Board upgrades Part II, Here we go again. Options

[trackbird]

We are working through another series of board upgrades to correct for security issues and to remove the trafficage link that has been inserted on the board (I'm guessing through one of those exploits). The upgrade is done, but the link is still there and I'm working with the Invision Board staff to get it removed at this time. And I'd like to thank their support people for their time and rapid assistance. Once that is complete, I'll try to get the sponsor banners and such restored to the board in the very near future.

It seems that as we are growing, we have become a more attractive target for these exploits and such. I'm beginning to realign my security concerns in response to this increased activity. Sorry for the difficulties, I hope to have them cleared up shortly.

More information is here:

http://www.frrax.com/rrforum/index.php?showtopic=7156

Thanks for your patience. I'll have it all worked out very soon.

Kevin

[Teutonic Speedra...]

Wow, that's what Marcin was telling me! FRRAX is getting big! (IMG:http://www.frrax.com/rrforum/style_emoticons/default/biggrin.gif)

[trackbird]

Wow, that's what Marcin was telling me! FRRAX is getting big! (IMG:http://www.frrax.com/rrforum/style_emoticons/default/biggrin.gif)

My hunch is that we are starting to show up on Google and such more often, therefore making it easier to find us (for those who are hunting the various board software versions to "hack"). Either way, I'm getting a crash course in upgrades lately.

[RedHardSupra]

google hacking is becoming a whole new discipline. google's api and advanced search features really allow to automatically find sites running exploitable software, and then just unleash your exploits on them. blind scanning for large numbers of hosts is long gone. manual exploitation of each site separately is long gone. the old goals of gaining access to just more boxes for the sake of it is all gone.
now all you got is some hungry/poor/greedy eastern block hackers writing one exploit for one popular version of software, make it into a worm, let it propagate, and insert some traffic generating links and popups to some advertising site to make few cents.

that's what happened in our case i think. of course i don't have shell access to really get in there and look...
the real culprit is badly written software with unsanitized inputs, ripe for insertions. combine it with few bad permissions (courtesy of stupid windows ftp clients that change permissions to world readable/writable/executable so your usual windows idiot, 'scuse me, user, doesn't have problems accessing anything) and you got yourself a goldmine of opportunities.

and now i get to go back and spend another day in the lab hacking some custom servers without any sourcecode...and this is my 'spring break' too! please kill me now...

[firehawkclone]

google hacking is becoming a whole new discipline. google's api and advanced search features really allow to automatically find sites running exploitable software, and then just unleash your exploits on them. blind scanning for large numbers of hosts is long gone. manual exploitation of each site separately is long gone. the old goals of gaining access to just more boxes for the sake of it is all gone.
now all you got is some hungry/poor/greedy eastern block hackers writing one exploit for one popular version of software, make it into a worm, let it propagate, and insert some traffic generating links and popups to some advertising site to make few cents.

that's what happened in our case i think. of course i don't have shell access to really get in there and look...
the real culprit is badly written software with unsanitized inputs, ripe for insertions. combine it with few bad permissions (courtesy of stupid windows ftp clients that change permissions to world readable/writable/executable so your usual windows idiot, 'scuse me, user, doesn't have problems accessing anything) and you got yourself a goldmine of opportunities.

and now i get to go back and spend another day in the lab hacking some custom servers without any sourcecode...and this is my 'spring break' too! please kill me now...

Huh (IMG:http://www.frrax.com/rrforum/style_emoticons/default/huh.gif) ....................... (IMG:http://www.frrax.com/rrforum/style_emoticons/default/laugh.gif)

I'm glad you guy's are here (IMG:http://www.frrax.com/rrforum/style_emoticons/default/rotf.gif)

[CMC #37]

Our banners are gone, okily dokily?

[00 Trans Ram]

google hacking is becoming a whole new discipline. google's api and advanced search features really allow to automatically find sites running exploitable software, and then just unleash your exploits on them. blind scanning for large numbers of hosts is long gone. manual exploitation of each site separately is long gone. the old goals of gaining access to just more boxes for the sake of it is all gone.
now all you got is some hungry/poor/greedy eastern block hackers writing one exploit for one popular version of software, make it into a worm, let it propagate, and insert some traffic generating links and popups to some advertising site to make few cents.

that's what happened in our case i think. of course i don't have shell access to really get in there and look...
the real culprit is badly written software with unsanitized inputs, ripe for insertions. combine it with few bad permissions (courtesy of stupid windows ftp clients that change permissions to world readable/writable/executable so your usual windows idiot, 'scuse me, user, doesn't have problems accessing anything) and you got yourself a goldmine of opportunities.

and now i get to go back and spend another day in the lab hacking some custom servers without any sourcecode...and this is my 'spring break' too! please kill me now...

In English, this translates to, "The bad man is trying to hurt me - help me mommy!"

[trackbird]

Our banners are gone, okily dokily?

I know. We have to fix a few things (which might wipe them out) and then I'll look into getting them back up there.

Edit:

Nevermind, I just put them back up.

[CMC #37]

Ah... the familiar banners reappear! The board is running a lot faster for me this pm too. (IMG:http://www.frrax.com/rrforum/style_emoticons/default/biggrin.gif)

[trackbird]

Ah... the familiar banners reappear! The board is running a lot faster for me this pm too. (IMG:http://www.frrax.com/rrforum/style_emoticons/default/biggrin.gif)

Yea, it's been running well for me all along, but it got slow for a bit here and there. That trafficage.com banner stuff is still there, but it should be leaving soon. I'm waiting to hear back from the software guys about it.

[Jon A]

Thank you! It was so slow it was basically unusable for me since Friday...click on something, switch tabs and surf somewhere else for 10 minutes, check back to see if the page had loaded.... (IMG:http://www.frrax.com/rrforum/style_emoticons/default/sad.gif)

But all better now. (IMG:http://www.frrax.com/rrforum/style_emoticons/default/drink.gif)

[trackbird]

Thank you! It was so slow it was basically unusable for me since Friday...click on something, switch tabs and surf somewhere else for 10 minutes, check back to see if the page had loaded.... (IMG:http://www.frrax.com/rrforum/style_emoticons/default/sad.gif)

But all better now. (IMG:http://www.frrax.com/rrforum/style_emoticons/default/drink.gif)

Oddly, I didn't see it on my work or home machines (and mine didn't slow down at all). However, when I switched to my Linux machine and Mozilla, I saw it trying to load and it really hung up the pages. It appears that hackers found another hole and I didn't know that there was an update available until I went looking (in response to this problem). I've still got a few things to sort out, but it looks like we are back in business and running properly again.

Sorry for the problems. I keep trying to fix them as fast as I can and I'm getting a crash course in this software. I'm getting much better at getting around and getting things (some things) done.

[sgarnett]

BTW, I just discovered that outgoing PMs aren't showing up in the "sent items" like they did before. The PM seemed to be sent successfully, but that hasn't been confirmed yet.

[trackbird]

BTW, I just discovered that outgoing PMs aren't showing up in the "sent items" like they did before. The PM seemed to be sent successfully, but that hasn't been confirmed yet.

Sean, I'll send you a PM (lets test it).

I figured it out. The "Save PM to my sent box" is not defaulting to checked anymore. So, you have to check the box under the PM window to save the copy. I haven't found a way to change the defaults on that one so we may have to live with it.

Did you get my PM?

[sgarnett]

Yes, I got it.