UU was hacked last night - help us fix!

rayan said:
Do you remember what the program name was?
Click to expand...

netcraft says you're on Linux/Apache, so whatever happened should be in the server logs. I don't know what your particular setup is - the netblock says godaddy, who I've never used, so I don't know what level of log access you have. If it was a site I was running though, it wouldn't take me long to grep some results. Let me know if I can be any help (I'm a Linux/Unix sysadmin)

SweetWaterBlue said:
I guess everyone in the World is aware now that you also don't ever open email attachments from someone you don't know, or from your silly relatives (at least if they are like mine) who think its fun to send chain-mail attachments to each other loaded with hidden trojans and viruses.
Click to expand...

Unfortunately no, but hey... cleaning up their mess keeps me quite well paid :D
 
My sympathies, too. I had my own forum hacked a couple of years back, a Mysql vulnerability combined with some PHP weakness that really messed it up. Got it back online but took some effort. Good luck.
 
A side note question...

Can anyone tell me why and for what suppose someone would want to hack a site like UU?
What are they looking for?
Is it simply because they can do it, and therefore that is their buzz?
Or are these people just hacking because they are "lacking" a life or what?

Never understood the whole hacker concept. .... thanks, e.lo...
 
E-Lo Roberts said:
A side note question...

Can anyone tell me why and for what suppose someone would want to hack a site like UU?
What are they looking for?
Is it simply because they can do it, and therefore that is their buzz?
Or are these people just hacking because they are "lacking" a life or what?

Never understood the whole hacker concept. .... thanks, e.lo...
Click to expand...
My thoughts exactly.....is there some connection to getting our passwords and then trying to use them on other sites to get access to credit cards etc? If not for money.....why?
 
I would have to guess it's some unpopular kid who gets his kicks off giving viruses to people, they brag about it and everything, I've seen it. A lot of the time they don't want anything other than that, because they're afraid of getting caught if they try to steal money and things of that nature, you can get in big trouble for stealing from people! Why did they choose a harmless ukulele community? I dunno, easier target? Practice?

Either way it is someone who needs to grow up and do something with their life, that much can be easily assumed.
 
E-Lo Roberts said:
A side note question...

Can anyone tell me why and for what suppose someone would want to hack a site like UU?
What are they looking for?
Is it simply because they can do it, and therefore that is their buzz?
Or are these people just hacking because they are "lacking" a life or what?

Never understood the whole hacker concept. .... thanks, e.lo...
Click to expand...

Hmmm... can of worms question. Google for "hacker vs cracker" and you'll get a bunch of resources that will explain to you what a hacker really is. Then read this to get an understanding of the different types of hackers/crackers.

Without seeing any logs or what the site was like when it was hacked, I can't say for sure who or what caused this. It may have been a hack bot, they tend to go after forums...
 
E-Lo Roberts said:
A side note question...

Can anyone tell me why and for what suppose someone would want to hack a site like UU?
What are they looking for?
Is it simply because they can do it, and therefore that is their buzz?
Or are these people just hacking because they are "lacking" a life or what?

Never understood the whole hacker concept. .... thanks, e.lo...
Click to expand...

This specific hack was a malware attack. What the hacker attempted to do was install a script onto certain pages which automatically downloaded malware (spyware) onto a visitors computer. This is why many people said they experienced pop ups and weird downloading screens.

Once these programs are installed on a user's computer, they can be used for a variety from just minor annoyances of popping up advertising on the computer to downright nasty things like installing keystroke recorders to try and gain login info to online banking etc.

The reason why they attacked UU is because we have a pretty decent amount of traffic which means there would be a potentially high install rate of these malware programs if we're getting tens of thousands of visits a day.

It was a very serious issue and it has been dealt with. I can say that the same attack can never be used again on UU. It was done through our adserver which i have completely removed.
 
rayan said:
This specific hack was a malware attack. What the hacker attempted to do was install a script onto certain pages which automatically downloaded malware (spyware) onto a visitors computer. This is why many people said they experienced pop ups and weird downloading screens.

Once these programs are installed on a user's computer, they can be used for a variety from just minor annoyances of popping up advertising on the computer to downright nasty things like installing keystroke recorders to try and gain login info to online banking etc.

The reason why they attacked UU is because we have a pretty decent amount of traffic which means there would be a potentially high install rate of these malware programs if we're getting tens of thousands of visits a day.

It was a very serious issue and it has been dealt with. I can say that the same attack can never be used again on UU. It was done through our adserver which i have completely removed.
Click to expand...

Thanks for the comments everyone. It's a sad state the world has fallen into. The kicker is, these leechers sleep better at night than I do... e.lo
 
Not to alarm anyone, but I just found another fishy file on the server. I deleted it, ran a thorough scanning program to clean out any other malware and changed all our master passwords. It should be all coasts are clear but If you do see anything suspicious though, please report here in this thread. As the mayor of Kauai says, "Together, we can!"
 
Hey just a little while ago I opened the home page to UU and got a warning about malware from my Avira software
this is what it said
Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A4NX1ZTX\ads[1].htm.
Action performed: Deny access
 
Nope IE8, I did not notice that the folder is called IE5, weird! This is a newer PC and I neve had anything but IE8 on it.
 
mrplatypus70 said:
Hey just a little while ago I opened the home page to UU and got a warning about malware from my Avira software
this is what it said
Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A4NX1ZTX\ads[1].htm.
Action performed: Deny access
Click to expand...

Chances are a cookie is trying to fire up a cached version of a possibly infected ads file. Clear temporary internet files, clear cookies for UU and try again :)
 
I recieved the same virus warning and my cookies are cleared nightly. I suppose they were hacked again?
 
When I tried to get on the UU forum this morning it wouldn't work. So after a few tries I tried the main UU. Almost instantly my browser shut down and a new window opened and said that I had all kinds of problems and it was going to fix it. Some of this page looked like my McAfee software. A small pop up came up and ask if I wanted to download this program. I stopped and turned off all the open windows and started a scan through my McAfee software. After it did it's work, which seamed to take for ever, it said it found no problems. I restarted my computer and here I am. I run Vista OS and Fire Fox browser.
 
Thank you everyone for keeping us up to date. Let me tell you guys what we're doing now. Please let us know if you see anything else fishy.

These attacks are all made possible by Godaddy's servers which are NOT secure. We've found a new hosting provider and our migration from Godaddy was started on Friday. It's costing us an arm and a leg but your security is very important to us and we're doing everything we can on our end to keep you guys safe. We should be moved over completely by the end of the week, if not sooner.

Thanks for bearing with us, I know this sucks.

Here's all the info http://blog.sucuri.net/2010/05/continuing-attacks-at-godaddy.html
 
rayan said:
Thank you everyone for keeping us up to date. Let me tell you guys what we're doing now. Please let us know if you see anything else fishy.

These attacks are all made possible by Godaddy's servers which are NOT secure. We've found a new hosting provider and our migration from Godaddy was started on Friday. It's costing us an arm and a leg but your security is very important to us and we're doing everything we can on our end to keep you guys safe. We should be moved over completely by the end of the week, if not sooner.

Thanks for bearing with us, I know this sucks.

Here's all the info http://blog.sucuri.net/2010/05/continuing-attacks-at-godaddy.html
Click to expand...
Yikes! GoDaddy is hosting my site. Is it in danger? It is just a website, with a web store... no forums or ads. I am on a Mac. I had no problem on UU today. How will I know if something is going wrong?
–Lori
 
Lori said:
Yikes! GoDaddy is hosting my site. Is it in danger? It is just a website, with a web store... no forums or ads. I am on a Mac. I had no problem on UU today. How will I know if something is going wrong?
–Lori
Click to expand...

The attacks are caused by a vulnerability in their servers, but it seems to be a php exploit. If you don't have php files, you might not be affected. This was the 3rd time this month we got attacked, we removed our adserver, cleaned all files, changed all passwords. If you haven't been hacked yet, you may be a lucky one.
 
You must log in or register to reply here.

Similar threads

Jerryc41
The Ukulele Magazine Website was Hacked
Replies
7
Views
888
Ukecaster
Ukecaster
A
ukulele-tabs.com was hacked
Replies
4
Views
960
bazmaz
bazmaz
Renaissance-Man
I was noodling on the banjolele today...
Replies
0
Views
78
Renaissance-Man
Renaissance-Man
Ad-LowG
New Uke Day (NUD) TYDE Koa Pocket Uke - It was meant to be!
2
Replies
21
Views
525
richntacoma
richntacoma
Canada Jim
"If I'd known I was gonna live this long, I'd have taken better care of myself." Eubie Blake
Replies
1
Views
112
Canada Jim
Canada Jim
Top Bottom