Sometime in October, an exploit for Invision board was discovered
On November 5th, someone used it to upload some placeholder script hidden inside http://www.bitterswe...bowl.com/forum/
On November 12th, Invision patched the problem and released an update
On November 15th, I applied that patch, but the script was still resident
From November 15th to January 10th, the hacker slowly spread the script around the system
From January 10th to today, they used it to spam tons of people
Today, I got a report that the site was sending spam, so I looked into it for hours and hours and eventually tracked it back to that November 5th exploit.
It is now no longer sending spam and should be free of malicious scripts, but I am not sure if I fixed the exploit. I am safe only if my theory that they used the few days before I applied the November fix to get in holds true, because the forum has no more security patches applied to it than it did a few days ago.
I sure hope they didn't make a note of my MySQL password!
Page 1 of 1
A good way to ruin my fucking day
If you applied the patch on November 15th, then that particular exploit should no longer have an entry point, right? I see there was also another critical security update at the end of December, have you applied that patch as well? If no more spam is being sent out, and you've had your server scanned with a couple of different antivirus/anti-malware scanners and found nothing, then you should be OK.
I'm currently dealing with a problem just as annoying: our email has gotten blacklisted by mail servers a couple of times now. Possibly there is a computer somewhere in our system that is infected with a virus or malware and sending out spam or infected content. So now I have to go around and scan all computers just to be sure!
I'm currently dealing with a problem just as annoying: our email has gotten blacklisted by mail servers a couple of times now. Possibly there is a computer somewhere in our system that is infected with a virus or malware and sending out spam or infected content. So now I have to go around and scan all computers just to be sure!
- #4
- 16 January 2013 - 05:28 PM
- SuitCase
- Administrator
Well, I can't be sure that it was using that exploit. That's just my current theory.
And, similar to your unfortunate problem, the spam the server did send out this week has likely got the domain blacklisted on many different ISPs, at least temporarily but maybe permanently.
And, similar to your unfortunate problem, the spam the server did send out this week has likely got the domain blacklisted on many different ISPs, at least temporarily but maybe permanently.
- #5
- 16 January 2013 - 06:05 PM
I'm sure it will be.
(Now answering questions on behalf of SuitCase.)
(Now answering questions on behalf of SuitCase.)
- #7
- 18 January 2013 - 01:15 AM
Page 1 of 1