Jump to content

Community

Archived

This topic is now archived and is closed to further replies.

Kfir

OMG IPB 3 Got Hacked!

Recommended Posts

Invision Tweaks, a known IPB support site has been hacked.
Look here: http://www.invisiontweaks.com/forums/index.php?/forum-7/announcement-2-hacked-by-team-evil-arab-hackers/
All posts are deleted.
I was shocked when I saw this.

Share this post


Link to post
Share on other sites

oh dear, should be noted that they are running a couple of modifications they coded themselves, this could have been what was compromised and not the IPB software itself...

Share this post


Link to post
Share on other sites

[quote name='BGarcia' date='31 August 2009 - 04:14 PM' timestamp='1251731648' post='1850887']
Doesn't seem like it was hacked more like an account was compromised.

Maybe. But I guess a Staff can't mass delete all posts. Am I right?

Share this post


Link to post
Share on other sites

[quote name='Kfir' date='31 August 2009 - 04:21 PM' timestamp='1251732112' post='1850892']
Maybe. But I guess a Staff can't mass delete all posts. Am I right?

Global mods can mass prune forum(s) if that's what you meant :unsure:


Bad too see though :( , but could of been anything (weak password / compromised email account etc etc) , I think if it was a "hack" then more than just that one account would of been compromised...

Share this post


Link to post
Share on other sites

Looks like the software itself was not hacked but a member of their I.T. staff had a weak password.
I.T. staff would have as much control over the board as an administrator.

Share this post


Link to post
Share on other sites

More like a password generator mod that will automatically generate a 12 character password into the password field.

Share this post


Link to post
Share on other sites

[quote name='ΑndyF' date='31 August 2009 - 04:27 PM' timestamp='1251732447' post='1850895']
Global mods can mass prune forum(s) if that's what you meant :unsure:


Bad too see though :( , but could of been anything (weak password / compromised email account etc etc) , I think if it was a "hack" then more than just that one account would of been compromised...


That is a stupid thing to do. Staff shouldn't have the ability to delete content from the board.

Share this post


Link to post
Share on other sites

It's unusual for hackers to be so destructive. Normally they just like to 'brag' by altering a page or posting an announcement for example. I hope those guys had a backup.

Share this post


Link to post
Share on other sites

[quote name='Kfir' date='31 August 2009 - 05:03 PM' timestamp='1251734637' post='1850908']
That is a stupid thing to do. Staff shouldn't have the ability to delete content from the board.

It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :)

Share this post


Link to post
Share on other sites

im starting to see a few topics reappear

i think they was removed but went to the trash can and somone is moving them back from the trash can to the right area, reason for gussing this is everytime i fresh theres another topic reappearing

Share this post


Link to post
Share on other sites

Here's hoping the lame script kiddie didn't have the intelligence to use a high anonymous proxy, gets his/her IP exposed, see how clever he/she feels behind bars :P

Share this post


Link to post
Share on other sites

Please don't jump to conclusions that IPB itself was hacked. :) There are dozens of possibilities. If the owner believes it was IPB itself that was compromised, they are certainly free to submit a ticket and we will assist them to the best of our ability in tracking down how the hacker got in and what damage was done exactly.

Share this post


Link to post
Share on other sites

[quote name='ΑndyF' date='31 August 2009 - 01:13 PM' timestamp='1251738825' post='1850938']
It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :)

But surely the same criteria applies? You wouldn't give access to your ACP to someone you don't trust. You, therefore, wouldn't make someone a member of staff if you didn't trust them.

Share this post


Link to post
Share on other sites

[quote name='bfarber' date='31 August 2009 - 07:11 PM' timestamp='1251742299' post='1850972']
Please don't jump to conclusions that IPB itself was hacked. :) There are dozens of possibilities. If the owner believes it was IPB itself that was compromised, they are certainly free to submit a ticket and we will assist them to the best of our ability in tracking down how the hacker got in and what damage was done exactly.

Share this post


Link to post
Share on other sites

Yes, certainly vulnerabilities will be found, it's inevitable. But let's not start a mass-panic because a single site was hacked. Could have been a modification they had installed, a bad password, insecure server so someone else on the same host had access to their files - who knows at this stage.

Share this post


Link to post
Share on other sites

[quote name='ΑndyF' date='31 August 2009 - 01:13 PM' timestamp='1251738825' post='1850938']
It's always been like that as far as I can remember. Although I do agree personally I do not think anyone without ACP access should have access to the forum side prune tools. :)

Is there a way to prevent them from having access to such tools?

Share this post


Link to post
Share on other sites

If you let your moderators delete topics then no....I mean, they can just click the checkboxes to the right of the topic listing already, so you're not protecting anything. You're just making it take potentially 20 seconds longer.

Share this post


Link to post
Share on other sites

Indeed, this reinforces the need to ensure you are only handing out moderation privileges to those who can be fully trusted and who take reasonable measures to secure their own accounts.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...