OMG IPB 3 Got Hacked!

[Kfir]

Invision Tweaks, a known IPB support site has been hacked.
Look here: http://www.invisiontweaks.com/forums/index.php?/forum-7/announcement-2-hacked-by-team-evil-arab-hackers/
All posts are deleted.
I was shocked when I saw this.

[C. Waffles]

oh dear, should be noted that they are running a couple of modifications they coded themselves, this could have been what was compromised and not the IPB software itself...

[Brian Garcia]

Doesn't seem like it was hacked more like an account was compromised.

[Kfir]

[quote name='BGarcia' date='31 August 2009 - 04:14 PM' timestamp='1251731648' post='1850887']
Doesn't seem like it was hacked more like an account was compromised.

Maybe. But I guess a Staff can't mass delete all posts. Am I right?

[Olivier Turbis]

Oh crap :/

[Keith J. Kacin]

Worst. Hacking. Ever.

It could have been anything, including a weak password.

[AndyF]

[quote name='Kfir' date='31 August 2009 - 04:21 PM' timestamp='1251732112' post='1850892']
Maybe. But I guess a Staff can't mass delete all posts. Am I right?

Global mods can mass prune forum(s) if that's what you meant :unsure:


Bad too see though :( , but could of been anything (weak password / compromised email account etc etc) , I think if it was a "hack" then more than just that one account would of been compromised...

[Bain]

Looks like the software itself was not hacked but a member of their I.T. staff had a weak password.
I.T. staff would have as much control over the board as an administrator.

[Lindsey_]

Looks like Kel-F's account was taken over.

[.Ian]

Need a mod to check for weak passwords for IPB!

[Bain]

More like a password generator mod that will automatically generate a 12 character password into the password field.

[Kfir]

[quote name='ΑndyF' date='31 August 2009 - 04:27 PM' timestamp='1251732447' post='1850895']
Global mods can mass prune forum(s) if that's what you meant :unsure:


Bad too see though :( , but could of been anything (weak password / compromised email account etc etc) , I think if it was a "hack" then more than just that one account would of been compromised...


That is a stupid thing to do. Staff shouldn't have the ability to delete content from the board.

[Terry - AKA Dumbledore]

If the trash can was turned on then should not the content still be there, just in one forum?

[rct2·com]

It's unusual for hackers to be so destructive. Normally they just like to 'brag' by altering a page or posting an announcement for example. I hope those guys had a backup.

[AndyF]

[quote name='Kfir' date='31 August 2009 - 05:03 PM' timestamp='1251734637' post='1850908']
That is a stupid thing to do. Staff shouldn't have the ability to delete content from the board.

It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :)

[Novawave]

No backups were made?

[atsaunier]

im starting to see a few topics reappear

i think they was removed but went to the trash can and somone is moving them back from the trash can to the right area, reason for gussing this is everytime i fresh theres another topic reappearing

[C. Waffles]

Here's hoping the lame script kiddie didn't have the intelligence to use a high anonymous proxy, gets his/her IP exposed, see how clever he/she feels behind bars :P

[bfarber]

Please don't jump to conclusions that IPB itself was hacked. :) There are dozens of possibilities. If the owner believes it was IPB itself that was compromised, they are certainly free to submit a ticket and we will assist them to the best of our ability in tracking down how the hacker got in and what damage was done exactly.

[tAPir]

[quote name='ΑndyF' date='31 August 2009 - 01:13 PM' timestamp='1251738825' post='1850938']
It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :)

But surely the same criteria applies? You wouldn't give access to your ACP to someone you don't trust. You, therefore, wouldn't make someone a member of staff if you didn't trust them.

[C. Waffles]

[quote name='bfarber' date='31 August 2009 - 07:11 PM' timestamp='1251742299' post='1850972']
Please don't jump to conclusions that IPB itself was hacked. :) There are dozens of possibilities. If the owner believes it was IPB itself that was compromised, they are certainly free to submit a ticket and we will assist them to the best of our ability in tracking down how the hacker got in and what damage was done exactly.

[bfarber]

Yes, certainly vulnerabilities will be found, it's inevitable. But let's not start a mass-panic because a single site was hacked. Could have been a modification they had installed, a bad password, insecure server so someone else on the same host had access to their files - who knows at this stage.

[Brett B]

[quote name='ΑndyF' date='31 August 2009 - 01:13 PM' timestamp='1251738825' post='1850938']
It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :)

Is there a way to prevent them from having access to such tools?

[bfarber]

If you let your moderators delete topics then no....I mean, they can just click the checkboxes to the right of the topic listing already, so you're not protecting anything. You're just making it take potentially 20 seconds longer.

[Matt]

Indeed, this reinforces the need to ensure you are only handing out moderation privileges to those who can be fully trusted and who take reasonable measures to secure their own accounts.