Kfir Posted August 31, 2009 Share Posted August 31, 2009 Invision Tweaks, a known IPB support site has been hacked. Look here: http://www.invisiontweaks.com/forums/index.php?/forum-7/announcement-2-hacked-by-team-evil-arab-hackers/ All posts are deleted. I was shocked when I saw this. Link to comment Share on other sites More sharing options...
C. Waffles Posted August 31, 2009 Share Posted August 31, 2009 oh dear, should be noted that they are running a couple of modifications they coded themselves, this could have been what was compromised and not the IPB software itself... Link to comment Share on other sites More sharing options...
Brian Garcia Posted August 31, 2009 Share Posted August 31, 2009 Doesn't seem like it was hacked more like an account was compromised. Link to comment Share on other sites More sharing options...
Kfir Posted August 31, 2009 Author Share Posted August 31, 2009 [quote name='BGarcia' date='31 August 2009 - 04:14 PM' timestamp='1251731648' post='1850887'] Doesn't seem like it was hacked more like an account was compromised. Maybe. But I guess a Staff can't mass delete all posts. Am I right? Link to comment Share on other sites More sharing options...
Olivier Turbis Posted August 31, 2009 Share Posted August 31, 2009 Oh crap :/ Link to comment Share on other sites More sharing options...
Keith J. Kacin Posted August 31, 2009 Share Posted August 31, 2009 Worst. Hacking. Ever. It could have been anything, including a weak password. Link to comment Share on other sites More sharing options...
AndyF Posted August 31, 2009 Share Posted August 31, 2009 [quote name='Kfir' date='31 August 2009 - 04:21 PM' timestamp='1251732112' post='1850892'] Maybe. But I guess a Staff can't mass delete all posts. Am I right? Global mods can mass prune forum(s) if that's what you meant :unsure: Bad too see though :( , but could of been anything (weak password / compromised email account etc etc) , I think if it was a "hack" then more than just that one account would of been compromised... Link to comment Share on other sites More sharing options...
Bain Posted August 31, 2009 Share Posted August 31, 2009 Looks like the software itself was not hacked but a member of their I.T. staff had a weak password. I.T. staff would have as much control over the board as an administrator. Link to comment Share on other sites More sharing options...
Lindsey_ Posted August 31, 2009 Share Posted August 31, 2009 Looks like Kel-F's account was taken over. Link to comment Share on other sites More sharing options...
.Ian Posted August 31, 2009 Share Posted August 31, 2009 Need a mod to check for weak passwords for IPB! Link to comment Share on other sites More sharing options...
Bain Posted August 31, 2009 Share Posted August 31, 2009 More like a password generator mod that will automatically generate a 12 character password into the password field. Link to comment Share on other sites More sharing options...
Kfir Posted August 31, 2009 Author Share Posted August 31, 2009 [quote name='ΑndyF' date='31 August 2009 - 04:27 PM' timestamp='1251732447' post='1850895']Global mods can mass prune forum(s) if that's what you meant :unsure: Bad too see though :( , but could of been anything (weak password / compromised email account etc etc) , I think if it was a "hack" then more than just that one account would of been compromised... That is a stupid thing to do. Staff shouldn't have the ability to delete content from the board. Link to comment Share on other sites More sharing options...
Terry - AKA Dumbledore Posted August 31, 2009 Share Posted August 31, 2009 If the trash can was turned on then should not the content still be there, just in one forum? Link to comment Share on other sites More sharing options...
rct2·com Posted August 31, 2009 Share Posted August 31, 2009 It's unusual for hackers to be so destructive. Normally they just like to 'brag' by altering a page or posting an announcement for example. I hope those guys had a backup. Link to comment Share on other sites More sharing options...
AndyF Posted August 31, 2009 Share Posted August 31, 2009 [quote name='Kfir' date='31 August 2009 - 05:03 PM' timestamp='1251734637' post='1850908'] That is a stupid thing to do. Staff shouldn't have the ability to delete content from the board. It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :) Link to comment Share on other sites More sharing options...
Novawave Posted August 31, 2009 Share Posted August 31, 2009 No backups were made? Link to comment Share on other sites More sharing options...
atsaunier Posted August 31, 2009 Share Posted August 31, 2009 im starting to see a few topics reappear i think they was removed but went to the trash can and somone is moving them back from the trash can to the right area, reason for gussing this is everytime i fresh theres another topic reappearing Link to comment Share on other sites More sharing options...
C. Waffles Posted August 31, 2009 Share Posted August 31, 2009 Here's hoping the lame script kiddie didn't have the intelligence to use a high anonymous proxy, gets his/her IP exposed, see how clever he/she feels behind bars :P Link to comment Share on other sites More sharing options...
bfarber Posted August 31, 2009 Share Posted August 31, 2009 Please don't jump to conclusions that IPB itself was hacked. :) There are dozens of possibilities. If the owner believes it was IPB itself that was compromised, they are certainly free to submit a ticket and we will assist them to the best of our ability in tracking down how the hacker got in and what damage was done exactly. Link to comment Share on other sites More sharing options...
tAPir Posted August 31, 2009 Share Posted August 31, 2009 [quote name='ΑndyF' date='31 August 2009 - 01:13 PM' timestamp='1251738825' post='1850938'] It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :) But surely the same criteria applies? You wouldn't give access to your ACP to someone you don't trust. You, therefore, wouldn't make someone a member of staff if you didn't trust them. Link to comment Share on other sites More sharing options...
C. Waffles Posted August 31, 2009 Share Posted August 31, 2009 [quote name='bfarber' date='31 August 2009 - 07:11 PM' timestamp='1251742299' post='1850972'] Please don't jump to conclusions that IPB itself was hacked. :) There are dozens of possibilities. If the owner believes it was IPB itself that was compromised, they are certainly free to submit a ticket and we will assist them to the best of our ability in tracking down how the hacker got in and what damage was done exactly. Link to comment Share on other sites More sharing options...
bfarber Posted August 31, 2009 Share Posted August 31, 2009 Yes, certainly vulnerabilities will be found, it's inevitable. But let's not start a mass-panic because a single site was hacked. Could have been a modification they had installed, a bad password, insecure server so someone else on the same host had access to their files - who knows at this stage. Link to comment Share on other sites More sharing options...
Brett B Posted August 31, 2009 Share Posted August 31, 2009 [quote name='ΑndyF' date='31 August 2009 - 01:13 PM' timestamp='1251738825' post='1850938'] It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :) Is there a way to prevent them from having access to such tools? Link to comment Share on other sites More sharing options...
bfarber Posted August 31, 2009 Share Posted August 31, 2009 If you let your moderators delete topics then no....I mean, they can just click the checkboxes to the right of the topic listing already, so you're not protecting anything. You're just making it take potentially 20 seconds longer. Link to comment Share on other sites More sharing options...
Management Matt Posted September 1, 2009 Management Share Posted September 1, 2009 Indeed, this reinforces the need to ensure you are only handing out moderation privileges to those who can be fully trusted and who take reasonable measures to secure their own accounts. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.