YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 
Topic Tools
 
Google says yabbforum.com is an attacking website (Read 3,934 times)
 Feb 14th, 2013 at 4:47pm
There are no actions to perform.  

Homer J. S. 
God Member
*****
Offline
Posts: 1,949
Germany


YaBB 2.5
Google says yabbforum.com is an attacking website
Today when I visited yabbforum.com I got a big red warning saying that this site is listed as an attacking one. This happened never before here. Perhaps the code should be checked?
 
My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.

www.silenthill-forum.de (YaBB 1.3.1 with 150+ mods)
www.retrogamerwelt.de (YaBB 2.5.2)
WWW 87313348  
IP Logged  
 Reply #1 - Feb 14th, 2013 at 4:54pm
There are no actions to perform.  
Derek Bullock 
Ex Member


None
Re: Google says yabbforum.com is an attacking website
More information here - http://www.yabbforum.com/community/YaBB.pl?num=1359579478

It is currently getting fixed Smiley
 
 
IP Logged  
 Reply #2 - Feb 14th, 2013 at 4:55pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online
Posts: 1,876
Earth


YaBB 2.5
Re: Google says yabbforum.com is an attacking website
YaBBForum.com has been attacked by hackers - again - (this is due - as near as I know - to a (probable) security issue with the hosting service). The Problem is not with YaBB's code, it's with crud being added through through the security breach. JonB is working on it as we speak.

This does not affect your forum as it's on a different server - although you're likely to get some scary warnings when you go to your Admin Center.

This is NOT due to any weakness in YaBB software security.
 
WWW  
IP Logged  
 Reply #3 - Feb 14th, 2013 at 5:01pm
There are no actions to perform.  

Homer J. S. 
God Member
*****
Offline
Posts: 1,949
Germany


YaBB 2.5
Re: Google says yabbforum.com is an attacking website
With "the code should be checked" I did not mean the source code but for example the html files of THIS forum. As I once also had the problem that someone included some scripts into one of my index files.
 
My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.

www.silenthill-forum.de (YaBB 1.3.1 with 150+ mods)
www.retrogamerwelt.de (YaBB 2.5.2)
WWW 87313348  
IP Logged  
 Reply #4 - Feb 14th, 2013 at 5:16pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online
Posts: 1,876
Earth


YaBB 2.5
Re: Google says yabbforum.com is an attacking website
From the looks of things, the problem is probably in a hacked javascript or some sort of 'insert', not in the html itself. And it is being looked at. This isn't the first time YaBBForum has been targeted. (And it seems to me it's gotten more frequent as things gotten busier with good things.)
 
WWW  
IP Logged  
 Reply #5 - Feb 14th, 2013 at 5:26pm
There are no actions to perform.  

Homer J. S. 
God Member
*****
Offline
Posts: 1,949
Germany


YaBB 2.5
Re: Google says yabbforum.com is an attacking website
With Firefox I have some points appearing on the top left corner of the forum. Do you also have that? While the site is loading the points increase, like some kind of progress bar. Just mention it 'cause it might help to find the problem.
 
My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.

www.silenthill-forum.de (YaBB 1.3.1 with 150+ mods)
www.retrogamerwelt.de (YaBB 2.5.2)
WWW 87313348  
IP Logged  
 Reply #6 - Feb 14th, 2013 at 5:45pm
There are no actions to perform.  
Derek Bullock 
Ex Member


None
Re: Google says yabbforum.com is an attacking website
Homer J. S. wrote on Feb 14th, 2013 at 5:26pm:
With Firefox I have some points appearing on the top left corner of the forum. Do you also have that? While the site is loading the points increase, like some kind of progress bar. Just mention it 'cause it might help to find the problem.


Have you got a screen shot??
 
 
IP Logged  
 Reply #7 - Feb 14th, 2013 at 5:53pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online
Posts: 1,876
Earth


YaBB 2.5
Re: Google says yabbforum.com is an attacking website
It's crap being loaded from a javascript - I've dropped a note for JonB on it. (You can see the code if you turn have FireFox and FireBug turned on.) It's also raising malformed code flags in MSIE8.
 
WWW  
IP Logged  
 Reply #8 - Feb 14th, 2013 at 6:02pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,638
Land of the Blazing Sun!


None
Re: Google says yabbforum.com is an attacking website
I can say this - I know exactly 'what' is happening (and what files get injections).  Its the same problem, each time - and a reload of the same files is done. "How' it happens is a problem I do not have the tools for, only the host can deal with these issues.  The permissions and ownership of files is correct.  

I have also used a commercial vulnerability analysis of our server (virtual host) - It shows no critical vulnerabilities, and only two medium alerts, one being that we allow clear-text SMTP authentication, and the other is that phpinfo() is allowed.  We got a score of 81 out of 100, where 100 indicates no vulnerabilities whatever.  Almost all the 'low' items are unapplied updates/patches.  That is actually typical of hosting companies - they don't like to update server software, as they often break the hosted sites in doing so.

Thus two possibilities -

A: one of the pw's on an account assigned to our virtual host is compromised - I'm going to request a complete PW reset.

B: the host farm itself has an exploit that is undiscovered and active (JonB thinks 'mebbe itsa this one').

I am going to do as much polite bitching as I can.

Edited:
Those files were literally re-infected about an hour after my last effort.

I actually DL and save all the bad files.  The current crop contains a different URL - so I know its new.

I am just flatly done with this.  I am going to take action irrespective of the potential flack.

Angry

My anger is inexpressible at this point.  Smiley

« Last Edit: Feb 14th, 2013 at 6:27pm by JonB »  
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #9 - Feb 14th, 2013 at 7:37pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Google says yabbforum.com is an attacking website
JonB wrote on Feb 14th, 2013 at 6:02pm:
B: the host farm itself has an exploit that is undiscovered and active (JonB thinks 'mebbe itsa this one').

It seems you're right about this, and it seems Dandello has the same opinion. From what I've been able to see ... forwarding to other sites of the same host ... this is not a problem with YaBB, but a problem with the host. Hopefully it'll be resolved soon once and for all. I feel the pain!

I don't seem to have an attachment option while posting, so I've uploaded the Google report about this onto my own site as you can see below:

...
The photo above is clickable to a larger size for easier reading
.


 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #10 - Feb 14th, 2013 at 9:14pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online
Posts: 1,876
Earth


YaBB 2.5
Re: Google says yabbforum.com is an attacking website
Some of the Boards just don't have attachment turned on. It's not a member/user level issue.
 
WWW  
IP Logged  
 Reply #11 - Feb 15th, 2013 at 5:16pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,638
Land of the Blazing Sun!


None
Re: Google says yabbforum.com is an attacking website
I now understand the exploit fully now and can identify its precursor and how the payload works - flat out dead-on. .  I ACTUALLY SAW it work last night.  It was bizarre, like being in the room with an invisible stranger.  "Hey you! crappity smack off & die - leave my home alone!"   I have done everything that is within my limited powers to plug any inadvertent vulnerabilities.  

Corey and I are watching closely, thinking things through and seeing if we can create some temporary counter-measures in the event JonB has not been able to caulk every leak in the Ship of YaBB.

Wink

Edited:
All we are dealing with is the 'leaky d-i-k-e issue'.  I AM the little Dutch Boy. Smiley

The little Dutch Boy has set us up Google Webmaster tools and requested a review as I have the site clean right now.
Roll Eyes
« Last Edit: Feb 15th, 2013 at 5:44pm by JonB »  
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #12 - Feb 15th, 2013 at 5:53pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Google says yabbforum.com is an attacking website
Way to go!

Smiley
 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #13 - Feb 16th, 2013 at 2:50am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,638
Land of the Blazing Sun!


None
Re: Google says yabbforum.com is an attacking website
touchdown -

...

Wink
 
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #14 - Feb 16th, 2013 at 3:36am
There are no actions to perform.  

freediver 
Senior Member
****
Offline
Posts: 515


None
Re: Google says yabbforum.com is an attacking website
Sophos is detecting "Troj/Iframe-JG" when I visit this site.
 
Founding member of .... I recently upgraded from YaBB 2.2.1 to 2.5 AE to 2.5.2.
WWW  
IP Logged  
Pages: 1 2 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.