Forums updated

Noteworthy info from the Chaos team (forum Registration code, IRC info, etc)
Tim
Chaotic Dreams Team
Posts: 444
Joined: Sun Aug 29, 2004 4:50 pm
Location: Proxy King Lair

Forums updated

Post by Tim »

Well, as you've probably noticed, the forums have been updated. It had to be done due to security issues (for starters - but mostly because of that). From what I can see, the update went fine. There might be some subtle errors here and there - if you spot them, let me know.

I've also tracked down the problems with antivirus software - certain things were added to the main website and the forums' index.php. I suspect the initial breach has either happened on the old server (as I've previously stated, the old server was compromised a few days before the server move), although though because the problems seem to be limited to the system user who "owns" the Chaotic Dreams website, I suspect it had to do with an exploit in PhpBB2 - the software that was installed has a lot of known exploits - examples: http://www.cvedetails.com/vulnerability-list/vendor_id-1529/product_id-2635/version_id-47341/Phpbb-Phpbb-2.0.22.html.

This suspicion was reinforced by the fact that the problematic pieces of code kept reappearing, even when I've removed them before. Now that the forums have been updated, things should be better - if not, I'll try something else to get to the bottom of this.
Hermskii
Hermskii.com
Posts: 146
Joined: Thu Aug 07, 2003 1:46 am
Location: Houston, Texas
Contact:

Re: Forums updated

Post by Hermskii »

Great job Tim. thanks.
R.Flagg
Chaotic Dreams Team
Posts: 8460
Joined: Thu May 09, 2002 2:55 pm

Re: Forums updated

Post by R.Flagg »

[youtube]http://www.youtube.com/watch?v=hUQX2B67KL4[/youtube]
q66
Posts: 23
Joined: Fri Feb 03, 2012 1:39 pm
Location: Staines, UK
Contact:

Re: Forums updated

Post by q66 »

cool
- http://octaforge.org - OctaForge scriptable game engine
- FreeBSD user and open source enthusiast
Tim
Chaotic Dreams Team
Posts: 444
Joined: Sun Aug 29, 2004 4:50 pm
Location: Proxy King Lair

Re: Forums updated

Post by Tim »

Well, the problem seems to have returned, despite the update - I'm looking at logs and doing different stuff to try and stop this from happening. I'll get to the bottom of this come hell or high water!

Fortunately, the problem is limited only to Chaos and didn't infect the rest of the system, meaning that whatever's been doing this cannot gain root access.
Unfortunately, the problem is in Chaos and didn't instead infect a less important site :evil:
genman
The Rail Man
Posts: 181
Joined: Fri Jul 25, 2003 12:24 am
Location: Rhode Island
Contact:

Re: Forums updated

Post by genman »

I haven't had any alerts or warning since you've switched over to the site.
Hermskii
Hermskii.com
Posts: 146
Joined: Thu Aug 07, 2003 1:46 am
Location: Houston, Texas
Contact:

Re: Forums updated

Post by Hermskii »

Me neither!
genman
The Rail Man
Posts: 181
Joined: Fri Jul 25, 2003 12:24 am
Location: Rhode Island
Contact:

Re: Forums updated

Post by genman »

Just received a threat warning from avast as soon as the forums loaded.
Tim
Chaotic Dreams Team
Posts: 444
Joined: Sun Aug 29, 2004 4:50 pm
Location: Proxy King Lair

Re: Forums updated

Post by Tim »

I know, I've been fighting this crap for days... Still can't find the source of the problem, but it's still limited to just this one user...
Hermskii
Hermskii.com
Posts: 146
Joined: Thu Aug 07, 2003 1:46 am
Location: Houston, Texas
Contact:

Re: Forums updated

Post by Hermskii »

It hasn't happened to me for a while. I was also thinking maybe it was a false positive for Avast but it lists the site this one tries to send me to so I have to think it is real. Very Odd.
Tim
Chaotic Dreams Team
Posts: 444
Joined: Sun Aug 29, 2004 4:50 pm
Location: Proxy King Lair

Re: Forums updated

Post by Tim »

It's definitely real, I even know exactly which files were changed in the attacks and how often (3 times a day, and I'd rather not say which files due to security reasons).

What matters though is that the problems appear to have been fixed - there's not been an attack in a day and a half. I'd also rather not say how they were fixed, again, for security reasons (you know, in case the attacker[s] are reading this and whatnot).
Hermskii
Hermskii.com
Posts: 146
Joined: Thu Aug 07, 2003 1:46 am
Location: Houston, Texas
Contact:

Re: Forums updated

Post by Hermskii »

I have my fingers crossed Tim. I have not had a positive hit here in over a week and I'm here at least 5 times a day. I'm glad you know what you're doing! I'm grateful you are doing what you are doing too. Keep up the great work!
~Peace~

Hermskii
www.hermskii.com/forum
Dorian
Posts: 64
Joined: Wed Oct 19, 2011 3:54 pm

Re: Forums updated

Post by Dorian »

Once the priorities are resolved..possible to replace the "phpbb" logo in the upper-left with a Chaos logo?
Tim
Chaotic Dreams Team
Posts: 444
Joined: Sun Aug 29, 2004 4:50 pm
Location: Proxy King Lair

Re: Forums updated

Post by Tim »

Still no breakins. I think it's safe to say that the problem has been defeated, at least for now :)

As for the logo, RFlagg tried to modify an old image to remove the white background so that it's transparent, but he didn't succeed (primarily because the file was a jpeg - low quality at that - and the artefacts were making problems with the removal).
I'll try using a model for CUT2 or similar to throw together a montage with a bunch of proxies and stuff (which was what was in the image) at the end of the week when I get back to my main computer and the software installed on it - I just hope I don't forget.

As an apology for the logo still lacking, I have added a Chaos Official Complementary Forum and Website Browser Icon (TM). In other words, the proxy icon for the forums and main website is back - it might take a while for your browser(s) to realize this, however :P
R.Flagg
Chaotic Dreams Team
Posts: 8460
Joined: Thu May 09, 2002 2:55 pm

Re: Forums updated

Post by R.Flagg »

Tim wrote: - I just hope I don't forget.


.... Oops! :P
Post Reply