Forum attack

[Christophe]

As you probably know le forum was attacked Sunday October 23, 2005 in the afternoon which made navigation impossible on the forum and automatically redirected to porn or affiliate sites.

Here is the current situation (Monday afternoon):

I still do not know what he knows exactly past: specific attack on econologie.com or on the whole ovh server (I am in shared hosting at ovh, that is to say that several dozen sites are hosted on the same machine physical)?

Anyway the "problem" disappeared automatically in the evening. From this observation, I would deduce that it was not a deliberate attack on econology, especially since the site has not (to my knowledge) been "touched" (for the moment).

So I guess it is an attack / virus on the hosting server (OVH) that the OVH admin have solved by themselves ... For now I do not see any other possible explanation. I sent an email requesting an explanation to OVH, I hope to have an answer (and will explain what it is ...)

However, I am sure that the forum is not secure.

We will therefore have to make a decision on the establishment of a new forum. Thank you therefore for answering the survey question above knowing that:

1) "Update this one" (knowing that the official updates stopped in 2003.)
- Advantages: no message and registration will be lost.
- Disadvantage: lack of security since more updates. And the more econology "grows" the more this kind of attacks will be possible

2) "Start over on a brand new forum"of the PhpBB type (like that of oliomobile for example).
- Advantages: security and possible updates.
- Disadvantages: no message or inscriptions of this forum will only be kept. Change of operation for regulars.

My choice would lean for the 2nd possibility knowing that on the 1500 registered with the forum, only a small 50 groin participates actively. This forum could still be accessible for archival consultation.

[SixK]

A while ago, a worm attacked a specific version of phpBB by disfiguring the site. A worm exploiting an invision fault may have entered the forum ?
What was the problem encountered on the forum ? I saw nothing yesterday afternoon.

In general, the worm finds sites attackable by search engines by searching for a version number or a specific channel present on the forum target. I think especially of a chain like this:
Powered by Invision Power Board v1.1 © 2003 IPS, Inc. French Version by IBF French

So first action modify this chain so that the forum cannot be spotted if the worm (if it is a worm) is based on this chain ...

SixK

[Christophe]

1) This chain is copyright I can't remove it (at least easily)

2) For the description of the attack, I just specified it in the message, I advise you to follow what I said (with anti spyware)

3) If it was the exploitation of a flaw pkoi the problem has it disappeared automatically? I made no intervention ...?!?

[Managers]

- to limit the risks on your site files ...

make all your files read-only through the FTP software (by right-clicking after selecting all the files and clicking on 'change attributes' or 'set attributes' and switch to read-only - the number corresponding to the read-only is "444") ...

for the directory attribute, change to "501". Thus it becomes impossible to erase or rewrite on the online files


if you have phpmyadmin save a version of phpmyadmin files by FTP


For your base (site + forum) ... to do every day ... on a personal pc for example ...

if you can manage your database with phpmyadmin
- to save click on "export" + checkbox 'structure' + checkbox 'data' + checkbox 'transmit'
and run ... so you will have a nice little text or php file ... from your base.

- to restore ... well that's all con ... go to the SQL tab next to the 'export' tab and browse and get your backup file then run.

[SixK]

In case of change of Forum for phpBB for example, it is quite simple to migrate the data. Scripts already ready may exist elsewhere.
It would be a shame to lose all the data accumulated over several months ....

Possibly I can give a helping hand for migration, I have already migrated a forum owner to phpBB without too many problems ...

SixK

[A2E]

done for the best Christophe
in one case in another, the faithful that we are will follow you!
only 50 active people out of 1500 registered?
it's unbelievable !!!!

[Former Oceano]

That does not surprise me ! Very often people start reading and then go away and they stay registered. In addition when they see the immense amount of messages posted they are afraid.

Then there are the leeches who are not going to suggest things, give their opinion or their experience and are only there to answer their free questions or expectations.

And then I forgot the bad guys who are forbidden to access, ...

So all that makes registrants for nothing ...

50 active people who invest are better than 200 who do nothing ...

[gegyx]

I am amazed at the number of people who seem not to have been worried by this bp… Given the few interventions in this post, and the multitude of other interventions, as if nothing had happened, where everything had been transparent …
It started early Saturday afternoon, following an attempt to download Christophe and Olivier's patent; boulé each time, with the code; and then reconnecting to the forum, my Mc Afee antivirus signaled me a Trojan horse “sploit.ani”, and prevented me from going further, and this until the evening; I put Ad Aware, then A2 Squared free, then my anti-virus detected nothing more on the computer. I reconnected on the forum tonight.

[yahi]

Hello !
What is reassuring is that everything is back in order in a few hours, even on a Sunday! So if it is the work of the host, it is well done on their part!

it went quickly enough, I saw nothing on my side!

yahi

[Rabbit]

It is true that 50 is not masses ...

For me no problem, whatever the presentation, it's
the content that matters.

Un forum the oliomobile type will have the advantage of having more smillies. This will save me from making links to theirs.
oops. : rolleyes:

Regarding the virus, worms or other creatures I have nothing
note. anyway i'm covered with it and i format my
pc every week. I'm tired of paying for
gauze factories or for prog which give a feeling
security which is not justified.

Small suggestion: is it not possible to leave the forum on
multiple servers? this will limit this type of problem and
will avoid overloading an unfortunate server which does not request it
not so much. The way I think about it ... how do we do 50 for
saturate a server? there is something I don't get. <_