Announcement

Collapse
No announcement yet.

Site was hacked, now restored

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Site was hacked, now restored

    This morning the xs11.club website was hacked. The main webpage for the forum was replaced with message about having been hacked by Inchworm.

    I believe this was due to a vulnerability in PHP, the technology used to generate the forum webpages. Patches have been applied and the forum webpages restored. We are back online.

    FYI, we didn't need them this time but we do maintain off-site backups of the database that contains all the forum content. If our web server were ever unrecoverable, we should just start-up a new one and apply our backup data.
    '80 XS Special
    JonathanKnez@hotmail.com

  • #2
    Also, shout out to cajun31 for browsing the forum in the wee hours of the morning and immediately bringing this issue to our attention. This site really does have the best members.
    '80 XS Special
    JonathanKnez@hotmail.com

    Comment


    • #3
      THANK YOU ........... THANK YOU ............. THANK YOU

      Cajun for seeing it and letting nezzer know
      neezer for getting the patch applied so quickly

      It sure is the Wild West out there the data, networking etc. all so vulernable to Hacks, even with the best protection in place

      Jeff
      78' XS1100 E
      78' XS1100 E
      78' XS1100 E

      '73 Norton 850 Commando
      '99 Triumph Sprint ST
      '02 G-Wing GL1800

      Comment


      • #4
        Great work Nezzer and Cajun. When I saw the hack this morning I figured we were dead! Keep up the good work. Bob
        Bob's Bikes:
        79SF, Military theme bike

        Bob's websites:
        https://projectxs11.wordpress.com
        https://rucksackgrunt.com

        Bob's Books:
        "
        Project XS11"
        "Rucksack Grunt"
        "Jean's Heroic Journey"


        Bob's Parts:
        For Sale Here.

        Comment


        • #5
          The site got hacked again, same as before.

          TLDR: The site is up and running again but new user registration is likely broken. We will need to schedule some downtime for a VBulletin software upgrade.

          Details: This time I spent some time really digging into this. I found the hacked files again, looked up their create date/time in the web server access log. From that I determined exactly what request was used to upload these hacked files. I also determined that the perpetrator is some jerk in the Netherlands. They were exploiting a vulnerability in VBulletin itself. The right fix is to update the VBulletin software. dansmith65 and I will get started on that sometime soon. In the mean time, I modified the affected VBulletin code to close that vulnerability, but in the process likely broke the ability for new users to register.
          '80 XS Special
          JonathanKnez@hotmail.com

          Comment


          • #6
            I'd first noticed it very early yesterday morning, probably 4am EST since that's about the time I wake up most days. Very glad to see everything getting cleared up!

            I'd casually noticed several "new members" recently logging in with questions coming off the XJ forum in the last several months, one of them being one that I had asked! Knew SOMETHING was up and being a general skeptic had a feeling it was somehow nefarious although I also wasn't sure to what end it would accomplish.
            1980 XS1100G

            I identify as a man but according to the label on a package of Stauffers Baked Lasagne I'm actually a family of four!

            Comment


            • #7
              Saw it yesterday afternoon and thought some idiot has nothing better to do. Glad we are back and running. Domain hijacking can be costly.
              1980 XS1100 SG
              Inline fuel filters
              New wires in old coils-outer spark plugs
              160 mph speedometer mod
              Kerker Exhaust
              xschop K & N air filter setup
              Dynojet Recalibration kit
              1999 Kawasaki ZRX1100
              1997 Jeep Cherokee 4.5"lift installed

              Comment


              • #8
                Glad you guys got this fixed. I was hoping based on the web server behavior that the data was all fine there was just some garbage being loaded over the top of the forum. Friggin script kiddies.

                Comment


                • #9
                  Always remember, nobody has the technology to hack into points and condensors.

                  Comment


                  • #10
                    Alrighty, then. (^_^)

                    How noice that the hacker(s) thought the site had info of such VALUE to be wurth the effort. ( ◜◡‾)

                    As in "Yur info/data is now MOINE!!!" Ψ(`_´ # )↝

                    And imma thimkin he/she/they/them (????) wasn't talkin' bout valuable info like how impor'unt it is to know that iffin' if you own a Special and you don't get the huge air bubble outta the front MC right at the Banjo bolt? Bleeding the fluid out at the calipers themselves will NEVER get rid of the squishy/spongey feelz in the brake lever. (>д<)

                    Mostily, they be after the data of the members. Mostily..... (´;︵;`)

                    Date of birth, Occupation, Where you live, and email address. Stuff they can sell to the dork web, right? (O_o)

                    Which is why most of those data fields on my account/profile here are either blank or have random info. ( ・ิ⌣・ิ)

                    The email address? That's real but it's a YAHOO account with no contacts, no folders, no bounty of OTHER email addresses I've been communicating with. So even if the hackers brute forced muh passwurd? They'd get Nuthin fOaR it on the dork web. (/¯◡ ‿ ◡)/¯

                    Even wurse fOaR the hacker, Yahoo itself has had data breaches so the data ON there is already OUT there. Hacker can't be the foist to offer "my" info to the highest bidder. Checked it muhself on https://haveibeenpwned.com/.

                    Well....there IS one and only one personal folder on my Yahoo email labeled, "Eyes-Only". Inside is a draft with this attachment-

                    Click image for larger version

Name:	hang in there.jpg
Views:	90
Size:	85.5 KB
ID:	880713

                    No Cheeze fOaR this hacker rat at the end of the maze. (┛ಠДಠ)┛彡┻━┻

                    Sorry...not sorry. (☛´∀`*)☛

                    Comment


                    • #11
                      OOPSEY!! ( ⊙Д⊙)

                      BefOaR I forget.... (「 ⊙Д⊙)「

                      Just as an added measure of protection on MY end Imma doin' THIS-

                      https://xs11-club.translate.goog/?_x..._x_tr_pto=wapp

                      Instead'a the usual way of viewing this site directly thru the std URL most everybody uses, from now on Imma using Google Translate to look at the site fOaR me. (゜-゜)

                      Not viewing the actual real site but rather a "cached" version stored on the google search engine. Comfused? (O_o)7

                      Mansplanation here-

                      A cached page is a web page that has been saved by a search engine on its servers or by a user's browser on a computer or smartphone. Search engines cache pages to allow access to them even when the website's server is not accessible.

                      NOT the actual website here and just a "Read-Only" version. Y'know, look but don't touch kinda thing? (º~º)

                      Bonus is that iffin' the site here is hacked/spoofed/phished where the hacker wants to get yur IP address and attack you directly? ƪ(`▿▿▿▿´ƪ )

                      IP points back to google itself. Let him/her/they/them deal wit THAT. ヾ(´¬`)ノ

                      Sigh...reminds me of the shenanigans I had to deal wit on the old dot com site.....(´,_ゝ`)

                      Comment


                      • #12
                        Getting yourself a good firewall goes a long way. I use a Fortigate for my home network.... but I am a network engineer by profession haha.

                        Comment


                        • #13
                          Thanks for fixing the site and get it working again. Too bad that someone from my country spoilt it for you...
                          XS1100 3X0 '82 restomod, 2H9 '78 chain drive racer, 3H3 '79 customized.
                          MV Agusta Brutale 910R '06.
                          Triumph 1200 Speed Trophy '91, Triumph 1200 '93.
                          Z1 '73 restomod, Z1A '74 yellow/green, KZ900 A4 '76 green.
                          Yamaha MT-09 Tracer '15 grey.
                          Kawasaki Z1300 DFI '84 modified, red.

                          Comment


                          • #14
                            Mathh, bad guys are from every country. I've been to Hilversum for work, so I do know that like most countries people there are good. If people want to hack a site, they should focus on political sites, as they are full of lies most of the time.
                            Ray Matteis
                            KE6NHG
                            XS1100 E '78 (winter project)
                            XS1100 SF Bob Jones worked on it!

                            Comment


                            • #15
                              Good job Nezzer and site-team. Too much negative energy out there.
                              Skids (Sid Hansen)

                              Down to one 1978 E. Stock air box with K&N filter, 81H pipes and carbs, 8500 feet elevation.

                              Comment

                              Working...
                              X