View topic - ...canoetripping.net hacked...

It is currently December 2nd, 2020, 2:10 pm

All times are UTC - 5 hours





Post new topic Reply to topic  [ 20 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: August 15th, 2020, 9:59 am 
Offline
User avatar

Joined: December 29th, 2002, 7:00 pm
Posts: 6242
Location: Bancroft, Ontario Canada
...getting a hack by XXX page and a click OK popup... needless to say not clicking on anything there.

May be nothing, who knows, not taking the chance on viruses, malware, etc. Will run antivirus now.

_________________
><((((º>


Top
 Profile  
 
PostPosted: August 15th, 2020, 10:17 am 
Offline
User avatar

Joined: December 29th, 2002, 7:00 pm
Posts: 6242
Location: Bancroft, Ontario Canada
Enhanced security setting in chrome shows no warnings or blocking... no warnings or exclusions with antivirus running. Will check entire system now.

_________________
><((((º>


Top
 Profile  
 
PostPosted: August 15th, 2020, 12:17 pm 
Offline
User avatar

Joined: December 29th, 2002, 7:00 pm
Posts: 6242
Location: Bancroft, Ontario Canada
No infected files found after a complete system scan.

_________________
><((((º>


Top
 Profile  
 
PostPosted: August 15th, 2020, 1:01 pm 
Offline
User avatar

Joined: June 20th, 2001, 7:00 pm
Posts: 3602
Location: Toronto, Ontario Canada
Looks like somebody is working on bringing it back or at least someone has taken the site offline temporarily as the hacker page is not showing anymore.

FYI, it started around 4:30 (eastern) this morning. Seems a new exploit for vBulletin was found recently that bypasses a patch from a previous exploit. From what I'm reading it's not likely very dangerous but could reveal user info which on the canoetripping site would not reveal much other than a few email addresses and possibly passwords.

If you follow best practices and use a unique password there then it's no big deal. I presume Doug has backups so the site can be restored fairly easily.

_________________
"What else could I do? I had no trade so I became a peddler" - Lazarus Greenberg 1915


Top
 Profile  
 
PostPosted: August 15th, 2020, 2:17 pm 
Offline
User avatar

Joined: December 19th, 2006, 8:47 pm
Posts: 9062
Location: Rattlesnake Pond ME
Doug's IT guy is working on it. I noticed around 7 am and emailed him. His IT guy got right on it but I don't know how long the fix will take.


Top
 Profile  
 
PostPosted: August 15th, 2020, 10:49 pm 
Offline
User avatar

Joined: December 21st, 2007, 2:45 am
Posts: 204
Location: Connecticut, USA
Maybe the gun thread blew the site away.


Top
 Profile  
 
PostPosted: August 16th, 2020, 7:23 am 
Offline
User avatar

Joined: December 19th, 2006, 8:47 pm
Posts: 9062
Location: Rattlesnake Pond ME
Glenn MacGrady wrote:
Maybe the gun thread blew the site away.

no.. Some weirdo named Rey.. Hi Rey! The gun thread I mostly missed but it was civil. Wish we could all be that civil. Civility is rare these days on line.

Rey still has control. It is malware and hopefully everyone has virus protection.


Top
 Profile  
 
PostPosted: August 16th, 2020, 8:32 am 
Offline
User avatar

Joined: August 8th, 2017, 9:14 am
Posts: 910
I do internet / datacenter security in my day job - if canoetripping and/or this site want free advice I'd be happy to help. You know where to find me ...


Top
 Profile  
 
PostPosted: August 16th, 2020, 9:23 am 
Offline
User avatar

Joined: December 29th, 2002, 7:00 pm
Posts: 6242
Location: Bancroft, Ontario Canada
The thought that the locked gun thread resulted in some form of retaliation in a cyber attack also crossed my mind.... I didn't have time to read through it and was looking forward to maybe learning something since in my geezer days there's still the opportunity to thin out the explosion in deer numbers here.

_________________
><((((º>


Top
 Profile  
 
PostPosted: August 18th, 2020, 12:10 am 
Offline
User avatar

Joined: June 20th, 2001, 7:00 pm
Posts: 3602
Location: Toronto, Ontario Canada
For anyone interested you can get some details of the hack here:

https://www.helpnetsecurity.com/2020/08 ... 019-16759/

_________________
"What else could I do? I had no trade so I became a peddler" - Lazarus Greenberg 1915


Top
 Profile  
 
PostPosted: August 18th, 2020, 7:58 am 
Offline
User avatar

Joined: December 19th, 2006, 8:47 pm
Posts: 9062
Location: Rattlesnake Pond ME
recped wrote:
For anyone interested you can get some details of the hack here:

https://www.helpnetsecurity.com/2020/08 ... 019-16759/

Foreign language to me.. I will relay to Doug. FB is handy sometimes.


Top
 Profile  
 
PostPosted: August 18th, 2020, 9:03 am 
Offline

Joined: June 28th, 2001, 7:00 pm
Posts: 1825
Location: Freeland, Maryland USA
Doug’s IT guy may be working fixing on more than just the hack.

The last V-bulletin “update” left some things askew, issues with Private Messages and relatively recent posts displaying “Invalid parameter 0” or somesuch.


Top
 Profile  
 
PostPosted: August 18th, 2020, 4:41 pm 
Offline
User avatar

Joined: August 8th, 2017, 9:14 am
Posts: 910
From the linked details on the attack it looks like that other site uses software called "vBulletin" which has had a known vulnerability for some time now but was not patched by the site admins, and someone used the know vulnerability to hack in.

Regular patching is a PITA but it is important to do!


Top
 Profile  
 
PostPosted: August 18th, 2020, 5:28 pm 
Offline
User avatar

Joined: December 19th, 2006, 8:47 pm
Posts: 9062
Location: Rattlesnake Pond ME
Prospector16 wrote:
From the linked details on the attack it looks like that other site uses software called "vBulletin" which has had a known vulnerability for some time now but was not patched by the site admins, and someone used the know vulnerability to hack in.

Regular patching is a PITA but it is important to do!


" That other site" is maintained by a volunteer. It is ad free. Admins? :rofl: take the s away and the admin has a day job. So does the IT guy. I do not blame either.

It is probably the best site for canoe repair modify and build info around anywhere and it is missed. When it can come back I will be donating and I suspect many others who find it valuable will also.


Top
 Profile  
 
PostPosted: August 18th, 2020, 8:49 pm 
Offline
User avatar

Joined: June 20th, 2001, 7:00 pm
Posts: 3602
Location: Toronto, Ontario Canada
Well I dug a bit deeper, vBulletin issued a patch for this a few months ago, I'd bet doug did install that patch. Last week somebody revealed an exploit in that patch without informing vBulletin in advance who had to scamble to get a new patch to release.

The kids went crazy on this exploit and some sites got caught before the new patch was released and installed. To complicate things for Canoetripping is that Doug was off paddling last week when this all happened, he posted Sunday night that he just got home and was going to sleep, it was about 4 hours later the site got hacked.

vBulletin is the most popular forum software on all the hacker sites so the script kiddies are very familiar with it.

_________________
"What else could I do? I had no trade so I became a peddler" - Lazarus Greenberg 1915


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 20 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: Dumoine and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group