Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Welcome Guest!

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?

Archived

This topic is now archived and is closed to further replies.

ShadowPuppet

**URGENT** DarkUmbra Security Audit

53 posts in this topic

Hey Everyone,

This morning (or whilst you were sleeping) there was a hack attempt against DU. The "hackers", for lack of a better word, gained access to one of the server folders and had uploaded a PHP script with various layers of obfuscation and encoding, disguised as an IP.Board file. The file, when decoded, essentially allows the user to run commands against the server in a "command line" manner however was horribly coded and used outdated and otherwise deprecated functions so it is likely this file was just downloaded from the internet in a n00b attempt at "hacking" lol. Luckily I the file is protected by my second-layer hack protection which prevents running of PHP files in random folders like that.

Thanks to that nothing was stolen, changed, or otherwise accessed without authorization... But it could have been.

Today's hack attempt shows us two things: 1, that DU is popular enough to be deemed a "worthy" hacking target and 2, that thus far, the implemented security measures put in place by Peter and myself, are working. However, now that "hackers" have successfully placed a file on the remote server, these attacks may start coming in with increased force and complexity.

It is for this reason that I am taking the day off work today to perform a full security audit on DU and it's various components including:

  • Forum
  • User Permissions
  • Server Directory Permissions
  • DUTag (most importantly the custom templates section)
  • Tournaments
  • Chatbox and IM

As a result there may be service outages at random points during the day as I make sure our server is as hardened as possible against people like this. DUTag will likely get a full rewrite today as it is, to be honest, rather outdated and I can definitely improve that.

This is not meant to scare people, but this is real life. It's a very scary idea; one permission set wrong opens us up against attack. That is what it is on a very basic level. Naturally there are a few other layers of security that prevent that being the achilles heel of the server but in principle that's it.

I will update this thread as I complete the various checks on our services. Feel free to comment on this as I'll be around all day smile.png

Cheers DUdes and DUdettes,

Shad

EDIT 1, 9:29 AM EST Tournaments app disabled as we don't use it.

EDIT 2, 9:50 AM EST Turned on topic archiving on the forum to optimize and increase performance.

EDIT 3, 9:51 AM EST Starting DUTag audit / rewrite

EDIT 4, 3:10 AM EST DUTag rewrite 95% complete, some tags using specific templates will still be down. Be back shortly

Share this post


Link to post
Share on other sites

fuckin hackers! oh well means were awesome xD thanks shad for fixing this, and actually taking a day off work to fix this. hopefully this will be fixed and the hacker is determinated. i wander if we can sue him?

Share this post


Link to post
Share on other sites

fuckin hackers! oh well means were awesome XD.png thanks shad for fixing this, and actually taking a day off work to fix this. hopefully this will be fixed and the hacker is determinated. i wander if we can sue him?

In all honesty, the hack attempt was childish and likely a very old file someone downloaded and tried to upload lmao... I added that to the OP now but this was a very low-level n00b attack. And I am working on determining the origins of the file but unlikely we can sue and even if we can, probably not worth the time since nothing was damaged :)

I only liked this topic is because you're doing something about it smile.png

ok? :P

Share this post


Link to post
Share on other sites

fuckin hackers! oh well means were awesome XD.png thanks shad for fixing this, and actually taking a day off work to fix this. hopefully this will be fixed and the hacker is determinated. i wander if we can sue him?

In all honesty, the hack attempt was childish and likely a very old file someone downloaded and tried to upload lmao... I added that to the OP now but this was a very low-level n00b attack. And I am working on determining the origins of the file but unlikely we can sue and even if we can, probably not worth the time since nothing was damaged smile.png

I only liked this topic is because you're doing something about it smile.png

ok? tongue.png

i didn't wanted you to think that I liked this topic because this site got hacked :)

Share this post


Link to post
Share on other sites

fuckin hackers! oh well means were awesome XD.png thanks shad for fixing this, and actually taking a day off work to fix this. hopefully this will be fixed and the hacker is determinated. i wander if we can sue him?

In all honesty, the hack attempt was childish and likely a very old file someone downloaded and tried to upload lmao... I added that to the OP now but this was a very low-level n00b attack. And I am working on determining the origins of the file but unlikely we can sue and even if we can, probably not worth the time since nothing was damaged smile.png

I only liked this topic is because you're doing something about it smile.png

ok? tongue.png

i didn't wanted you to think that I liked this topic because this site got hacked smile.png

Ah gotcha :)

I would check it against Khans Ip XD.png Nice work shad

lmao xD

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×