Topic: Hack attack - officially back up
Started by: Clinton R. Nixon
Started on: 3/10/2005
Board: Site Discussion
On 3/10/2005 at 6:53pm, Clinton R. Nixon wrote:
Hack attack - officially back up
We're officially back up from our hack attack. The explanation:
When searching on the version of phpBB that was running, the highlight= field in the URL allowed you to run code on the webserver. If you put, for example:
http://www.indie-rpgs.com/index.php...arrativist+poop
you'd highlight the words 'narrativist' and 'poop'. If you put:
http://www.indie-rpgs.com/index.php?viewtopic=4567&highlight=system("cd ~/indie-rpgs.com && rm -rf *")
you'd delete the entire Forge site. (Note - that string had to be encoded using ASCII codes, but you get the idea.)
This hacker didn't do that. He used the exploit to download several Perl scripts that allowed him to get remote password-less access to the actual server. Using that, he read the database passwords, logged into the DB, deleted the posts and configuration for the Forge, and then deleted all my DB backups.
---
So, that's that. Thanks to the awesome guys at Dreamhost who helped me out with this. We only lost 8 hours of posts, on a Sunday, which is normally a slow posting day.
Forge Reference Links:
Topic 4567
On 3/10/2005 at 6:56pm, Ron Edwards wrote:
RE: Hack attack - officially back up
Hello,
Welcome back, everyone. I'd like to ask that you take the time to consider why you post here, and what you plan to contribute to others' mutual understanding, from now on.
Best,
Ron
On 3/10/2005 at 7:10pm, Miskatonic wrote:
RE: Hack attack - officially back up
"Dreamhost" indeed. That sounds like an otherwise very dead Forge.
Thanks for all the hard work.