Jump to content
Classifieds is broken, please do not submit any new ads ×

Malware Spam Attack 2013-04-19


Admin
 Share

Recommended Posts

  • Replies 41
  • Created
  • Last Reply

Top Posters In This Topic

  • wimg

    5

  • Admin

    1

  • nigelg

    1

  • YeOlCaptain

    2

What a shame you have to devote so much energy to defeating these criminals... but your efforts are greatly appreciated.

 

Russ

first fountain pen: student Sheaffer, 1956

next fountain pen: Montblanc 146 circa 1990

favourite ink: Noodler's Zhivago

favourite pen: Waterman No. 12

most beautiful pen: Conway Stewart 84 red with gold veins, oh goodness gracious

Link to comment
Share on other sites

Thank you so much for all the effort you put into keeping this site running smoothly. Much appreciated!

journaling / tinkering with pens / sailing / photography / software development

Link to comment
Share on other sites

Kudos to the admin team....good work.thumbup.gifclap1.gif

François (Frank) P.

Currently inked: Parker 51/Quink Blue-Black; TWSBI 580 1.1mm/Noodler's Black Swan in Australian Roses.

Link to comment
Share on other sites

If code was injected, are you sure that no personal data (password data in particular) was accessed?

Yes, we are sure.

 

They used a leak which is supposed to be there in order for the software to work properly, but all they can do is execute their own code in standalone mode, nothing else. And that is used to just (try and) send emails. Last time we also stopped sending emails except by our own approved email accounts, so they didn't even manage to send any emails either. Just that we saw a few strange pop-ups, and slowing down of the system. IOW, it wasn't inserted into the database, but into a writable folder.

 

The new version of the board software takes care of these things automatically by adding another layer of security, so we have put an expedited program in place to upgrade asap - two attacks like this in a fairly short period of time is just too much. This does mean that we will lose our nice skins for the time being however, but considering the amount of time it takes to fix the results of these attacks, and the downtime that it brings with it, this is what we now really have to do, we cannot wait any longer.

 

In short, we are working on moving across to a newer version of our board software as fast as we can, and will make some announcements when we are at the point we are sure we can move up safely and as quick as possible - hopefully between now and two weeks, and sooner if we can.

 

HTH, warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever

Link to comment
Share on other sites

Thank you all for your kind words, much appreciated!

 

We are now well on the way with a fast track program to upgrade our software to prevent this things from happening. More announcements to follow.

 

Warmest regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever

Link to comment
Share on other sites

:yikes:

Wow, now I'm glad I didn't have time to log in on Friday (I spent most of the day with my hands in marzipan), then was out of town for the weekend.

Thanks for getting stuff back on line ASAP. Hopefully once the upgrades get done it won't be too long to get the skins back as well (I've gotten very used to looking at mine :rolleyes:).

As to nikoskard's question, I can only think of two possible answers:

1) it was practice for attacking a much more strategic site; or

2) some people are just vandals, the same way those who have nothing better to do than spray-paint graffiti tags (years ago, I was on a trip to Italy with my parents, and my brother, dad and I climbed up into the dome of St. Peter's Basilica in the Vatican, and some guy was writing his name on the wall -- in a CHURCH, no less... :blink:).

Ruth Morrisson aka inkstainedruth

"It's very nice, but frankly, when I signed that list for a P-51, what I had in mind was a fountain pen."

Link to comment
Share on other sites

Man!!! If it's not one thing it's another. Sorry this forum takes so much of your time and energy, but know that it is appreciated. I keep checking for the Iridium donor thing so I can help out.

With the new FPN rules, now I REALLY don't know what to put in my signature.

Link to comment
Share on other sites

Good job on handling the mess admin team. Can't say enough how much the community here appreciates the hard work you guys put in to keep this place awesome!

-Tommy

Pen blog of current inventory

 

Enjoy life, and keep on writing!

-Tommy

Link to comment
Share on other sites

Thanks for a great job !

 

Now, let's hunt them down and kill them.

Auf freiem Grund mit freiem Volke stehn.
Zum Augenblicke dürft ich sagen:
Verweile doch, du bist so schön !

Link to comment
Share on other sites

Man!!! If it's not one thing it's another. Sorry this forum takes so much of your time and energy, but know that it is appreciated. I keep checking for the Iridium donor thing so I can help out.

Hi Sam,

 

I am afraid that will have to wait now until after the board software upgrade, which now is #1 priority. We have everythign at the ready for it, barrign th econfiguration set up. However, with two attacks in about a month and a half, we need to get the board software sorted (read: upgraded) first. And this happens to be a lot of work, unfortunately, in a preparatory sense, and from an execution POV as well.

 

Warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever

Link to comment
Share on other sites

Ok, split off a new malware topic to CF.

 

If you can't find your post here anymore, please check the Community Feedback forum, where we will try to gather as much information as possible.

 

Warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever

Link to comment
Share on other sites

Just to inform that today I have had 2 separate incidents where I click on one of the "Recent Topics" and I am redirected to a porn site. If I go back and click it again I am taken to the proper thread. It seems that some kind of malware remains.

 

Edit: just read the CF thread, and it seems I am not the only one with this.. Hmmm... problem. :blush:

Edited by carlos.q
Link to comment
Share on other sites

Update:

 

We were already convinced of this, but it is confirmed: we are 100% sure now it s not FPN. Apart from the extra checks we did ourselves yesterday, the server hosting admins worked through the night to do more and very extensive server scans and checks, including checking of log files and monitoring traffic from and to FPN. The verdict: We are squeaky clean.

 

Anything linking to a source unexpectedly outside of FPN, is not caused by anything on or from FPN - it appears to be a cacheing and/or DNS replication problem, IOW, completely outside of FPN control.

 

As far as cacheing is concerned, please do clear your caches and temp files, while not being logged in to any site, just a blank browser screen. Once done, close the browser, and start again. Also, assuming you all already use anti-virus programs etc., I'd suggest you start using a firewall program as well if you don't do so already. If you don't, I'd suggest ZoneAlarm, http://www.zonealarm.com, which has two free versions available, one firewall + antivirus, and one firewall only, which are extremely effective and very easy to setup and use - highly recommended.

 

If it still happens after clearing your browser caches and temp files, I am afraid the DNS replication servers in your specific path to FPN are compromised. In such cases, it is best to contact your ISPs about this.

 

HTH, warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever

Link to comment
Share on other sites

This is one of my most favorite places on the internet. I don't understand what happened - but I'm glad you got it fixed.

 

Thanks to everyone for their hard work and dedication!

Fool me once, shame on you.

Fool me twice; damn

There goes that fox again.

Link to comment
Share on other sites

  • 6 months later...
Guest
This topic is now closed to further replies.
 Share








×
×
  • Create New...