I know that ppl here feel that we should have an English speaking host, but the way they treat us I have never seen with any host before, whatever language, and they understand enough English to be of more help than any US firm I know).

As far as the pure tech data goes, PMs are on the way, we have the whole thing deciphered by now.

Kwaad So are we safe again?
Didi the one responsible changed his pasword?


No, and No, PMs on the way to deal with the Lessons Learned.

Kind regards,

TA
Logged



"Smile, tomorrow will be worse!"  Murphy
stoffel
WaT supporter
WaT Supporter

*

Offline Offline

Netherlands

Location: Eemnes The Netherlands
Posts: 1815


View Profile WWW
« Reply #5 on: 7 March 2012, 13:39:47 »
ReplyReply

Ok,

So my basic understanding is that we should write a mail to all members to change their passwords if they havent got a 'safe' one.
We have to delete the admin account and change it into somthing less recognizable.

Using a pasword like I did with the use of small and big letters and all other items on the keyboard in a very unrecognizable pattern should make it far more difficult.
Logged

My topics are about my personal opinion, my thoughts and what I think. They do not reflect the official opinion of the ministry of defense of the Netherlands.
Pages: [1]   Go Up
  Print  
 
Jump to:  

Unique Hits: 16514172 | Sitemap
Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
TinyPortal v0.9.8 © Bloc
Valid XHTML 1.0! Valid CSS!


Google visited last this page 10 June 2017, 13:47:27