Author Topic: Trojan horse on SoR?? (Read 43891 times)

pomprocker · « **Reply #90 on:** April 20, 2009, 11:07:31 AM »

I think this is cross-site scripting?

http://en.wikipedia.org/wiki/Cross-site_scripting

Here is the vulnerabilities of simple machines forum

http://web.nvd.nist.gov/view/vuln/search?execution=e1s2

HDL_CinC_Dragon · « **Reply #91 on:** April 20, 2009, 01:53:34 PM »

Chrome was telling me there was a problem on any page under the SoR.com domain be it the forums or the main page. I tried everything. Admin did find it however and did remove it. Hopefully it will stay gone for a long long time.

dellagd · « **Reply #92 on:** April 20, 2009, 03:31:36 PM »

when I click here I get redirected back to the forum home page, or at least so it seems
maybe this is the result of another hack.
http://www.societyofrobots.com/robotforum/index.php?action=bookmarks

SmAsH · « **Reply #93 on:** April 20, 2009, 04:10:45 PM »

i doubt that would be the result of another hack, the bookmarks page is probably down, if the case that a forum page goes down normally you are directed to a blank page or the homepage.

Admin · « **Reply #94 on:** April 21, 2009, 02:18:49 PM »

So it appears I still haven't figured out the security flaw, and it appears several different hackers have all abused it to get to SoR lately. This most recent hacker somehow managed to use four different IP addresses simultaneously during the attack.

I can only do the clean and IP ban technique until I figure out the flaw and patch it

Looking at the logs, SoR is being heavily hit by hundreds of automated attacks daily . . . nothing I can do unfortunately.

As for bookmarks, I apologize but the latest virus clean required me to replace files. Not sure which file I replaced that broke bookmarks and it'll take me a few days to find time to fix it.

SmAsH · « **Reply #95 on:** April 21, 2009, 04:37:54 PM »

thank you admin! we all appreciate what you are doing for us and how time consuming it is. if im ever in Thailand i will buy you a cake... but for now, have an e-cookie

dellagd · « **Reply #96 on:** April 21, 2009, 05:52:36 PM »

e-cookie from me too
(I hope you like virtual chocolate

)

HDL_CinC_Dragon · « **Reply #97 on:** April 21, 2009, 07:38:58 PM »

4 IPs at once leads me to beleive that its either a bot net or an organized group of people. Not sure why they want to take down SoR so bad buuuut they should stop because thats dumb.

Also, IP banning may not be affective as hackers can bounce their signal through a different machine or network to mask their own IP as someone elses.

SmAsH · « **Reply #98 on:** April 21, 2009, 07:58:23 PM »

smart little f@$#ers! why cant they just build a robot like normal people?

dellagd · « **Reply #99 on:** April 22, 2009, 06:12:00 AM »

what are they accomlishing anyway?
the fact that we are mad at them?

hey! they're e-bullies!

and admin, I know u don't want to hear this,
when I click on bookmarkd I still go back to the homepage
but in my web address bar it says I am in bookmarks?

Admin · « **Reply #100 on:** April 22, 2009, 06:15:36 PM »

I got good news and bad news.

Good news is that I figured out how to stop the attacks 100% as a short term solution. Basically I turn off the ability to modify SoR when I'm not editing it.

Bad news is that although it will stop further hacks of this type, I'm still not 100% sure how they got in. I think I know how they did it, but the solution (long term) requires me rewriting the forum GUI all over again.

That means I'll have to turn off like every forum feature and slowly re-add them when I have time.

TrickyNekro · « **Reply #101 on:** April 22, 2009, 06:17:01 PM »

And how long is this supposed to last???

Admin · « **Reply #102 on:** April 22, 2009, 06:20:44 PM »

Quote from: TrickyNekro on April 22, 2009, 06:17:01 PM

And how long is this supposed to last???

Well, my hope is that I'll do it all in one day. Basically start at 8am and go till 8pm. I'll plan it for when I'm free all day to minimize the pain for everyone else.

The forum will work the whole time, its just that the GUI will probably look broken and primitive until I'm finished.

TrickyNekro · « **Reply #103 on:** April 22, 2009, 06:23:24 PM »

It's your fault we became addicted....

voyager2 · « **Reply #104 on:** July 21, 2010, 11:59:58 PM »

Actually bots are robots!
A "normal" robot is real, a bot is software and code.

I've never had a problem with SoR(and hope i never do)
However, around the time I found SoR, a virus invaded my System Volume Information.
Spybot Search And Destroy and AVG anti-virus couldn't remove it as it's a system folder.
Since I couldn't remove it in XP either I restarted my system and selected Ubuntu operating system and deleted it manually without problem.
Also found some interesting windows goodies this way to...

Admin · « **Reply #105 on:** July 22, 2010, 06:47:04 AM »

I guess I should update this thread . . .

I moved SoR to a new host early this year, meaning I did a fresh install of everything. Assuming I also didn't freshly install the same vulnerability, SoR is clean

voyager2 · « **Reply #106 on:** July 23, 2010, 06:08:32 AM »

Another epic win for Admin!!

Society of Robots - Robot Forum

News:

Author Topic: Trojan horse on SoR?? (Read 43891 times)

pomprocker

Re: Trojan horse on SoR??

HDL_CinC_Dragon

Re: Trojan horse on SoR??

dellagd

Re: Trojan horse on SoR??

SmAsH

Re: Trojan horse on SoR??

Admin

Re: Trojan horse on SoR??

SmAsH

Re: Trojan horse on SoR??

dellagd

Re: Trojan horse on SoR??

HDL_CinC_Dragon

Re: Trojan horse on SoR??

SmAsH

Re: Trojan horse on SoR??

dellagd

Re: Trojan horse on SoR??

Admin

Re: Trojan horse on SoR??

TrickyNekro

Re: Trojan horse on SoR??

Admin

Re: Trojan horse on SoR??

TrickyNekro

Re: Trojan horse on SoR??

voyager2

Re: Trojan horse on SoR??

Admin

Re: Trojan horse on SoR??

voyager2

Re: Trojan horse on SoR??