Sorry guys...

Status
Not open for further replies.
Scott I know you probably don't want to hear this, but a couple of years ago my forum got hacked and it turned out that they got the login info from a key logger on my Windowz computer that I finally found with some anti-rootkit software. That rootkit went right by the Symantec Corporate antivirus like it wasn't even there! I was lucky in that nothing was destroyed but it could have been ugly. So if you and your Admin Team are using Windows computers to work on the site, then I'd be looking real hard to see if any of them are infected!

After my episode I made a decision to learn to use Linux for anything that has to be secure because Linux seems to be more secure than Windowz I guess simply because the hackers usually go after the largest target, which is Internet Explorer. So if you're not using Linux already, then I'd be looking to make that move some time in the very near future and if you do, then I suggest look at Ubuntu 12.04 LTS with the Mate Desktop addon.
 
I think that Google only flags website when that site is known to actively try and infect people. In this case, trojanforge is just a discussion group. Why would they want to infect their "friends" ?

It's hard to tell if they're good hackers or bad hackers though... Based on them just pointing out a flaw, you'd learn towards "good". The fact that they say they didn't touch the SQL database would make me skeptical though. The note from last night was signed by "001" and he/she appears to help run trojanforge (can't get any details w/o registering though).

http://www.trojanforge.com/
Master Database v7.x: Uncategorized
Real-time Category: Uncategorized

http://www.hackthissite.org/
Master Database v7.x: Hacking
Real-time Category: Adult Material

http://www.eicar.org/
Master Database v7.x: Computer Security
Real-time Category: Business and Economy

The site shows up as being uncategoriedbut either way I'm blocking it just like I would a hacking site.
 
Here is a picture from last night in case anyone wasn't here during the breach.
satguys.png

I don't get why the guy could of just told an admin there was a hole instead of ruining the site.
 
The TrojanForge logo 32256158.jpg that appeared last night was hosted at a .ru domain, not trojanforge.com. For what it's worth, maybe nothing.
 
Blocking it from what ?

Admin can block an IP address, or an entire IP address block but if these are typical hackers, then they're probably using proxies anyway and you'd probably never be able to block them all. Best thing to do is to make sure that ALL the computers that have access to the site via FTP or through the ACP are clean then change the passwords and or usernames!
 
Man that stinks. Yeah hard to say at this point it could have been someone machine that had a issue due to a 3rd party program that might have installed on it. Or it could be a Ad or something that is running on the site that could have caused the issue.
 
Admin can block an IP address, or an entire IP address block...
riffjim isn't an admin here. I'm just curious and I presume he means blocking it on his PC.
what an incredibly stupid thing for someone to do.
If they truly are only pointing out an issue and did NOTHING else, you could also equate them to telling a person they left their keys in the car and they give the car owner the keys so no one else can do something bad.
Yeah hard to say at this point it could have been someone machine that had a issue due to a 3rd party program that might have installed on it. Or it could be a Ad or something that is running on the site that could have caused the issue.
Scott indicated that it's related to a VBulletin add-in (mod). It's not a user issue.
 
riffjim
If they truly are only pointing out an issue and did NOTHING else, you could also equate them to telling a person they left their keys in the car and they give the car owner the keys so no one else can do something bad.
.

Except this person took the car for a spin....
 
Thank you very much for fixing it and thank you for letting us know what happen.
I thought that I got a virus etc. etc. etc., so I scanned the Pc and it was clean.
I even cleaned the cookie jar, I thought that I might have gotten a bad cookie in the jar.

Thank you again.
 
Sorry...I'm the program manager and security engineer for our enterprise web filters (104 appliances - 120k users) so we categories and filter malicious sites to go along with domain and IP blocking. I also oversee our firewall, web application firewall (WAF), endpoint protection and web application scanning systems. It keeps me busy...

Blocking it from what ?
riffjim isn't an admin here. I'm just curious and I presume he means blocking it on his PC.
 
Here is a picture from last night in case anyone wasn't here during the breach.
satguys.png

I don't get why the guy could of just told an admin there was a hole instead of ruining the site.

Because he's like most hackers..... A fu#%^€¥ a-hole.
 
You have your opinion, I have mine. when you're on no sleep like Scott and Don fixing the mess he created its difficult to agree with his "method" of informing the site. most hackers like to cause chaos. I see nothing good about that. Again, MY opinion if that's ok.....
 
Status
Not open for further replies.

Forums very slow

OTA Forum

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)