Tweaknews hacked!

[[TN] Nathan]

As you probably very well know now, we had someone gain access to an old admin account and have a little fun on Tweaknews.

This was due to a vital flaw in PHPBB that was unnoticed to today.

Forum has again been upgraded and all holes have been patched up and hopefully this moron can leave us alone so we can help people.
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[Google]

[JayDubya]

Wow, he must be some awesome hacker to find a flaw in script. Its good to hear that all is fixed now. Back to helping others
_________________
JayDubya aka JW Jay JD ^> ﺵ

[[TN] Nathan]

There are two situtations.

1.) He hacked into the computer of a formaer admin and gained access through that.
2.) Took advantage of a small flaw in the recent upgrade we did to Tweaknews.

Either way, they are both gone.
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[Silicon Skum]

My guess is that he used an OLD pearl script to hack the BB, Something similar existed (exists ?) in UBB.

Prize LAMER if ever I saw one!.

Nate, you got his IP?

§
_________________
my sig disappeared from the image host (?)
But at least I have a Josh Award!

[[TN] Nathan]

Yip, if it is even his IP
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[Silicon Skum]

[smith.p.sean]

i hope the idiot was stupid enough to leave a trail that we can follow. The first thing i see when i get home from school is tn missing tons of posts and nathans name in green and aveno in yellow and i wasnt shure what had happened then i open my mail and get the mail and i started freakin out.... by the way... hey guys how ya been, but more on that in chit chat.

[Hoedizzy]

I hope he used his home ip. Then we could get that little pile.

[Yoshida]

glad to see everything is fixed, you really never think about security until you get hacked, my site got a hacked a few months ago, they didnt damage anything just replaced my index page.

[[TN] Nathan]

Turns out this guy wanted to point out a flaw in our site also.

He wanted to contact the guy I had working on the fix.

He also was a lot better than we initially though, and had more access then we believed.
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[BW]

Thanks for fixing it so promptly Nate.....keep it up!

Stupid kids...
_________________
p4 3.2 @ 3.46, DFI Lanparty Pro875B, CoolerMaster Jet 4 H/S Fan, Thermaltake Silent purepower 480w PSU, 6800gt AGP Vid. card
1024mb pc2700 Kingston 2,2,2.5,6, 200gb seagate ata hdd, Plextor dr700u DL Burner
Sony cd/rw, Win Xp pro, xaser v6000a

[null_set]

What sort of access? And what do you mean, was trying to point out a flaw? As in honest grey-hat "I'm bored, I found a hole, you guys should fix this?"
Or as in he caused damage, and happened to leave a note showing how he got in?
_________________
[ ]
chown -R us ./your_base

[[TN] Nathan]

Kinda a mix of all.

He caused damage and wanted to point out the flaw.
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[Jason]

Glad you got control back quickly!! Now buy some new locks for the doors!!

[[TN] Nathan]

I know, this took me for a loop.
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[smith.p.sean]

so... did we lose that section or will it be able to be replaced?

[[TN] Nathan]

We lost three sections:

Announcements
Tweaknews Website General Talk
General Technical Discussion
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[Jason]

No backups of the db?

2.0.11 from 2.0.10 didn't involve any db changes, so it should work fine... if you have a recent backup.

[[TN] Nathan]

Yea, we do, but it will take some time to extract just the missing sections.

If I reinstate the backup I will lose all the posts created after it .
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[Ham_fisT]

I'm sure we can all be patient while you get this sorted


(as long as it's done by Morning)
_________________
Yeah....... ok

[smith.p.sean]

ok thank goodness. Im going to download the entire tweaknews to my computer too just in case so i can have my own backup incase something like this ever happens again knock on wood.

[2old2care]

Wow....I have a day with the g/f...get HL2...and you guys go get hacked while I'm not here. WTF's up with that....
Well looking at the bright side...I guess the emails from the snotwad woke a few ppl up, that haven't been here for a while.
_________________
.
Liquid-Cooled Q9450 and an EeePC
.

[Xal]

I'm just glad its fixed, If TN went down my life would lose all meaning
Thanks for the prompt repairs Nate
_________________
Phenom II x4 955 @ Stock
Asus M3N78-EM
4gb Corsair XMS2 DDR2 667 @ 800
1gb Powercolor Radeon HD 5850 @ Stock
X-fi Extreme Audio PCI E
Nexus 600W Silent PSU
Nexus Fans
Custom case

[[TN] Nathan]

No problem.
_________________
Owner & Administrator
www.Tweaknews.net
www.Pocketbookpinch.com

[Xal]

Hey Nate, that email came from "nobody@www.ipkonfig.com" I suspect that our hacker buddy is a member there but you probably already knew that. I would guess that its a toss away account anyways.
_________________
Phenom II x4 955 @ Stock
Asus M3N78-EM
4gb Corsair XMS2 DDR2 667 @ 800
1gb Powercolor Radeon HD 5850 @ Stock
X-fi Extreme Audio PCI E
Nexus 600W Silent PSU
Nexus Fans
Custom case