What was the cause of the redirects?

  • (4 Pages)
  • +
  • 1
  • 2
  • 3
  • 4

54 Replies - 10152 Views - Last Post: 13 August 2012 - 10:11 AM

#16 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3172
  • View blog
  • Posts: 9,610
  • Joined: 05-May 12

Re: What was the cause of the redirects?

Posted 01 August 2012 - 02:39 PM

Probably not everything is protected with prepared statements. Some of us succumb to that temptation of "I'll just do a string concat here. It's a low risk area." Low risk until somebody finds an exploit.

I was reading about an old IPBoard exploit that uses a SQL injection attack, but the attack only works in the setup mode of IPBoard. In IPBoard's shoes, that bug would probably be a lower priority since it's only the admin who should have access at setup time. The board should not be public yet at that time. But the mere fact that such an attack was possible means that not all the code uses prepared statements.

If a few months later somebody goes, "hey that code does exactly what I need, I'll just call it from the public facing part of IPBoard". Unless somebody does a code review of not only the new code the calls the function, and reviews the old function as well, the a public vulnerability has just been opened up. Some code reviewers don't bother looking at the old function because "It's been shipping for years. It must be okay to use it."
Was This Post Helpful? 2
  • +
  • -

#17 Dogstopper  Icon User is offline

  • The Ninjaducky
  • member icon



Reputation: 2858
  • View blog
  • Posts: 10,963
  • Joined: 15-July 08

Re: What was the cause of the redirects?

Posted 01 August 2012 - 02:39 PM

View PostDuckington, on 01 August 2012 - 05:25 PM, said:

View PostDogstopper, on 01 August 2012 - 09:18 PM, said:

It appears that we had a malicious malcontent who though it'd be funny to hack our site. I do believe it was a SQL injection even through IPB and with PreparedStatements. When I tlaked to Chris, he said the server guys found the problem, so whatever it was, let's hope we don't get it again.

However, we lost most, if not all of today's posts.



I thought the whole point of prepared statements was that they seperated the instructions from the data, making it impossible to inject anything....


I know that's the point. But what I'm saying is that somehow it happened. Not sure on the details.
Was This Post Helpful? 0
  • +
  • -

#18 Mossypne  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 7
  • View blog
  • Posts: 133
  • Joined: 18-August 10

Re: What was the cause of the redirects?

Posted 01 August 2012 - 02:39 PM

View PostMossypne, on 01 August 2012 - 02:35 PM, said:

Do a scan guys. I only redirected nothing loaded or anything but i've ran Malware Bytes and got 1 detected Item. It's still mid scan so i'm not sure if it's this yet but just in case.



Wasn't anything. Crisis Averted.
Was This Post Helpful? 0
  • +
  • -

#19 smohd  Icon User is offline

  • Critical Section
  • member icon


Reputation: 1752
  • View blog
  • Posts: 4,409
  • Joined: 14-March 10

Re: What was the cause of the redirects?

Posted 01 August 2012 - 02:53 PM

Can we do a "reply joke" to them also?
May be by advising visitors here not to use their tools!!!
Was This Post Helpful? 0
  • +
  • -

#20 Dogstopper  Icon User is offline

  • The Ninjaducky
  • member icon



Reputation: 2858
  • View blog
  • Posts: 10,963
  • Joined: 15-July 08

Re: What was the cause of the redirects?

Posted 01 August 2012 - 02:57 PM

It is a federal crime to hack commercial sites. I hope that whatever happened today is taken care of.
Was This Post Helpful? 3
  • +
  • -

#21 jared.deckard  Icon User is offline

  • New D.I.C Head

Reputation: 18
  • View blog
  • Posts: 46
  • Joined: 11-July 12

Re: What was the cause of the redirects?

Posted 01 August 2012 - 04:08 PM

View Postatraub, on 01 August 2012 - 02:36 PM, said:

Someone, please explain to this young lad...


I personally find it funny, but I meant the exploit seemed like less of a prank and more of a targeted attack.

When I said "they know what they did" I really meant "I'm not sure how they did it" and "WTF, look at this crazy exploit"

Do you think DIC was a vulnerable blip on their radar, or do you think they targeted DIC?
Was This Post Helpful? 0
  • +
  • -

#22 GunnerInc  Icon User is offline

  • "Hurry up and wait"
  • member icon




Reputation: 856
  • View blog
  • Posts: 2,246
  • Joined: 28-March 11

Re: What was the cause of the redirects?

Posted 01 August 2012 - 04:22 PM

A skiddie probably gotten banned because we wouldn't help with his malicious code.
Was This Post Helpful? 0
  • +
  • -

#23 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3172
  • View blog
  • Posts: 9,610
  • Joined: 05-May 12

Re: What was the cause of the redirects?

Posted 01 August 2012 - 05:19 PM

Looks like he ran his script again. Is there an IPBoard hot patch that can be applied?

Or are the server guys playing whack-a-mole and banning IP addresses as they see the attacks happen?
Was This Post Helpful? 0
  • +
  • -

#24 Curtis Rutland  Icon User is online

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4312
  • View blog
  • Posts: 7,467
  • Joined: 08-June 10

Re: What was the cause of the redirects?

Posted 01 August 2012 - 05:43 PM

View PostSkydiver, on 01 August 2012 - 04:39 PM, said:

Probably not everything is protected with prepared statements. Some of us succumb to that temptation of "I'll just do a string concat here. It's a low risk area." Low risk until somebody finds an exploit.


I used to, until I realized that it's literally just as easy (often easier) to always use prepared statements, or an ORM that uses them for you. I haven't written a single SQL statement with string concatenated parameters in something like five years now.
Was This Post Helpful? 2
  • +
  • -

#25 fromTheSprawl  Icon User is offline

  • Monomania
  • member icon

Reputation: 513
  • View blog
  • Posts: 2,055
  • Joined: 28-December 10

Re: What was the cause of the redirects?

Posted 01 August 2012 - 06:19 PM

When I logged in I lost a PM, I never thought someone attacked this site.
I hope this doesn't happen anymore, who knows how much answered questions were lost due to this attack. Lots of stuff seemed to be lost, is there any way to bring them back, or are they deleted?
Was This Post Helpful? 0
  • +
  • -

#26 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 8379
  • View blog
  • Posts: 31,147
  • Joined: 12-June 08

Re: What was the cause of the redirects?

Posted 01 August 2012 - 06:24 PM

Quote

who knows how much answered questions were lost due to this attack


I am certain there is someone who knows..

Spoiler

Was This Post Helpful? 3
  • +
  • -

#27 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1858
  • View blog
  • Posts: 20,275
  • Joined: 17-March 01

Re: What was the cause of the redirects?

Posted 01 August 2012 - 06:32 PM

*
POPULAR

There was a file with incorrect file permissions that was modified using an injection in a vulnerable script. I'm out of town and didn't have access to a computer and just had our server management guys do a full restore while they worked on identifying the vulnerability. It's fixed up now as far as I can tell and they are running full scans on the server to identify and secure any additional issues.
Was This Post Helpful? 14
  • +
  • -

#28 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1858
  • View blog
  • Posts: 20,275
  • Joined: 17-March 01

Re: What was the cause of the redirects?

Posted 01 August 2012 - 09:10 PM

The NOC made some additional adjustments to tighten security on the server, if you notice problems uploading files, or anything of that nature, please let me know.
Was This Post Helpful? 0
  • +
  • -

#29 strawhat89  Icon User is offline

  • The Watcher Outside Your Window


Reputation: 247
  • View blog
  • Posts: 1,795
  • Joined: 11-July 11

Re: What was the cause of the redirects?

Posted 01 August 2012 - 09:44 PM

I seem to have lost 2 rep points I got yesterday. Just letting you know.

Wow and also 20 posts!

This post has been edited by strawhat89: 01 August 2012 - 09:47 PM

Was This Post Helpful? 1
  • +
  • -

#30 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 8379
  • View blog
  • Posts: 31,147
  • Joined: 12-June 08

Re: What was the cause of the redirects?

Posted 01 August 2012 - 10:10 PM

That's bound to happen with a roll back. Don't worry - be happy.
Was This Post Helpful? 3
  • +
  • -

  • (4 Pages)
  • +
  • 1
  • 2
  • 3
  • 4