WaterWarfare.com Hacked Again!?

Discussion of other water gun websites.
User avatar
isoaker_com
Posts: 458
Joined: Wed Oct 27, 2004 12:00 pm

WaterWarfare.com Hacked Again!?

Post by isoaker_com » Sat Mar 08, 2008 4:08 pm

Despite Ben's valiant efforts thusfar at removing malicious code some spam bot has been inserting into WWc's forums, it seems like the problem continues to return.

Sadly, WWc has been hacked again (same doiop.com link inserted). Not sure if anyone knows how the bot is managing to insert something into the scripts. That said, until that board is patched and security tightened, I do not presently recommend using that site unless you have Ad-Block up and running, verifying that no weird links or scripts are being loaded while browsing that board.

:cool:
:: Leave NO one dry! :: iSoaker.com / iSoaker.net ::

User avatar
Silence
Posts: 3825
Joined: Sun Apr 09, 2006 9:01 pm

Re: WaterWarfare.com Hacked Again!?

Post by Silence » Sat Mar 08, 2008 6:12 pm

Hmm...we could:
1) Just update the forums frequently.
2) Research how the attacks are being made.
3) Experiment ourselves - suspends logins, etc. to see if that's how the crackers are entering.

But all of those sound tedious. :(

NoScript doesn't show any scripts on the site...I'm not sure how AdBlock Plus handles scripts though, since it's in the background much more than NoScript is. Both Firefox extensions do block spammy scripts and ads, though.

User avatar
isoaker_com
Posts: 458
Joined: Wed Oct 27, 2004 12:00 pm

Re: WaterWarfare.com Hacked Again!?

Post by isoaker_com » Sun Mar 16, 2008 2:39 pm

Looks like DX's account on WWc has been compromised. Either that or DX is now calling himself an egyptian hacker on WWc. O_o Granted, might have been done through a funky SQL injection and not actually by accessing DX's account, but it's hard to tell.

:cool:
:: Leave NO one dry! :: iSoaker.com / iSoaker.net ::

User avatar
Silence
Posts: 3825
Joined: Sun Apr 09, 2006 9:01 pm

Re: WaterWarfare.com Hacked Again!?

Post by Silence » Sun Mar 16, 2008 3:25 pm

Look at DX's profile. It says he was last active yesterday at 11:29 PM (EDT), the exact same time he made that post. Somebody definitely got his account.

User avatar
SSCBen
Posts: 6449
Joined: Sat Mar 22, 2003 1:00 pm

Re: WaterWarfare.com Hacked Again!?

Post by SSCBen » Sun Mar 16, 2008 3:47 pm

I assume that this guy injected a new password into the database. The passwords are encrypted, so he couldn't have figured out the password easily.

I've shut the board down at least semi-permanently. I would make an SQL backup, but only the root admin (DX) can do that. I might inject a new password myself to do that...

By the way, the IP address of the offender was 41.235.177.119. I checked here and he didn't register. He had to register at WWC to do the attack however, as I suspected. His username was frankneshtayen.

User avatar
Silence
Posts: 3825
Joined: Sun Apr 09, 2006 9:01 pm

Re: WaterWarfare.com Hacked Again!?

Post by Silence » Sun Mar 16, 2008 6:59 pm

Wow...his IP address really does point to Egypt. You may as well ban any new members with Egypt IPs until we get the matter resolved. Since WWc is so inactive, I doubt we'll get any legit new users until then.

Also, frankneshtayen obviously didn't do the earlier hacks. He just joined, plus his message was neither malicious nor opportunistic.

User avatar
CROC
Posts: 302
Joined: Fri Mar 31, 2006 10:03 pm

Re: WaterWarfare.com Hacked Again!?

Post by CROC » Sun Mar 16, 2008 7:26 pm

The forums are down again. I'm guessing this is due to the recent discovery, right?

Off topic:
Is Extrawater vulnerable to SQL, or is it the old isoaker forum and WWC?
-Croc
It's been a while guys, and its good to be back

User avatar
SSCBen
Posts: 6449
Joined: Sat Mar 22, 2003 1:00 pm

Re: WaterWarfare.com Hacked Again!?

Post by SSCBen » Sun Mar 16, 2008 8:14 pm

SQL is a database language. If your website does not use SQL, there is no reason to be alarmed.

At first I thought the old iSoaker.com forum was prone to SQL injection attacks, but after trying to set my post count to one more to see if I knew how to, I found out that they later updated it to fix the problem. You can break the query on Ikonboard, but you can't put any new query in.

WWC is prone to them in a few spots and I could fix them, but I don't have FTP access. Until then, I will keep the board offline. I might reopen it but with no registrations, but it's not being used by anyone except for hackers, so I thought it would be best to shut it down.
Last edited by SSCBen on Sun Mar 16, 2008 8:20 pm, edited 1 time in total.

User avatar
Silence
Posts: 3825
Joined: Sun Apr 09, 2006 9:01 pm

Re: WaterWarfare.com Hacked Again!?

Post by Silence » Sun Mar 16, 2008 8:44 pm

Extrawater itself isn't vulnerable. IPB 1.3, which InvisionFree runs, does use databases, but it likely isn't vulnerable. I'm fairly sure IPS must have plugged in the holes by the time they were done with v1.

User avatar
CROC
Posts: 302
Joined: Fri Mar 31, 2006 10:03 pm

Re: WaterWarfare.com Hacked Again!?

Post by CROC » Sun Mar 16, 2008 9:54 pm

What I meant was:

Is the forum vulnerable to an SQL injection like at WWC?
-Croc
It's been a while guys, and its good to be back

User avatar
Silence
Posts: 3825
Joined: Sun Apr 09, 2006 9:01 pm

Re: WaterWarfare.com Hacked Again!?

Post by Silence » Sun Mar 16, 2008 10:36 pm

Your forums are hosted by InvisionFree, which uses IPB 1.3. As I said, I don't know for sure, but I'm guessing there aren't any big holes where they forgot to filter out malicious code from input. If you want a solid answer, then no, your forums aren't vulnerable.

User avatar
SSCBen
Posts: 6449
Joined: Sat Mar 22, 2003 1:00 pm

Re: WaterWarfare.com Hacked Again!?

Post by SSCBen » Sun Mar 16, 2008 10:58 pm

Here's another weird twist: someone tried to recover my password. I'd post the IP address, but the person was using a proxy and it wouldn't help. I'm trying to log into the admin CP, but it appears they did something to change my password now. I will have to use the security flaws in IPB to continue now. If anyone (Adrian) has access, please check this out.

Edit: Okay, I've reset my password and I'm back now. I do not know what else happened at WWC while I was gone. I've disabled registration now as another precaution.
Last edited by SSCBen on Sun Mar 16, 2008 11:05 pm, edited 1 time in total.

User avatar
Silence
Posts: 3825
Joined: Sun Apr 09, 2006 9:01 pm

Re: WaterWarfare.com Hacked Again!?

Post by Silence » Mon Mar 17, 2008 12:29 am

Check poly's profile...I can't get the IP address (or anything else, for that matter) unless it's from a post. Funny...3 registrations in as many days for a very inactive site.

User avatar
SSCBen
Posts: 6449
Joined: Sat Mar 22, 2003 1:00 pm

Re: WaterWarfare.com Hacked Again!?

Post by SSCBen » Mon Mar 17, 2008 1:02 am

I already did. He seems legit. At this point, there's nothing else we can do to prevent hack attacks. You can only log in if you're an administrator. You can register, but I have to check it over. Hopefully this will deter the hack attacks.

The entire thing is weird. I'm wondering if WWC was posted on some hacker board and they wanted to deface it or something. Luckily we had some protections in place at that time.

User avatar
CROC
Posts: 302
Joined: Fri Mar 31, 2006 10:03 pm

Re: WaterWarfare.com Hacked Again!?

Post by CROC » Mon Mar 17, 2008 4:36 pm

I found an SQL injection prevention thing. If you understand it, it might help the forums at WWC
http://www.tizag.com/mysqlTutorial/mysq ... ection.php
-Croc
It's been a while guys, and its good to be back

Locked