KingOfPain Wrote:Would that not be a solution to fix the google problem we are having if we switch to phpBB and then delete this forum?Very likely. That malicious code is very unlikely to be injected into the database ( and if it was, it'll be trivial to find ) so moving to a completely fresh platform would almost certainly leave it behind.
That would make the server switch much easier too. We need to move to a new more secured server so no one would fool around with our access.
|
Realms Beyond Mainpage Update
|
Mist Wrote:Very likely. That malicious code is very unlikely to be injected into the database ( and if it was, it'll be trivial to find ) so moving to a completely fresh platform would almost certainly leave it behind. I thought you had actually located the code not long after the hack was first discovered, and even posted a solution to fix it... Bobchillingworth Wrote:I thought you had actually located the code not long after the hack was first discovered, and even posted a solution to fix it...I located how is it transmitted to visitors, I don't actually know where exactly was it injected, because I don't have file access. I posted a dump of malicious packet, which tells me that it's a mass market hack, gives me a very idea where to look for it and tells me exactly what to look for. Edit : Also, there are good odds that whoever hacked us also left a backdoor behind to refresh the infection whenever it gets superficially removed. That is less trivial to locate, but also would not carry over if we migrated platforms. Quote: so moving to a completely fresh platform would almost certainly leave it behind. Does that include exporting the data from the old to the new? We can even move to a new domain name, but I am trying to think of all the negative effects that might have (broken links all over the web for one). We also own realmsbeyond.com so that would be one good place to start a new. It would let us take the time to build the new site without affecting anything here. KoP KingOfPain Wrote:Does that include exporting the data from the old to the new?All you need to export is the database, which is plain text and has about one place possible for a site-wide hack to work ( thus easy to verify/heal ) and image files ( avatars, attachments ) which are not a possible medium for a site-wide hack. Therefore, yes, even with exporting data the malicious code stays behind. There's no need to change domain name. Krill Wrote:And T-hawk works with MySQL in his day job IIRC.Microsoft SQL. I can hack the SQL language itself well enough, but things like backups and conversions would be somewhat different in the Unix/MySQL world. I could probably figure it out, but Mist and KOP are probably ahead of me in that department. KingOfPain Wrote:We can even move to a new domain name, but I am trying to think of all the negative effects that might have (broken links all over the web for one). We also own realmsbeyond.com so that would be one good place to start a new. It would let us take the time to build the new site without affecting anything here.Build new stuff using realmsbeyond.com to test, and when we're happy, flip over realmsbeyond.net to point to it. Don't leave realmsbeyond.net as an orphan or parked redirect, it should stay live. Kylearan Wrote:Seconded. When I'm giving training in malware analysis and botnet mitigation, I always have to tell my trainees how many site admins are unwilling to do something about infections of their sites and how bad this is because that is (at the moment) the main way how malware spreads. Please prove me wrong here! I thought this was pretty interesting, especially around 20:30 for this thread. Darrell
For what it's worth, I was a professional sysadmin for several years, and I'm very comfortable with UNIX commandline and SQL work. I'd be happy to help get something up and running on the .com server to get ported over to the .net server. I realize I'm not a very active member of the community, but I've been reading and lurking here for years, and would like to help out if I can.
Cheers, Charles |
