hacked forum... please help...
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=25546
Printed Date: 03 April 2026 at 6:55pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: hacked forum... please help...
Posted By: racekites
Subject: hacked forum... please help...
Date Posted: 04 April 2008 at 10:16pm
|
Hey guys...
I'm running webwiz over on http://www.racekites.com - www.racekites.com however someone has just hacked the forum and SQLServer database.... i'm on WW 8.03
it looks like someone has inserted javascript throughout the forum
link to javascript file removed by admin
I've replaces s with $
any idea how they are doing this ?? and more importantly how i can fix it ??
looks like i need to restore from a backup as the damage is pretty comprehensive....
Please help
Cheers
A
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 04 April 2008 at 10:44pm
|
This is an an Cross Site Scripting hack (XSS), usually written to exploit vulnerabilities in IE. You should be able to log into your forum using Firefox which is usually no vulnerable to delete any posts with this javascript in them. Then to make sure it doesn't happen again upgrade to the latest version whhich will protect against this. New XSS hacks come out all the time main using vulnerabilities in browsers, so we monitor security web sites and do monthly audits, if we see any potential issues a new version of Web Wiz Forums is released. For this reason you should always make sure you are running the latest release. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: racekites
Date Posted: 04 April 2008 at 10:51pm
|
cheers B
It looks like they have updated all the posts.... looks like a restore from backup time....
we do have a backup don't we.....
 how does this exploit work, is it an issue with SQLServer or the forum code ??
I've done lots of customisation on the forum so upgrading is a big job....
Cheers
A
|
Posted By: WebWiz-Bruce
Date Posted: 04 April 2008 at 11:05pm
|
If they have updated every post then it suggests that the issue has more to do with weak admin, FTP, and/or SQL Server passwords. If an exploit like this existed in web wiz forums we would certainly know about it. You should make sure all your passwords are alphanumerical, update your forum to the latest release, make sure that there are no usual files on your web server that the hacker is using as a back door to your site, and make sure there are no usual back door admin accounts created to your forum. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: racekites
Date Posted: 05 April 2008 at 12:36am
|
Cheers Bruce All passwords have been updated as recommended... (they were all originally a mix of characters/numbers and shift characters...) I purchased the full version, does this mean i can upgrade to 9 or will i need to pay an upgrade fee ?? So, when looking for a rouge admin user is there any way of masking the user group, or will anyone with admin rights have to be in the admin group ?? Is there anything else i need to look for while locking the website down... ? Also, could it be that the webserver/dbserver needs patching ?? Cheers and thanks for the help A |
Posted By: WebWiz-Bruce
Date Posted: 05 April 2008 at 10:01am
|
If you look in the members list it should list anyone in the admin group. To ensure your web site is secure you should check that there are no rouge files on the server that a hacker is using as a backdoor to gain access to your site. You should also have it so that write and modify permissions are removed and you only have read permissions. The exception to this is if you allow users to upload files in which case you need to set read, write, and modify permissions on those folders only. I could not comment if the web server you are using needs patching or is locked down securely as I don't know what security measures your host puts in place, however, security for both web and databases servers is quite complex, so hopefully they will have knowledgeable engineers who have locked down the servers. Upgrading depends on the type of license you have, you should contact sales and accounts if you have licensing questions. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: gringolalo
Date Posted: 05 April 2008 at 7:09pm
|
Bruce:
Thank you for what you do. I have a web site in which I run my business using a password protected admin side. It is written using the old asp tecnology and we keep our data in an SQL database.
Since last night, something happened that appears to be the attack you are talking about here with reference to a forum.
I am not a technician but have been cutting and pasting code for many yers. I have a back up of my programs and code on my home computer and put them into a sub directory to see if the problem still exists. It does. Is the malicious code which is causing the problem in my code or in the SQL database?
Thanks. ------------- The more I learn and the longer I live, the less I am sure of but I will help anyone any time I can |
Posted By: gringolalo
Date Posted: 05 April 2008 at 7:17pm
|
Bruce:
I failed to mention, I found this forum by searching on nmidahena virus and I tried accessing my material using Firefox as you suggested. It works fine. We just changed our email access in Outlook yesterday to IMAP from POP 3. Could that be where I got it . Is it likely part of an email message I received? Do I need to delete emails??
Thanks ------------- The more I learn and the longer I live, the less I am sure of but I will help anyone any time I can |
Posted By: WebWiz-Bruce
Date Posted: 07 April 2008 at 8:13am
|
This forum is for Web Wiz Forums software support. Do these questions have anything to do with this software?
------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: gringolalo
Date Posted: 07 April 2008 at 1:42pm
|
No. Thank you ------------- The more I learn and the longer I live, the less I am sure of but I will help anyone any time I can |