About hacking attempt
Yesterday there was an incident to forum "breaking", to be exact, editing of one file, and plums on a sheaf сплойтов, can calm at once:
1 . The Iframe's code was a curve, and at the most part of users it doesn't even downloaded.
2 . To that moment there was DDOS attack to a forum (Probably all remember ERROR #502 during the whole day), proceeding from it, 60% of the users who were at that time couldn't receive a iframe's code at all.
3 . THE DATABASE IS OK, Nobody DIDN'T get access to it, ONLY ONE FILE HAS BEEN MODIFIED WHICH WERE JAVASCRIPT INSTALLED WITH IFRAME CODE .
4 . The Exploit pack was very old so the chance to become infected is about zero.
In aggregate factors:
1 . Having punched slightest at a Exploit pack.
2 . Time of stay harmful code on the server was not long.It was quickly removed (1-2hrs).
3 . 60% of visitors didn't receive this file.
4 . The number of visitors at that period of time was not many about 200-300 people.
From there conclusions:
1 . Incidents of infection were single (One is at present known, and that not that caught the fact from us).
2 . Local database didn't touch, to worry there is nothing because according to our records, it was done because of ALL incoming traffic was done THRU anti-ddos system. And it seems one of their system was hacked. And all incoming traffic to our server wasnt recieved clear board html page, but page with "addition".
Interesting moment already here:
In scripts was nothing (On the server) so most likely it was a hoster who provided DDOS protection.
About exploit pack, check your versions of next software:
1 . Java v7.2, 6.30 and 5.33
2 . Adobe Reader and Adobe Acrobat Professional versions 8.0 to 8.2 and 9.0 to 9.3.
Exploit pack use bugs in this versions for infecting
Hacker's domain info:
socks4you.biz
Yesterday there was an incident to forum "breaking", to be exact, editing of one file, and plums on a sheaf сплойтов, can calm at once:
1 . The Iframe's code was a curve, and at the most part of users it doesn't even downloaded.
2 . To that moment there was DDOS attack to a forum (Probably all remember ERROR #502 during the whole day), proceeding from it, 60% of the users who were at that time couldn't receive a iframe's code at all.
3 . THE DATABASE IS OK, Nobody DIDN'T get access to it, ONLY ONE FILE HAS BEEN MODIFIED WHICH WERE JAVASCRIPT INSTALLED WITH IFRAME CODE .
4 . The Exploit pack was very old so the chance to become infected is about zero.
In aggregate factors:
1 . Having punched slightest at a Exploit pack.
2 . Time of stay harmful code on the server was not long.It was quickly removed (1-2hrs).
3 . 60% of visitors didn't receive this file.
4 . The number of visitors at that period of time was not many about 200-300 people.
From there conclusions:
1 . Incidents of infection were single (One is at present known, and that not that caught the fact from us).
2 . Local database didn't touch, to worry there is nothing because according to our records, it was done because of ALL incoming traffic was done THRU anti-ddos system. And it seems one of their system was hacked. And all incoming traffic to our server wasnt recieved clear board html page, but page with "addition".
Interesting moment already here:
In scripts was nothing (On the server) so most likely it was a hoster who provided DDOS protection.
About exploit pack, check your versions of next software:
1 . Java v7.2, 6.30 and 5.33
2 . Adobe Reader and Adobe Acrobat Professional versions 8.0 to 8.2 and 9.0 to 9.3.
Exploit pack use bugs in this versions for infecting
Hacker's domain info:
socks4you.biz
Don't Worry, Be HappyName: Aleksandr M Sugay
Address1: Shkolnaya 7
City: poselok Nahabino
State/Province: Moskowskaya oblast
Postal Code: 143430
Country: Russian Federation
Country Code: RU
Phone Number: +7.4957239170
Email: [email protected]
Last edited: