Spirit of Photography
Forum Administration => Forum Rules, FAQs, and Announcements => Topic started by: keithsnell on April 10, 2012, 08:28:08 AM
-
When I accessed the site this morning it had been hacked. I believe I have restored the site and fixed the security vulnerability they used to access the site. I don't think any member information was compromised; however, just to be safe, you might want to change your password (especially if you have administrator permissions on the site).
Some of the changes I had to make included changing "permissions" on directories and files that control the functioning of the site. I don't think any of these changes will have a negative effect. However, if you notice strange behavior or any of the site functions don't seem to be working for you (especially if you have admin privileges) then please let me know as soon as possible.
I really wish these hackers could find a way to constructively contribute to society instead of being so destructive.
Keith
-
Somehow my "fixing" the site resulted in breaking the editing function for the articles. I've installed a temporary fix by switching to a new editor for the articles (the funtion I use to put short articles on the front page of the site). The buttons you used (as an admin) to update the front page articles will now look different; however, I believe most of the functionality is still there.
NOTE: The "editor" function for articles works with Internet Explorer, but I haven't been able to get it to work with Safari (and haven't tried with other browsers). Again, this should only affect you if you have admin privileges and used those priveleges to update the front page articles.
Keith
-
I'm now doing a full backup of the site. After that completes (probably later today) I will try to make one more update to the article editor on the site in order to ensure all the security vulerabilities are fixed. This update might "break" the site, so wish me luck. :)
-
OK, there were several times today that I was about ready to cry in frustration, but I think the site is mostly back now. (The only difference for now will be the article editor.)
For those of you using the article editor, you will need to use Internet Explorer in "compatibility" mode, otherwise some of the functions in the editor won't work properly.
Thanks for your patience.
Keith
-
Great work Keith
I have changed my password
These SouTHRaNDA hackers group contribute nothing to society they just destroy everything to get a kick Sad !!!
-
Thanks Lars.
-
Thanks for bringing it back Keith.
-
I went on last night and discovered the hacking with a really gross "welcoming" image. I'm impressed you got it back so quickly, Keith. You're awesome!
-
Thanks Marilyn.
(Sorry about not catching it as soon as it happened.)
-
I clearly have no insight into how hacking happens, but how would you have been able to catch it as soon as it happened?
-
Thank you, Keith, for fixing the site. I changed my password too. What could possibly interest someone to hack into this site?
-
Something weird did happen this morning. When I used the word, date or new, a hyperlink goes to some sort of ad. So I replaced those words with others.
-
Something weird did happen this morning. When I used the word, date or new, a hyperlink goes to some sort of ad. So I replaced those words with others.
Can you explain that in a little more detail Michele? I don't understand what you mean when you say "when I used the word, date or new." When you used them on the site? Or when you typed them into your address bar on your browser?
-
Hi Keith, good morning to you. When I typed in the assignment or in the voting. I used the word date, it had a link to a dating site once it was posted. In the modify it had nothing on it but once I reviewed it in the post, it was blue and was underlined. I clicked on it and brought up an ad. Same for new, brought up an iPad site, etc. I changed the words and it was fine again. It was weird.
-
Hi Keith, good morning to you. When I typed in the assignment or in the voting. I used the word date, it had a link to a dating site once it was posted. In the modify it had nothing on it but once I reviewed it in the post, it was blue and was underlined. I clicked on it and brought up an ad. Same for new, brought up an iPad site, etc. I changed the words and it was fine again. It was weird.
Thanks Michele. Hmmm, I did a test post and didn't see the same thing. I'll experiment a bit more and take one more sweep of the software on the server to make sure there is nothing out of place there. Just out of curiosity, what browser were you using?
Keith
-
I tried to repeat it too and it did not happen again. I also checked my computer (but I have that done every night) and I have nothing on this end. I was using Explorer. date new date new date new. Just trying it again.
-
Test post.
date Date
new New
-
There, it did it again. Look up at my previous post.
-
I tried to repeat it too and it did not happen again. I also checked my computer (but I have that done every night) and I have nothing on this end. I was using Explorer. date new date new date new. Just trying it again.
OK, I'll still do another sweep of the server and we'll keep watching.
-
I'm sorry you're stuck with this cr-p again. Thank you for doing this.
-
There, it did it again. Look up at my previous post.
I don't see any hyperlinks or anything other than plain text in your post. I hate to say this, but I think the hyperlinks are being inserted on your end when those words are displayed. Just out of curiosity, can you go look at this old post (which has the word "new" in it) and see if the links are displayed there? http://community.spiritofphotography.com/index.php?topic=887.0 (http://community.spiritofphotography.com/index.php?topic=887.0)
Thanks!
-
I never had this before. This is the first time. Here, I will post a screen shot of what I get. I just ran my computer check and I have nothing.
-
Look at your post and the quote from my post in the screen shot.
-
I followed your link and there is nothing there at all - just text. Here is the screen shot from your link.
-
Look at your post and the quote from my post.
I see the hyperlink in your screen shot. But that same post does not have a hyperlink on my computer, and there is no html or other code in the post that would cause that hyperlink. I will experiment a little more, but unfortunately it appears to me that the link is being inserted on your end. You might want to clear your browser history and cookies and see if that makes a difference.
-
I will do that, however, it gets cleared every time I exit.
-
It's weird because, as I have said, I never had this before. Ok, as long as it has nothing to do with the site, I feel better but I would like to know what is up on my end then.
-
It's weird because, as I have said, I never had this before. Ok, as long as it has nothing to do with the site, I feel better but I would like to know what is up on my end then.
I'll do some research too. I want to make sure that it isn't anything that was downloaded to your computer when you tried to access the site while it was hacked.
-
I am running a complete computer scan now, I will let you know if it comes up with anything when it is over. Thank you, Keith.
-
Finished and nothing at all. :)
-
Hi Michele,
I've done a pretty thorough scan of the source code being sent from the server and there is nothing in the code that would insert links for those words. (It's just plain text when it comes from the server.) I suspect you may have an Internet Explorer add-on enabled (probably installed by some advertising site) that displays those links whenever you view a page with those words. You might want to try disabling all IE add-ons and select the IE option to block pop-ups and see if that fixes the issue.
Is anyone else seeing anything similar?
Keith
-
Nothing here. I tried IE 9 and Chrome. I think you're right Keith. Probably a browser add-on. Do you have any toolbar add-ons? They are bad about that kind of thing.
-
Thanks Chris.
Hopefully we'll be safe from that type of harassment for a while. Normally I have a little warning and time to respond to vulnerabilities, but this one pretty much came out of the blue.