Page Index Toggle Pages: [1] 2 
Topic Tools
Very Hot Topic (More than 25 Replies) Grrrr - another Server Farm blitzo - (Read 6,138 times)
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Grrrr - another Server Farm blitzo -
Jan 30th, 2013 at 8:57pm
Post Tools
Generic dog-feces redirector stuff, not aimed at anyone. Appears to be fixed.

I propose we feed spammers & hackers to wood-chippers. Cheesy

Did a scan-check

Smiley

  

yabb_clean-2.png ( 48 KB | 81 Downloads )
yabb_clean-2.png

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,737
Location: Los Angeles

YaBB 2.4
Re: Grrrr - another Server Farm blitzo -
Reply #1 - Jan 30th, 2013 at 9:01pm
Post Tools
Well, you got on it rather quickly. Kudos!  Smiley
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,489
Location: Earth

YaBB 2.6.1
Re: Grrrr - another Server Farm blitzo -
Reply #2 - Jan 30th, 2013 at 9:16pm
Post Tools
JonB wrote on Jan 30th, 2013 at 8:57pm:
I propose we feed spammers & hackers to wood-chippers. Cheesy


I gave my woodchipper to my brother-in-law. (But I'm sure we could talk him into loaning it back - assuming he hasn't given it to a neighbor.  Roll Eyes )
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Grrrr - another Server Farm blitzo -
Reply #3 - Feb 1st, 2013 at 2:57pm
Post Tools
"YET AGAIN"  Angry

The last two or three have been virtually identical attacks.  So I'm going to see if I have adequate access to create a 'scripted fix'.  I'm also going to consider other security measures and examine what could be done structurally.  Needless to say, I'll make sure 'we' are not somehow the source of the problem (although I don't expect that will be the case)  Undecided

Thanks to all

Wink

Edited:
Note to Derek Bullock - I have added 'fix update' to my 'to-do list' so the Admin Center should be OK this time.
« Last Edit: Feb 1st, 2013 at 2:59pm by JonB »  

yabb_clean-3.png ( 48 KB | 69 Downloads )
yabb_clean-3.png

I find your lack of faith disturbing.
Back to top
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Grrrr - another Server Farm blitzo -
Reply #4 - Feb 1st, 2013 at 5:14pm
Post Tools
I think we still have a nasty still lurking around. IE goes nuts everytime I go to a new page. Smiley

There are about 3 different links that flash quite quickly in the task bar.
  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Grrrr - another Server Farm blitzo -
Reply #5 - Feb 1st, 2013 at 5:31pm
Post Tools
Quote:
I think we still have a nasty still lurking around. IE goes nuts everytime I go to a new page


A. on this forum?

B. Did you 100% clear your cache??

C. I have not tested with IE - which version?

Thanks
Smiley
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,737
Location: Los Angeles

YaBB 2.4
Re: Grrrr - another Server Farm blitzo -
Reply #6 - Feb 1st, 2013 at 5:40pm
Post Tools
JonB wrote on Feb 1st, 2013 at 2:57pm:
Needless to say, I'll make sure 'we' are not somehow the source of the problem (although I don't expect that will be the case)   Undecided

There's always the possibility that UK2 got hit with the reported malware, which in turn caused the problem here. Even with a really good host that can happen.

I don't know how many people have access to this forum's server, i.e., through ftp, but maybe that's how the malware got in, and became active.

I guess in due time we'll see how soon it happens again, if we get hit again, and how often it will happen.

Just thinking aloud ... rhetorically speaking, could malware get into YaBB's open source project somehow, which in turn could be causing the problem? Just saying; with more than one person working on YaBB's development, I suppose there could be that possibility.

I'm glad you're here to stay on top of it.  Smiley

Edited:
JonB wrote on Feb 1st, 2013 at 5:31pm:
A. on this forum?

Yes, but for me at least, the jumping has ceased.

« Last Edit: Feb 1st, 2013 at 5:41pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Grrrr - another Server Farm blitzo -
Reply #7 - Feb 1st, 2013 at 5:40pm
Post Tools
JonB wrote on Feb 1st, 2013 at 5:31pm:
A. on this forum?

B. Did you 100% clear your cache??

C. I have not tested with IE - which version?


A. Yes

B. Yes.

C. IE 8
  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Grrrr - another Server Farm blitzo -
Reply #8 - Feb 1st, 2013 at 5:48pm
Post Tools
Quote:
There's always the possibility that UK2 got hit with the reported malware


That is very likely the problem.

Quote:
I don't know how many people have access to this forum's server, i.e., through ftp, but maybe that's how the malware got in, and became active.


I know of three or four folks with access. Myself and three of YaBB's core founders.  As we would be the ones to have to fix the problem - quite unlikely, but I can't speak for the others' attention to detail on password security.

Wink

Edited:
And it is also possible we have been re-infected or they have another exploit I have not found... yet 
« Last Edit: Feb 1st, 2013 at 5:53pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,737
Location: Los Angeles

YaBB 2.4
Re: Grrrr - another Server Farm blitzo -
Reply #9 - Feb 1st, 2013 at 5:55pm
Post Tools
I've been there myself with our own very good host, but not for a long time, and it was a DOS attack versus malware. Then again, maybe that's what the malware was doing ... just don't know about how this stuff works.

Bottom line: You got us back up and running!  Smiley

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Grrrr - another Server Farm blitzo -
Reply #10 - Feb 1st, 2013 at 6:11pm
Post Tools
Edited:
or they have another exploit I have not found... yet  


OK I have found the problem and I know why site-scanners did not find it - I'm not sure what it means on a theory level.  Smiley

Hmmmm - time to think...

Angry Shocked Undecided Lips Sealed

Edited:
I guess the good news is that those of us with the access do know how to fix this sh*t... as bill would say 'just sayin'

I am going to put us in Maintenance when I do this next fix - I have to switch to my Linux workstation where I have a clone of this server.  Smiley

[/i]
« Last Edit: Feb 1st, 2013 at 6:20pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,737
Location: Los Angeles

YaBB 2.4
Re: Grrrr - another Server Farm blitzo -
Reply #11 - Feb 1st, 2013 at 6:29pm
Post Tools
JonB wrote on Feb 1st, 2013 at 6:11pm:
I am going to put us in Maintenance when I do this next fix - I have to switch to my Linux workstation where I have a clone of this server. Smiley

Those malware folks had no idea they were messin' with the wrong guy. I mean, they should have at least taken a look at your avatar to see they were going up against YaBB's very own Darth Vader.

I have no sympathy for them. Go to it!  Cheesy

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Grrrr - another Server Farm blitzo -
Reply #12 - Feb 1st, 2013 at 6:46pm
Post Tools
Didn't need the Maintenance...  found a quick way to do it.

I think I will know more after some thinking. (is that redundant?)

It is 'all clear' for now... "I pretty much sorta think/hope"

Smiley
Edited:
@ westwegoman - Please clean your cache again and see if your AV reports anything in IE when using the forum.
« Last Edit: Feb 1st, 2013 at 6:49pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Grrrr - another Server Farm blitzo -
Reply #13 - Feb 1st, 2013 at 6:54pm
Post Tools
JonB wrote on Feb 1st, 2013 at 6:46pm:
@ westwegoman - Please clean your cache again and see if your AV reports anything in IE when using the forum.

All looks normal now. Looks like you got it Smiley
  
Back to top
 
IP Logged
 
Derek Bullock
Ex Member


Re: Grrrr - another Server Farm blitzo -
Reply #14 - Feb 2nd, 2013 at 1:22am
Post Tools
Well done JonB.

Thanks
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools
Bookmarks: del.icio.us Digg Facebook Google Google+ Linked in reddit StumbleUpon Twitter Yahoo