Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Re: TWEETFORUM.COM CURRENTLY BEING HACKED !!- Moderated, Clean ,Web 2.0 Connected
by
darvil
on 27/06/2011, 11:58:52 UTC
Quote from: Vegetta on June 27, 2011, 11:37:02 AM
Quote from: darvil on June 27, 2011, 10:28:50 AM
Quote from: Vegetta on June 27, 2011, 10:09:36 AM
Quote from: darvil on June 27, 2011, 10:05:37 AM
Did you not have backups?  Is everything gone?

I think you just came off a bit strong thats all.  I run some sites myself and I know the work it takes; sometime thankless.  Maybe you took it too personally.  Just relax.

How are you recovering from this right now?  Got your data dumps?

Is the site hosted on a VPS/server ?
I have everything backed up to a flash drive. It's a vps. I won't divulge any more personal information since the hacker is probably reading this thread right now as we speak.

EDIT: I can tell you that the attack was basically a script programming the creation of .core files by the thousands. I have no IDEA how that script got in my server, which is why I think It was a brute force attack on the ftp account, or a leak of information. I knew I was vulnerable so I always kept a backup of all my work in an encrypted flash drive. The core files were basically huge blocks of random chars, generated to slow down/ and eventually max out the forum, till you see what your seeing now.

You sure about that?.. more likely straight through your site.  

Good luck on recovering.  Are you bringing it all back up? Redoing the VPS? checking your webserver logs?

Tighten down your vps Wink
We will bring it back to the 24th but the bots we got running will be set to the 27th. Everything will be back to normal, however we are working on entirely new plugins so that they are optimized for loading times and security oriented.

Attachment disabling isn't anything at all.  There are many other ways to get in.  I assume you're using the latest version of SMF?  Are you using any panel? What OS? linux?  What security software are you running on the server level?  There's alot of diff things you can do.

I might be able to give you a hand or 2 of you need.  Just send me a PM.   Also of course you need some backup plans if you don't have already.

edit: bring it back on the 24th? Next month??