TechSpot

Hacking attempt on TechSpot

By Julio Franco
Jul 23, 2012
Post New Reply
  1. FYI. Over the weekend we noticed a security breach and hack attempt on TechSpot's servers. Since then we've tried to work on shutting down any potential vulnerabilities without causing major interruptions.

    This afternoon (Monday) we were surprised with malware warnings popping on the site as the hacker injected code into our pages. Thankfully some of you reported this immediately and it took us less than 10 minutes to get rid of the malicious code.

    Special thanks to Per, Adonis and Jessica, who have been working diligently on auditing the site's code and server configuration.

    Thanks for your support and please do let us know if you notice anything unusual going on.

    Julio
     
  2. Ranger12

    Ranger12 TS Guru Posts: 637   +117

    How dare they! Go get 'em Julio!
     
  3. miska_man

    miska_man TS Member Posts: 49

    Techspot. Efficiently the same (or better) as the FBI's Cyber Crime division. YOU GO GIRL!
     
  4. cliffordcooley

    cliffordcooley TechSpot Paladin Posts: 6,119   +1,523

    Good work guys!! :)

    P.S.
    Don't want to brag to much, might draw attention from the heavy hitters. :/
     
  5. Relic

    Relic TechSpot Chancellor Posts: 1,392   +16

    Nicely done guys.
     
  6. bobcat

    bobcat TechSpot Paladin Posts: 688   +67

    Thanks for keeping us informed, we'll be on the alert. And of course compliments on your effective action. A board populated by expert advisors won't be easy prey to script kids.
     
  7. Marnomancer

    Marnomancer TS Booster Posts: 808   +51

    If I'm not suffering from Dementia, I remember alerting Mario, Per and Julio on the subject way earlier.
    Somehow, I still think it's got to do with the gaps created by the upgrade b/w vB and XF. No idea on either exactly.
     
  8. Per Hansson

    Per Hansson TS Server Guru Posts: 1,932   +126 Staff Member

    There was a SQL Injection flaw in our OpenX advertisement system.
    We where only one version behind the latest stable release, but it turned out it was the plugin system that was exploited.
    As the process for keeping OpenX updated involved allot of work we took this opportunity to switch to Google's DFP
    You might have noticed that our AD's are now served from Google in the last week...

    Marnomancer, you are sure not suffering from dementia :)
    We where kind of forced to keep the old vBulletin forum online for backwards compatibility.
    But it was finally removed last week aswell...
    As it was we did have the latest security updates installed for our release (vBulletin 3.8.x)
     
  9. Marnomancer

    Marnomancer TS Booster Posts: 808   +51

    Hehe, it was meant as a pun. :)
    Someone recently cracked that one on me, so it's become my tagline now whenever past events are concerned. ;)

    On the previous alert, after the dummy injection I did a MSF lookup on XSS-M0SQ, and turns out it wasn't registered there.
    Not sure where it's the upgrade, but OS fingerprinting patterns changed. All I get it "Unix-family, prob: CentOS".
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the head's up and the quick work.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Julio, I need to verify this with you: do you use the following on TechSpot?
    dnetshelter2.d.chango.com
    Site is rated red in all 4 categories by WOT
    -------------------
    Sites using chango.com to track you:
    I do not see Techspot listed here: http://urlquery.net/report.php?id=87870

    While posting on this thread: http://www.techspot.com/community/topics/closing-thread.183677/#post-1211640
    this URL staying in the lower left corner of the browser (Firefox) as "waiting for dnetshelter2.d.chango.com."

    There was a lot of activity on what sounded like the hard drive. It didn't go away> either HD 'running sound or left corner dialog box, so I shut the site and browser down. When I reopened, the reply I was making had moved to about I/4 of the reply box, but HD sound and dialog box did not appear. I have the AdBlock disabled in TechSpot.

    In view of the recent hack and the site URL rating, I thought you should know about this.
    ----------------------------------------
    FYI: when I sent my reply to "More Options", the usual 'read', 'waiting' notices appeared in left corner dialogue box, but not dnetshelter.
     
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.