- Joined
- Jan 25, 2012
- Location
- North
but if I just type http://paste-and-cut.com.au/ into the address bar on either firefox or chrome I get a white page with NOT FOUND and a link to DELETED.
Not sure if you know about this Razormonsta
- Thread starter eggbert
- Start date
- Status
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
- Joined
- Feb 2, 2011
- Location
- Guildford.nsw.au
No I was not aware, thanks.
Do not go to that site, it's a known malicious one. I am trying to remove it now.
Do not go to that site, it's a known malicious one. I am trying to remove it now.
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
- Joined
- Feb 2, 2011
- Location
- Guildford.nsw.au
I have now removed all malicious files on the site.... some pages may be broken. I have a copy of the files and will be investigating them to see what impact it may have on security.
I will try to replace the scripts from a clean install shortly.
I will try to replace the scripts from a clean install shortly.
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
- Joined
- Feb 2, 2011
- Location
- Guildford.nsw.au
I've actually looked at what they uploaded.....
It looks like they were able to get files onto the server via a buffer overload attack. Checking the logs they were able to run one script which tried to install a spam mailer, but were unsuccessful due to good security practice. The webserver user runs completely without any execute rights so it didn't install properly.
I have also looked at the rest, there was an attempt to grab passwords which was again unsuccessful. I copied the VM to a test network, and ran the scripts as the webserver user. Each attempt failed.
I have pulled down all the files modified after mid-october, and then removed them from the server.
Should be good now guys. There is a security update that vBulletin posted a while back, may have been the attack vector. Will patch things asap.
It looks like they were able to get files onto the server via a buffer overload attack. Checking the logs they were able to run one script which tried to install a spam mailer, but were unsuccessful due to good security practice. The webserver user runs completely without any execute rights so it didn't install properly.
I have also looked at the rest, there was an attempt to grab passwords which was again unsuccessful. I copied the VM to a test network, and ran the scripts as the webserver user. Each attempt failed.
I have pulled down all the files modified after mid-october, and then removed them from the server.
Should be good now guys. There is a security update that vBulletin posted a while back, may have been the attack vector. Will patch things asap.
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
- Joined
- Feb 2, 2011
- Location
- Guildford.nsw.au
Have patched to VB 4.2.2 - there's a few problems with the site but am trying to fix them now
- Joined
- Jan 25, 2012
- Location
- North
Ouch, glad I reported it then.
It was showing up like this a couple of days ago, but I put it down to the fact that I was having to use my phones data connection as my home modem got fried in a lightning strike on Friday night.
I presumed it was a problem but not that the site had been attacked.
/edit Thanks for deleting the link in my original post as it was malicious
It was showing up like this a couple of days ago, but I put it down to the fact that I was having to use my phones data connection as my home modem got fried in a lightning strike on Friday night.
I presumed it was a problem but not that the site had been attacked.
/edit Thanks for deleting the link in my original post as it was malicious
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
- Joined
- Feb 2, 2011
- Location
- Guildford.nsw.au
Yeah, not exactly great..... but we are okay. I have DB copies and backups if we need to restore.
The upgrade to 4.2.2 has broken the theme, and it looks like the place I bought it from is not updating anymore. Only found that out after I had paid my renewal. Paypal dispute lodged. Looks like we will go to a new theme in the next little while..... no ETA on that.
I didn't have access to the administrative back end there for a while either, had to edit a number of files to get it back and running.
The upgrade to 4.2.2 has broken the theme, and it looks like the place I bought it from is not updating anymore. Only found that out after I had paid my renewal. Paypal dispute lodged. Looks like we will go to a new theme in the next little while..... no ETA on that.
I didn't have access to the administrative back end there for a while either, had to edit a number of files to get it back and running.
- Status