DNF Hacked

[pertosda]

DN Forum hacked???

Have you seen this?

http://www.DNF

Wow, Im shocked!

 

[TheWatcher]

DNF
Just Got HACKED?
I just spend $50 for platinum membership

They need to improve their security. Slap in the face. This is not the first time.

They have to disclose also the way the hacker penetrated their server. So other community will be able to minimize the risk.

Good luck.

 

[Hemisphere]

Well if Bush and Blair get there way this little pathetic Hacker may be running down the street burning one day soon. Sorry but people like this sicken me they have cost me thousands in business upgrades over the years.

Why would you say someting like that?

 

[Mr. Deleted]

I certainly hope Adam has an off-server backup. Nothing worse than a sysadmin that doesn't back up to a secondary server.

Labrocca, Adam always does a backup. One day I get repley notice to a thread in exclusive, and when I checked it, the last repley was impact admin, posting test, but it was on DNF/vb, so I posted yes it worked, but what is this about DNF/vb, and then a few minutes later, Hanna IMed me on msn, and told me she was working on a test. I asked why was the post in the real tread not showing her post, and she said it was cause it was a day old database she was useing for this test. So I really do not think there will be a whole lot of data loss, but I would ofcourse change my pass once it goes back online. My pass there is unlike any other sites, even though it is not a hard password. So for myself, I am not worried about it so much.

As for claims that the cracker is going to be an admin or Mod, that would not work, and everyone knows that.

 

[gatorgrad]

I guess i'll chalk this up as another of my learning experiences....

I love DNF and am an exclusive member over there for the simple reason is that I'm fairly new to the domain game (started 15 months ago) and DNF taught me almost everything I know. Sort of like your first girlfriend I guess.

My lesson today is to be more active in multiple forums, cause with dnf down today I've got little to nothing accomplished. That being said, I'm sure adam will get this straighten out soon and I figure we'll see some major security upgrades there shortly.

 

[ashaw]

When we were speaking with the hacker on the "message board" he was saying that he wouldnt come back and hack if the admins payed him 3,000 USD. He said nothing about giving controls back, as even he knew it wouldnt be the slightest fight to do that. Regardless, techs are working on restoring the site, it should be back up within the next 12 hours.

 

[VirtualT]

I can get to my PM's on DNF now

Well I managed to login for long enough to download all my PM's, seems to be as I left it, but its down again now, database error

 

[TheWatcher]

Step to follow:
- Buy new server
- Install the latest security patch
- Install the forum script
- install members profile, reset all password by default.
- Ask members to email their password.
- back in business.

You're back in less than 8 hours.

My 2 cent.

 

[Domagon]

Firstly, "hacker" verse "cracker" - technically, there is a distinction between the two terms, but as language usage changes so do meanings of things, especially when the original meaning was obscure to the bulk of the populace ... bottom line is that the layperson associates "hacker" with bad stuff - that won't change ... that debate is water under the bridge now.

Secondly, the "hacker", "cracker", or whatever term one wishes to use could easily be age 16 and Iranian or whatever - taking down websites literally is childs play due to all the free / inexpensive hacking tools available - many are as easy as point and click.

Ron

 

[DN Tycoon]

Step to follow:
- Buy new server
- Install the latest security patch
- Install the forum script
- install members profile, reset all password by default.
- Ask members to email their password.
- back in business.

You're back in less than 8 hours.

My 2 cent.

Somewhere in there you forgot to order pizza....any geek knows that :gl:

 

[TheWatcher]

Somewhere in there you forgot to order pizza....any geek knows that :gl:

LOL

 

[denny007]

Step to follow:
- Buy new server
- Install the latest security patch
- Install the forum script
- install members profile, reset all password by default.
- Ask members to email their password.
- back in business.

You're back in less than 8 hours.

My 2 cent.

If there exist a good backup

And do NOT use microsoft server, even Linux is not save anymore, use Freebsd or Solaris.

 

[Domagon]

And forgot the part about doing a security review of the underlying operating system itself being used, evaluating the server(s) configuration, services installed / running, checking the security of all vbulletin plug-ins / script modifications, verifying the data (ie. board db), etc ... the list goes on and on...

The more popular a website is, the less room for error - the stakes are much higher requiring a more in-depth recovery process beyond simple reinstalling ... if even one little detail is missed, problems could easily happen all over again.

Ron

 

[gatorgrad]

Step to follow:
- Buy new server
- Install the latest security patch
- Install the forum script
- install members profile, reset all password by default.
- Ask members to email their password.
- back in business.

You're back in less than 8 hours.

My 2 cent.

honestly though if you knew dnf just got hacked today and you see and email in your inbox allegedly from dnf asking for your password are you going to respond??

 

[TheWatcher]

honestly though if you knew dnf just got hacked today and you see and email in your inbox allegedly from dnf asking for your password are you going to respond??

Nope, will forward to FBI right away.

 

[lau]

Use Freebsd or Solaris.

:lol: Right,I agree your point.

 

[VirtualT]

:lol: Right,I agree your point.

why? All this stuff is in userspace anyway!

 

[labrocca]

If there exist a good backup

And do NOT use microsoft server, even Linux is not save anymore, use Freebsd or Solaris.

FreeBSD for sure. I haven't been exploited or hacked in about 3 years now since I moved to BSD. Of course I am more careful but BSD is more secure by default.

I agree that he should be up by now if he had a complete backup. They could simply be busy though over at TRAFFIC. I am pretty sure that from nothing you could have a functioning server with the site back up in 6-10 hours if a competent sysadmin was handling this.

 

[gatorgrad]

seems as though they're still battling a bit with the hacker/cracker.... Just a few minutes ago homepage showed a message "I cannot access the database"

and now it's back to the "DNF will be back soon."

 

[denny007]

why? All this stuff is in userspace anyway!

Only small percentage of servers in the world is running Freebsd, even less is running Solaris. So it is for a hacker uneconomical to search exploits for it. I.e. there does not exist any rootkit for BSD or Solaris (afaik).

 

[VirtualT]

Only small percentage of servers in the world is running Freebsd, even less is running Solaris. So it is for a hacker uneconomical to search exploits for it. I.e. there does not exist any rootkit for BSD or Solaris (afaik).

its more likely that the cracker used a php exploit rather than a remote kernel vulnerability