INTL Janitorial Services
Administrator
honestly i probably have Crohn's disease and should see a doctor
Ballkicks: (+360 / -80)
Posts: 1784 (0.259)
Reg. Date: Dec 2001
Location: My Pants
Gender: Female |
(Originally posted on: 03-07-12 10:20:19 AM)
Edit Post
| Edit History
| Send PM
| Change Title
| Reply w/Quote
| Report Post
| Ignore
| Show All Posts
FUCK YEAH
I have restored the FAQ, the chat, the Google 100, the upload function and all of your uploaded files. Go poke around and see if you can get something to break.
---
Original bullshit
A few days ago I posted about how the INTL forum software was thoroughly infected with some spammer scripts. Also, I said that the forums would be taken offline permanently and replaced with software that would be updated on a regular basis. This decision was based on the conclusion that INTL5, being quite old, had a number of script holes and vulnerabilities that I simply did not have the time to fix.
I was wrong.
After doing my research I discovered numerous other Dreamhost sites with the exact same problem. It appears that we were hit by an exploit that was originally designed for Wordpress installations. This exploit was generalized to take advantage of any PHP-based site with lax security.
Also, I'm sure this will come as a surprise to everyone: free forum software sucks. It really does. phpBB advertises a multitude of plugins and modifications that, at first glance, appeared to do everything that INTL already does. They failed to mention that many of those plugins were built for old versions of their forum and have not been updated in years.
I decided to make an attempt at salvaging INTL once again. I have spent the past 5 days hand-cleaning cleaning scripts, editing the database and tightening security both inside our web directories and from the Dreamhost control panel. All of the uploaded files were salvaged as well. I think that I have slammed enough security down around the site to keep us from being reinfected. Your malware warnings should disappear in a few days if they haven't already.
However, there are many Dreamhost-based sites have been infected with the same garbage. Some DH users have noticed that entire shared-hosting servers will be infected in less than 1 minute. In other words, hundreds of sites, all running under different accounts on the same box, will end up compromised within 60 seconds. This information, coupled with the fact that DH lost a great many FTP/SSH usernames and passwords a few months ago, has led me to believe that the exploit is further up the chain than I can access.
As of today the forums are back online and should be mostly functional. For now I plan to stay with Dreamhost, since there is no hard evidence that the hacks are the fault of the host. The info came from a bunch of pissed off people on their support forums. If this happens again, though, we will be closing shop at this hoster and moving to another.
For those of you with websites or FTP servers hosted under this account, email or PM me. I do not plan to carry a bunch of old files with us if we move.
FUCK. YOU. VISSARIO.
This reply was last edited on 03-09-12 09:35:38 AM by INTL Janitorial Services.
|
