Hacking attempt on TechSpot

Julio Franco

Posts: 9,092   +2,043
Staff member
FYI. Over the weekend we noticed a security breach and hack attempt on TechSpot's servers. Since then we've tried to work on shutting down any potential vulnerabilities without causing major interruptions.

This afternoon (Monday) we were surprised with malware warnings popping on the site as the hacker injected code into our pages. Thankfully some of you reported this immediately and it took us less than 10 minutes to get rid of the malicious code.

Special thanks to Per, Adonis and Jessica, who have been working diligently on auditing the site's code and server configuration.

Thanks for your support and please do let us know if you notice anything unusual going on.

Julio
 
Thanks for keeping us informed, we'll be on the alert. And of course compliments on your effective action. A board populated by expert advisors won't be easy prey to script kids.
 
If I'm not suffering from Dementia, I remember alerting Mario, Per and Julio on the subject way earlier.
Somehow, I still think it's got to do with the gaps created by the upgrade b/w vB and XF. No idea on either exactly.
 
There was a SQL Injection flaw in our OpenX advertisement system.
We where only one version behind the latest stable release, but it turned out it was the plugin system that was exploited.
As the process for keeping OpenX updated involved allot of work we took this opportunity to switch to Google's DFP
You might have noticed that our AD's are now served from Google in the last week...

Marnomancer, you are sure not suffering from dementia :)
We where kind of forced to keep the old vBulletin forum online for backwards compatibility.
But it was finally removed last week aswell...
As it was we did have the latest security updates installed for our release (vBulletin 3.8.x)
 
Marnomancer, you are sure not suffering from dementia :)
Hehe, it was meant as a pun. :)
Someone recently cracked that one on me, so it's become my tagline now whenever past events are concerned. ;)

On the previous alert, after the dummy injection I did a MSF lookup on XSS-M0SQ, and turns out it wasn't registered there.
Not sure where it's the upgrade, but OS fingerprinting patterns changed. All I get it "Unix-family, prob: CentOS".
 
Julio, I need to verify this with you: do you use the following on TechSpot?
dnetshelter2.d.chango.com
Site is rated red in all 4 categories by WOT
-------------------
chango.com is a domain used by Chango which is an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like chango.com can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like chango.com as well as being sold to other advertisers and marketers.

Sites using chango.com to track you:
I do not see Techspot listed here: http://urlquery.net/report.php?id=87870

While posting on this thread: https://www.techspot.com/community/topics/closing-thread.183677/#post-1211640
this URL staying in the lower left corner of the browser (Firefox) as "waiting for dnetshelter2.d.chango.com."

There was a lot of activity on what sounded like the hard drive. It didn't go away> either HD 'running sound or left corner dialog box, so I shut the site and browser down. When I reopened, the reply I was making had moved to about I/4 of the reply box, but HD sound and dialog box did not appear. I have the AdBlock disabled in TechSpot.

In view of the recent hack and the site URL rating, I thought you should know about this.
----------------------------------------
FYI: when I sent my reply to "More Options", the usual 'read', 'waiting' notices appeared in left corner dialogue box, but not dnetshelter.
 
Back