Author Topic: Trojan horse on SoR??  (Read 30040 times)

0 Members and 1 Guest are viewing this topic.

Offline pomprocker

  • Supreme Robot
  • *****
  • Posts: 1,431
  • Helpful? 16
  • Sorry miss, I was giving myself an oil-job.
    • Nerdcore - Programming, Electronics, Mechanics
Re: Trojan horse on SoR??
« Reply #90 on: April 20, 2009, 11:07:31 AM »
I think this is cross-site scripting?

http://en.wikipedia.org/wiki/Cross-site_scripting


Here is the vulnerabilities of simple machines forum

http://web.nvd.nist.gov/view/vuln/search?execution=e1s2
« Last Edit: April 20, 2009, 11:12:23 AM by pomprocker »

Offline HDL_CinC_Dragon

  • Supreme Robot
  • *****
  • Posts: 1,261
  • Helpful? 5
Re: Trojan horse on SoR??
« Reply #91 on: April 20, 2009, 01:53:34 PM »
Chrome was telling me there was a problem on any page under the SoR.com domain be it the forums or the main page. I tried everything. Admin did find it however and did remove it. Hopefully it will stay gone for a long long time.
United States Marine Corps
Infantry
Returns to society: 2014JAN11

Offline dellagd

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 731
  • Helpful? 5
  • Come to the dark side... We have cookies!
    • Exodus Rocketry
Re: Trojan horse on SoR??
« Reply #92 on: April 20, 2009, 03:31:36 PM »
when I click here I get redirected back to the forum home page, or at least so it seems
maybe this is the result of another hack.
http://www.societyofrobots.com/robotforum/index.php?action=bookmarks
Innovation is a product of Failure, which leads to Success.

If I helped, +1 helpful pls

I Won!
3rd place! I'm taking $100

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #93 on: April 20, 2009, 04:10:45 PM »
i doubt that would be the result of another hack, the bookmarks page is probably down, if the case that a forum page goes down normally you are directed to a blank page or the homepage.
Howdy

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #94 on: April 21, 2009, 02:18:49 PM »
So it appears I still haven't figured out the security flaw, and it appears several different hackers have all abused it to get to SoR lately. This most recent hacker somehow managed to use four different IP addresses simultaneously during the attack.

I can only do the clean and IP ban technique until I figure out the flaw and patch it :'(

Looking at the logs, SoR is being heavily hit by hundreds of automated attacks daily . . . nothing I can do unfortunately.

As for bookmarks, I apologize but the latest virus clean required me to replace files. Not sure which file I replaced that broke bookmarks and it'll take me a few days to find time to fix it.

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #95 on: April 21, 2009, 04:37:54 PM »
thank you admin! we all appreciate what you are doing for us and how time consuming it is. if im ever in Thailand i will buy you a cake... but for now, have an e-cookie ;D
Howdy

Offline dellagd

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 731
  • Helpful? 5
  • Come to the dark side... We have cookies!
    • Exodus Rocketry
Re: Trojan horse on SoR??
« Reply #96 on: April 21, 2009, 05:52:36 PM »
e-cookie from me too
(I hope you like virtual chocolate  ;) )
Innovation is a product of Failure, which leads to Success.

If I helped, +1 helpful pls

I Won!
3rd place! I'm taking $100

Offline HDL_CinC_Dragon

  • Supreme Robot
  • *****
  • Posts: 1,261
  • Helpful? 5
Re: Trojan horse on SoR??
« Reply #97 on: April 21, 2009, 07:38:58 PM »
4 IPs at once leads me to beleive that its either a bot net or an organized group of people. Not sure why they want to take down SoR so bad buuuut they should stop because thats dumb.

Also, IP banning may not be affective as hackers can bounce their signal through a different machine or network to mask their own IP as someone elses.
United States Marine Corps
Infantry
Returns to society: 2014JAN11

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #98 on: April 21, 2009, 07:58:23 PM »
smart little f@$#ers! why cant they just build a robot like normal people?
Howdy

Offline dellagd

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 731
  • Helpful? 5
  • Come to the dark side... We have cookies!
    • Exodus Rocketry
Re: Trojan horse on SoR??
« Reply #99 on: April 22, 2009, 06:12:00 AM »
what are they accomlishing anyway?
the fact that we are mad at them?

hey! they're e-bullies!  :'(

and admin, I know u don't want to hear this,
when I click on bookmarkd I still go back to the homepage
but in my web address bar it says I am in bookmarks?
???
« Last Edit: April 22, 2009, 06:14:40 AM by dellagd »
Innovation is a product of Failure, which leads to Success.

If I helped, +1 helpful pls

I Won!
3rd place! I'm taking $100

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #100 on: April 22, 2009, 06:15:36 PM »
I got good news and bad news.

Good news is that I figured out how to stop the attacks 100% as a short term solution. Basically I turn off the ability to modify SoR when I'm not editing it.

Bad news is that although it will stop further hacks of this type, I'm still not 100% sure how they got in. I think I know how they did it, but the solution (long term) requires me rewriting the forum GUI all over again.

That means I'll have to turn off like every forum feature and slowly re-add them when I have time.

Offline TrickyNekro

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,208
  • Helpful? 15
  • Hardware and Firmware Designer
    • The Hellinic Robots Portal
Re: Trojan horse on SoR??
« Reply #101 on: April 22, 2009, 06:17:01 PM »
And how long is this supposed to last???
For whom the interrupts toll...

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #102 on: April 22, 2009, 06:20:44 PM »
And how long is this supposed to last???
Well, my hope is that I'll do it all in one day. Basically start at 8am and go till 8pm. I'll plan it for when I'm free all day to minimize the pain for everyone else.

The forum will work the whole time, its just that the GUI will probably look broken and primitive until I'm finished.

Offline TrickyNekro

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 1,208
  • Helpful? 15
  • Hardware and Firmware Designer
    • The Hellinic Robots Portal
Re: Trojan horse on SoR??
« Reply #103 on: April 22, 2009, 06:23:24 PM »
It's your fault we became addicted.... ::)
For whom the interrupts toll...

Offline voyager2

  • Supreme Robot
  • *****
  • Posts: 463
  • Helpful? 6
    • Voyager Robotics
Re: Trojan horse on SoR??
« Reply #104 on: July 21, 2010, 11:59:58 PM »
Actually bots are robots!
A "normal" robot is real, a bot is software and code.

I've never had a problem with SoR(and hope i never do)
However, around the time I found SoR, a virus invaded my System Volume Information.
Spybot Search And Destroy and  AVG anti-virus couldn't remove it as it's a system folder.
Since I couldn't remove it in XP either I restarted my system and selected Ubuntu operating system and deleted it manually without problem.
Also found some interesting windows goodies this way to...
And Admin said "Let there be robots!"
And it was good.

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #105 on: July 22, 2010, 06:47:04 AM »
I guess I should update this thread . . .


I moved SoR to a new host early this year, meaning I did a fresh install of everything. Assuming I also didn't freshly install the same vulnerability, SoR is clean :P

Offline voyager2

  • Supreme Robot
  • *****
  • Posts: 463
  • Helpful? 6
    • Voyager Robotics
Re: Trojan horse on SoR??
« Reply #106 on: July 23, 2010, 06:08:32 AM »
Another epic win for Admin!!
And Admin said "Let there be robots!"
And it was good.