Malware Attack

On Thur/Fri? we got wind of the issue showing up on Internet Explorer, but IE didn't tell us anything. As far as we know, the 'reported attack' was someone pissed at us or just being a dbag. Since it wasn't happening on other browsers, we took a wait and see approach.

On Monday, we got it on Firefox, but FF uses Google to assist with that. So, combined with that info and Webmaster Tools, we were able to figure out why we were and what to look for. Sometime later that day, we found a shell script buried deep within the site that gave the hacker access. What the hacker did was to rewrite a couple files to include a redirect to a pharmaceutical site (which was safe, but just assholish) and another redirect to a site that if you downloaded the file, would install Malware. Just hitting the site, to my knowledge, would not harm you. It was the link to that site that made us guilty by proxy and the cause for the security warnings.

There was nothing intentional there because the least we would want to do is stop traffic and revenue to our site.

Once we cleaned the code, Google allowed us back.

How did the hacker do it? Don't know.
My conjecture was that it was through OwnerOperatorJobs and that there is a security vulnerability somewhere in the code that allowed the hacker to get their script on to the site. We're going to check through the forms and such to make sure it is clean, but since we didn't code it, we'll have to do a complete code review at some point to find it.
Once they were on the system, some of the same files are used on CAD and OOJ and that is why it affected this site.

VBulletin also has some vulnerabilities, but it does not appear to have been done via that.

Our network team was provided the code, so they will be checking for some signatures in it to assist in detection and isolation if it happens again.

That's pretty much all I got.

 

Thanks for treating us with some respect, and offering an explanation.
MikeSims you are a gentleman, and thanks to GILBOLA for taking the time to level with us.

We understand the corporate mind and methodology. That's why we loved the family operation of Jeff and Lucinda, who made this site great.

I am fed up with the past treatment, but impressed with how you offer consideration. Again, thank you.

I'd rather pay a membership fee, and do away with all this advertisement. I don't know the consensus with other members here.
That way...even the moderator staff can make a few pesos to pay for the Eye Doctor visit and Rolaids.

Different levels of privilege....
Basic free membership
Gold membership
Platinum membership

-------- edit
Ya know what...it just dawned on me. Ever since IB came along and screwed CAD to hell and gone, the regular membership here dropped by about I don't know...a lot.
The paid membership would never work now. You only have about a couple dozen regular posters.
Of course the Industry has slowed down, but I see pretty good activity at some competitors in comparison, who we use to rival.

Boy am I reminded now of how rotten IB was to us when they first took over CAD.
Some memories were funny though. Like the mass banning! ... I had to email 300 members or more to tell them sorry... it wasn't me! LOL

 

That "mass banning" had me off the site for about 6 months or more. I finally came back with a different screen name. I thought of it as being a bit more than a simple "hick up".

 

I hear ya Windy!
There were a lot of pissed off drivers... and the mod staff took all the heat, who had nothing to do with it. People hated the change from phpBB to v.B let alone the complete without warning FUBAR. The mod staff was even treated worse than the general population.

I was throwing beer bottles and breaking furniture in the Moose Lodge using my best French Canadian on the IB jerkoffs for weeks.

I know these IB guys want to make a wage... just keep in mind all the work the day to day mod staff does for free.

:bow: God help whomever replaces Twilight.

 

We lost a lot of members with the change over after IB bought the site. It was a challenging time. I am not sure that we have regained the momentum since that happened. People don't want to be inconvenienced. Most are too busy working to spend much time trying to work through website problems. Thanks for explaining things, Mike.

 

It's been pretty obvious, there have not been as many active members on here ever since the change over. Sure, it's active, but not like it was before. And, it seems the activity is dwindling slowly. I do not expect it to be a viable site for that much longer.

 

That goes for me too. Thank you, Mike.
I have no idea what you said :lol2:, but it sounds like you got the problem fixed. :thumbsup:

Were yall able to find the hacker? Even the hackers leave a trail. They can't cloud all of their tracks.

From reading Mike's post, it sounded as if the hacker was doing this as a personal attack at CAD. Reckon someone did this due to being banned? Who did yall ban?? Wonder who it could have been?

On a serious note - .. I use Windows Internet Explorer. I tried Firefox one time, but I guess I'm old fashioned. I didn't care too much for the Firefox. Maybe it was the 'change'.

 

i am a mac and i love it. when it came time to buy a new laptop, i gave my husband the choice, mac or pc. he was always complaining how the pc was always crashing or something. it took a bit of getting used to, but no regrets about spending the money. my daughter has a netbook. i had to tell to be very careful about the websites she visits because of the viruses. once a virus hits a pc, it seems you are never truly rid of it.

 

I admit it, it was me. I stepped down as admin to throw the dogs off the scent trail. :P

 

Dunno, the statement that there wasn't anything to it may not be accurate. The night I posted in this thread my computer sent email to everyone in my mailing list to of all things, a pharmaceutical companies website. Seems there may be something there!!! Several Norton scans have revealed nothing but I am a bit worried. If it sends another tonight, I will know it had to be this board.

Hope not!! I enjoy the company too much to leave!