SPAM from SR

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,554
Location
USA
WOW SR HAS really gone down the crapper....

Helloy Clocker,
You are accepted in the VIP club of a forum.
For enter in the VIP club use toolbare.
Download VIP user ToolBar v1.3 (http://www.viptoolbar.nm.ru/toolbarvip.exehttp://www.viptoolbar.nm.ru/toolbarvip.exe)



-------------------------------------
Discussion@SR Statistics:
-------------------------------------
Registered Users: 46685
Total Posts: 233988
Busiest Time: 898 users were online on 17th January 2006 - 02:54 PM

-------------------------------------
Handy Links
-------------------------------------
Board Address: http://forums.storagereview.net/index.php
Log In: http://forums.storagereview.net/index.php?act=Login&CODE=00
Lost Password Recovery: http://forums.storagereview.net/index.php?act=Reg&CODE=10

-------------------------------------
How to unsubscribe
-------------------------------------
Visit your email preferences (http://forums.storagereview.net/index.php?act=UserCP&CODE=02) and ensure that the box for 'Send me any updates sent by the board administrator' is unchecked and submit the form
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
Based on posts made by Eugene, they've either been hacked or had their user data otherwise taken without permission.

Good times, I'm sure.
 

LOST6200

Storage is cool
Joined
May 30, 2005
Messages
737
Hellloy, VIP toolbare/? WTF? He probably cereates sonme ivurus light eh spyhillis. ;)
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,916
Location
USA
Ouch, that sucks. Unfortunately crap like that happens from time to time even with the paid products. The previous version of invision board also had similar holes that were exploited. I wonder if eugene was running the latest version of their forum when that happened. As of right now I cannot access their website.
 

iGary

Learning Storage Performance
Joined
Nov 22, 2002
Messages
236
Location
iLand

They've been down for at least a couple of hours solid.

First time I've even bothered taking a look at SR in about a month -- in this case, attempted to take a look. argh.




 

Platform

Learning Storage Performance
Joined
May 10, 2002
Messages
234
Location
Rack 294, Pos. 10

I just checked SR's forum, and I see:

Red Hat Enterprise Linux Test Page

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly....




...sounds like a major cleanup effort underway. :errr:



 

udaman

Wannabe Storage Freak
Joined
Sep 20, 2006
Messages
1,209
Use SR at your own risk?


I just checked SR's forum, and I see:

Red Hat Enterprise Linux Test Page

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly....




...sounds like a major cleanup effort underway. :errr:




Major clean up did not get done in time, and as I mentioned in my post to the B&G, SR (Eugene & sivar) did not do much by merely shutting down the forums for 'maintenance', without timely alerting people that there was a potential dangerous problem (should have been on the front page/home page as soon as they found out something was happening, or at least a redirect to another backup server, with a warning about the malicious comprimising of the SR database).

Well apparently Norton is not utter & complete crap, as implied in the Computer forum here. Sometimes it pays to do every last up to the minute update to OS protection/security software, and keep a backup ;). According to sivar, they've cleaned out the malicious code, locked out anymore attempt exploits to get an Adm level acct., so now it's completely safe to use any browser and visit SR, yes???

See the B&G threads on SR,

and this one in the Computing forum:

.wmf virus on this forum


I'll assume VB does not have similar exploit potential? But then everytime there is an update to the forum software, don't new attacks become a possibility?
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,916
Location
USA
Every forum I've seen has had exploit potential in the past and will likely in the future. I'd be ignorant to think vbulletin is uncrackable or incapable of similar problems. I'd like to believe the developers for VB have done their homework and have actively thought about similar types of attacks and proactivly account for them. The best I can do is apply all the fixes shortly after they are made available (which I've been doing).

As for the problem on SR, I've seen a similar issue on a previous version of invisionboard that I used to host an R/C car website. There was no fix for it because they no longer supported the older version. The exploit was very much the same as the one which occured on SR.

I hope nothing like that ever happens here, but there is always a chance it may. The best I can do is to stay on top of patches, and to keep active backups on hand.
 

Will Rickards

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,012
Location
Here
Website
willrickards.net
SQL injection is difficult to protect against and often overlooked.
It is so easy to write code that uses variables directly in a sql statement. Much more code is required to do it right than not. It is worse with a public database schema like a bulletin board. You've given them the blueprint.
 
Top