Help us deal with this hacker!
October 13, 2004 7:57 PM Subscribe
S.O.S. We're being hacked! I run a small community website and somebody is trying to hack our VBulletin-powered forum. So far our passwords and usernames have been tampered with. How do we prevent this bastard from messing up years of dedicated volunteer work? Can we trace who the offender is? Any strategies in dealing with his demented mind? Its depressing/ I'm taking this personally. After years of thankless effort this is what my partners and I get. Please help.
Everything does indeed depend on the answer to the first question. If it's your server, take the usual post-compromise steps: shut down the server's access to the outside world, rifle the access logs for IPs, blackhole them on the router or firewall, make a backup, nuke the server down to a blank drive, reinstall the OS, web server and application server, patch any vulnerability used to compromise the system, then restore all the known-good data. Because accounts were compromised, you'll probably want to start the account database from scratch, presumably with a stronger password policy that leaves you less open to brute force attack.
If it's not your server, you call whoever runs it for you and ask them for help. That's what you're paying them for.
posted by majick at 11:37 PM on October 13, 2004
If it's not your server, you call whoever runs it for you and ask them for help. That's what you're paying them for.
posted by majick at 11:37 PM on October 13, 2004
I'm just curious...do you think it's someone here (as you're anonymous?)
posted by filmgeek at 7:48 AM on October 14, 2004
posted by filmgeek at 7:48 AM on October 14, 2004
Ah, the major problem with anon posting right now: being able to reply to questions...
posted by jmd82 at 8:58 AM on October 14, 2004
posted by jmd82 at 8:58 AM on October 14, 2004
Perhaps they just don't want it to be known their website has been compromised. Come to think of it, are we really really sure metafilter isn't running on a themed version of VBulletin?
posted by fvw at 10:34 AM on October 14, 2004
posted by fvw at 10:34 AM on October 14, 2004
no fvw, i'm pretty sure vbulletin is a lot more stable than metafilter.
posted by bob sarabia at 6:36 PM on October 14, 2004
posted by bob sarabia at 6:36 PM on October 14, 2004
This thread is closed to new comments.
* If possible, shut down the forum IMMEDIATELY--backup and remove the site & database, or preferrably just rename the directory it's in temporarily.
* Any other help I can think of relies a whole lot on the answer to the first question.
posted by cyrusdogstar at 8:13 PM on October 13, 2004