Author Topic: Trojan horse on SoR??  (Read 30554 times)

0 Members and 1 Guest are viewing this topic.

Offline HDL_CinC_Dragon

  • Supreme Robot
  • *****
  • Posts: 1,261
  • Helpful? 5
Re: Trojan horse on SoR??
« Reply #30 on: March 18, 2009, 01:36:41 PM »
Ok, im now checking the source code every time I load a page on SoR. You said the mal links were just appended onto the end right?
United States Marine Corps
Infantry
Returns to society: 2014JAN11

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #31 on: March 18, 2009, 01:51:22 PM »
I use to hack (bad offy) and I know a few ways people could of got in, admin, if you would like me to patch up some flaws in the system I can.

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #32 on: March 18, 2009, 11:28:40 PM »
I had a look at the error logs myself, didn't trust my host . . . believe it or not, the hacker has been trying to break into SoR since mid-January . . . mostly failed bruteforce attempts, the most recent were failed php attacks on the forum (I didn't know they failed at first). It wasn't the forum that was hacked after all.

I haven't figured out how they got in, but I finally found their nasty redirect script. It appears to over rule the default index file on a webserver . . . scary!

Again, if anyone sees the problem come up again, let me know! I think I cleaned it all out, but I'm really not sure. This hacker seems determined . . .

Offline dellagd

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 731
  • Helpful? 5
  • Come to the dark side... We have cookies!
    • Exodus Rocketry
Re: Trojan horse on SoR??
« Reply #33 on: March 19, 2009, 01:47:06 PM »
I have ben on SoR for a while and I havent seen any security pop-ups or anything unusual
I use 2 computers.
2 windows XPs, one running firefox portable addition and another IE 7.
maybe it doesn't happen to my IP for some reason.
Innovation is a product of Failure, which leads to Success.

If I helped, +1 helpful pls

I Won!
3rd place! I'm taking $100

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #34 on: March 19, 2009, 02:12:15 PM »
I have not noticed it either. But I have some javascript disabled for my own protection, and I think that is why most of us do not see it.

Offline want2learnTopic starter

  • Robot Overlord
  • ****
  • Posts: 189
  • Helpful? 4
Re: Trojan horse on SoR??
« Reply #35 on: March 19, 2009, 02:14:38 PM »
I use a couple of computers too: wife's laptop on Vista, kids pc's on Ubuntu and my laptop on DSL.

Never experienced one problem at all with SoR  ;D until the evening before I raised this post  :(

I've got to say Admins done a great job of things, even more so because this isn't his full time job.

Hats off to you admin!
The question that drives me hazy:

Am I, or the others crazy?

Offline dellagd

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 731
  • Helpful? 5
  • Come to the dark side... We have cookies!
    • Exodus Rocketry
Re: Trojan horse on SoR??
« Reply #36 on: March 19, 2009, 06:09:49 PM »
I think you are understateing this site.
this is THE BEST amature robotics site there is by far.
Innovation is a product of Failure, which leads to Success.

If I helped, +1 helpful pls

I Won!
3rd place! I'm taking $100

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #37 on: March 19, 2009, 11:39:27 PM »
 :)

Oh and behind the scenes, Dunk has been helping me secure the SoR site too. Extra props for him.

Offline TrickyNekro

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,208
  • Helpful? 15
  • Hardware and Firmware Designer
    • The Hellinic Robots Portal
Re: Trojan horse on SoR??
« Reply #38 on: March 20, 2009, 02:02:41 AM »
I just don't understand why they would like to hack a robot forum....
It's a noble course after all....

Thanks Admin and Dunk!!!
For whom the interrupts toll...

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #39 on: March 20, 2009, 04:08:03 AM »
I just don't understand why they would like to hack a robot forum....
It's a noble course after all....
I don't think they want to destroy SoR. I just think they want to use any vulnerable server they can to spread their malware. Its probably to their benefit to not make their hack obvious. They hacked SoR like 6 weeks ago, but we didn't know until virus detectors saw it.

Offline dellagd

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 731
  • Helpful? 5
  • Come to the dark side... We have cookies!
    • Exodus Rocketry
Re: Trojan horse on SoR??
« Reply #40 on: March 20, 2009, 06:07:17 AM »
hey,
look at it this way!
SoR is so good now that people want to hack it :P !
Innovation is a product of Failure, which leads to Success.

If I helped, +1 helpful pls

I Won!
3rd place! I'm taking $100

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #41 on: March 20, 2009, 10:51:25 PM »
So you guys have probably noticed me AWOL for a few days . . . I've been trying to deal with this hack like 24/7 for the last few days.

I think I *finally* found the source of the hack. There was a known security flaw with my server control panel since August last year and I didn't patch it. I have 90% confidence that was the problem, and that its now patched.

That doesn't mean there still isn't a backdoor hidden somewhere that I didn't clean out . . . so I'm trying my best to make SoR more secure and to prevent this from happening again. Its my crash course in web security, I guess . . .

Strangely, they never bothered trying to hack my other website that's on the same server . . . I wouldn't have even noticed it as I rarely update it . . .

Lessons I've learned about web security to share with you guys:
- turn off all features on your server that you don't use (CGI, Perl, Ruby, PHP, etc.) as it increases the number of possible hacks
- update and patch your website/server software very often, like once a month or more
- keep an eye out for strange files on your server
- look at your error log occasionally for odd stuff
- block IP addresses in .htaccess that do bad stuff, as shown by your error log
- back up often, with the assumption that you'll have to delete your entire server to clean out a hack
- don't trust your web host to patch/update their own systems

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #42 on: March 23, 2009, 01:56:29 AM »
I figured with all that I learned about defending websites against hacks in the last week, I should at least write up the basics and share.

Some of you already have started your own robotics website, so hopefully you find it useful:
http://www.societyofrobots.com/misc_hackproof.shtml

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #43 on: March 23, 2009, 02:17:26 AM »
thanks for posting that admin, im sure many people who have their own sites will find it helpful and i know i will if i ever start my own site :) props to you 8)
Howdy

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #44 on: March 23, 2009, 04:08:46 PM »
Also check your .htaccess. The .htaccess can change many settings, and can set up holes for hackers to get in. Also always download the newest script from a site if you are using a CMS. They update it for a reason, not just to waste 10 mins of your time to download, and upload.

paulstreats

  • Guest
Re: Trojan horse on SoR??
« Reply #45 on: March 23, 2009, 05:55:40 PM »
Everybody should be aware of the "conficker worm/bot"(a worm that makes you part of a bot net then downloads more software- maybe for controlling/monitoring systems), I heard today that an upgraded version is expected to hit on april the 1st again (it hit last April 1st with a small target list and was controlled before it got out of hand, an upgraded version has already been released around january with a larger list but this might have been a test run for another april fools day run...).

It exploits the communication stack by overflowing it and gets allowed to run automatically without permission and presumably communicate over the net by overflowing the stack and confusing firewalls?. Updates and patches are really the only defence for windows systems.

look it up , it prevents you from downloading common virus removal tools, stops you from accessing process managers, prevents you from using the microsoft upgrade/patch tool and other stuff.

If it wasnt malicious, I'd take my hat off. Microsoft has a removal tool for the first version and they actually offer $250,000 reward for information that leads towards an arrest of the creators - it really has caused that much damage not only in systems but obviously man hours too (not to mention the flaw that it exploits works for all versions of windows including the new windows 7)

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #46 on: March 23, 2009, 06:52:07 PM »
Also back to websites.

People can crash sites if they truly try with no hacking. They run something called DoS or DDoS. Some people also run Bandwidth attack.

DoS: Means Denial of Service, they will ping out your server (with a team of around 100 computers or more) and your server will get so much "traffic" that it will crash.

DDoS: Is the same thing as DoS but more advnaced and faster

Bandwidth attack: Someone will upload a very large image, or get access to a very large page on your site, they will open the page millions of times, this causing your bandwidth to go up, this than makes it so you go over your bandwidth limit, and your site is inactive for a month or whenever your bandwidth resets.


I have been making PHP based sites for a few years, and I know all about these attack, I learned to hack to keep my stuff safe after 3 of my sites got hacked.

paulstreats

  • Guest
Re: Trojan horse on SoR??
« Reply #47 on: March 23, 2009, 07:08:45 PM »
This is also the purpose behind the botnets. If you have a botnet under control, you can use it to purposefully crash systems. Large corporations occasionally get ransom demands from botnets. (pay us $$$$$ or we'll crash your system with our bot net)

Offline householdutensils

  • Full Member
  • ***
  • Posts: 72
  • Helpful? 2
Re: Trojan horse on SoR??
« Reply #48 on: March 23, 2009, 07:16:23 PM »
Stress attacks shouldn't be handled by PHP or any server side scripting language (As in, sss languages you use to deliver pages) 0_0 they should be handled at daemon level. Apache modules for flood protection spring to mind. Obviously this is circumvented by using distributed botnets, however servers are still basically socket applications, so you can always limit the number of incoming connections to a low number if there is suddenly a large amount of stress applied to your boxes (Though this is not really viable on high traffic sites where stress is highly variable).
 
Besides, some of the the most damaging attacks are the sql injections that drop whole databases and xss and malicious code and session hijacking and screwed up folder permissions, or exploits in web applications.

Hell even cryptography comes into play when there are growing databases of md5 hashes for strings so people can reverse the basic md5 encryption used by most php applications by simple searching the the string that marches the hash.
« Last Edit: March 23, 2009, 07:18:11 PM by householdutensils »

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #49 on: March 24, 2009, 12:56:15 PM »
There are many SQL Injections, with them you could get the passwords from the database, but they will need to be cracked using brute force still.

XSS should not be a problem now a days. Our technology knowledge got better so the only way you will have a XSS problem if you are 100% new to programming and make a really bad PHP website (my first PHP website had this problem)

Offline householdutensils

  • Full Member
  • ***
  • Posts: 72
  • Helpful? 2
Re: Trojan horse on SoR??
« Reply #50 on: March 24, 2009, 01:09:24 PM »
Well thats the thing. Since md5 is generally non-reversible (Authentication compares two hashes to determine if they come from the same string) outside of rainbow tables and other extremely complicated cryptography techniques that I'm not familiar with, it should be fairly secure. But the thing is, people have started creating databases of strings that match hash codes so that you can essentially search for a hash code, and provided it has already been added to the database, get back the initial string.

besides, SQL Injections as a method are dangerous, anyone see the xkcd comic about Robert'); DROP TABLE students;?



As for xss well....with complexity invariably comes vulnerability. Even some of the most widely used PHP apps have had xss exploits released for them fairly recently. It might be easy to prevent xss in a small to medium size application, but once things start getting complicated enough, it's easy to open up gaping holes just waiting for someone to dive through. The problems even worse for open source software that freely release their src. That whole, crazy Crash Override Hollywood hacker paradigm really needs to be changed to some dude in trackpants with a terminal addiction to imitation fruit flavored soft drinks, pouring over source code in his bedroom until the dull ache behind the eyes signals time for a power nap.
« Last Edit: March 24, 2009, 01:15:00 PM by householdutensils »

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #51 on: March 24, 2009, 03:03:22 PM »
I love that commic, saw it like a million times. There are some very fast working MD5 crackers, I coded this one a while back (shame on me again) that would check every single letter, number, symbol, depends on what I set it on. Than it would save all the results to a .txt file, so whenever I needed to crack a md5, I could in a matter of minutes, instead of days, months, years other programs take.

Also very big PHP scripts do have XSS problems some times, but if they double check their work they can fix it, and if they do find one, it is very simple to fix, a few lines of code fixes it.

This just shows you no site is safe. When there are hackers and sites (and computer) open for attack, someone will get in, and it might just be a black hat for all you know, and they will sell your users emails, names, addresses. But for us lucky ones, the white hat will get in, and help us fix our site.
« Last Edit: March 24, 2009, 03:05:54 PM by offy »

Offline householdutensils

  • Full Member
  • ***
  • Posts: 72
  • Helpful? 2
Re: Trojan horse on SoR??
« Reply #52 on: March 24, 2009, 03:20:27 PM »
Haha all those comics are GOLD!! I love geek humor :D


Anyway, from my primitive understanding of cryptography, the avalanche effect makes letter by letter calculation completely irrelevant. I mean the 128-bit hash code can encrypt a variable length string, so the only way to get the original string is to completely disassemble the hash and reverse the mod operation processes that are used to create it, and even then, you'd need to know the original string since the algorithm uses integer derivatives of the initial string as constants in the encryption process.

At least, as far as I understand, I'm pretty lacking in this area since I've never really used it in practical application.
« Last Edit: March 24, 2009, 03:32:36 PM by householdutensils »

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #53 on: March 24, 2009, 05:07:57 PM »
Well the best way to secure a website, is do what I do now, double md5. I set it up so a user makes a password. Than it will make an MD5 of it. Than that MD5 gets encrypted to MD5 again, so a hacker will hack the password field of my site, and will get the MD5 of MD5, they will get so confused and mad. It is a great way, but takes longer to code.

The only way to be safe from a hacker, is to learn and hack your own sites over and over making sure there are no flaws. Some people even hire hackers to get into their site, to make sure it is safe.

Offline householdutensils

  • Full Member
  • ***
  • Posts: 72
  • Helpful? 2
Re: Trojan horse on SoR??
« Reply #54 on: March 24, 2009, 05:11:20 PM »
hahahaha that's so awesome xD a hash of a hash of a string :D

Though it shouldn't take longer to code...given that all you need to do to use md5 is md5($string) ;) In fact you could nest it:

md5(md5($string));

« Last Edit: March 24, 2009, 05:13:30 PM by householdutensils »

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #55 on: March 24, 2009, 05:18:26 PM »
Oh, never knew I could nest it, well this is not about coding. I am going to stop getting more off topic.

I think Admin should add some more security to this site. And maybe get someone to try to hack it, and than they fix that flaw so this never happens again. (I am up for the job if needed)(White Hat hacker's rule)

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #56 on: April 07, 2009, 01:44:49 AM »
Good news, sorta. My logs show the hacker trying to hack me again with the same old method. This time its not sticking. I'm pretty sure that my new defenses have effectively blocked him for now, and removed whatever harm he added :)

Offline superchiku

  • Supreme Robot
  • *****
  • Posts: 952
  • Helpful? 5
  • cooll
Re: Trojan horse on SoR??
« Reply #57 on: April 07, 2009, 01:53:30 AM »
hackers . .in sor ?              ? ? ? ?  how come  ???
JAYDEEP ...

IT AND ROBOTICS ENGINEER

"IN THE END IT DOESNT EVEN MATTER"

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #58 on: April 07, 2009, 01:55:07 AM »
yay for admin! although it is kin of sad that there are low lives who sit at home all day trying to do this kind of stuff and for what? to piss off a small community of people who just want to share knowledge? low.
@superchiku, havent you read this thread yet? and because they can and want to piss someone off instead of getting a job.
Howdy

Offline superchiku

  • Supreme Robot
  • *****
  • Posts: 952
  • Helpful? 5
  • cooll
Re: Trojan horse on SoR??
« Reply #59 on: April 07, 2009, 01:59:51 AM »
lol...dont say that,..sum days back i also hacked inside my friends computer connected via local network...jst for fun..but then cracking is really bad....  i tell young enthusiatic ppl not to do such things...but do they listen.. ..
JAYDEEP ...

IT AND ROBOTICS ENGINEER

"IN THE END IT DOESNT EVEN MATTER"