Boards.ie Attack - What Happened? Please post all questions here.

smashey

harveyd225 wrote: »

Congrats job well done do you know how long till adverts is back working:cool:

See my post re adverts here.

DenMan

Well done guys on getting the site back up and running. It is greatly appreciated. Well done again.

Master-Geek

royan wrote: »

Full disclosure of the finer details may not be in everyone's interest - there may be weaknesses in vBulletin itself which should be propagated upstream - and there's an ongoing investigation anyway. There's likely to be false leads, you want them to report on those before they find they're false? (It was China, of course. Google was just the warm-up for this.)

One thing's for sure, the more time Conor & co spend answering these calls, the less they'll have for actually digging up answers.

Everyone's interest is not the point. Information is. If vbulletin does have the weakness, a linear attack would have occurred. It's open sourced after all! Sure why not attack vbulletin.or to prove the point :):):) >.<

There's likely to be false leads, you want them to report on those before they find they're false?

That's what the Gardai does best, surprised they can use a computer. nOOb

Ziycon

Just curious, as the site is hosted by Digiweb was their datacentre breached as well or have you got the servers elsewhere?

Kopdave

guys whenowhen is adds back up ???????? Any time frame at all yet???????:eek:

Master-Geek

Ziycon wrote: »

Just curious, as the site is hosted by Digiweb was their datacentre breached as well or have you got the servers elsewhere?

Highly unlikely that digiweb was breached. The forum Been on a dedicated service, nope. It was a client side interface breach.

Slidey

Kopdave wrote: »

guys whenowhen is adds back up ???????? Any time frame at all yet???????:eek:

smashey wrote: »

See my post re adverts here.

Look up.

Conor

Master-Geek wrote: »

If vbulletin does have the weakness, a linear attack would have occurred. It's open sourced after all!

vBulletin is not open source.

Master-Geek wrote: »

That's what the Gardai does best, surprised they can use a computer. nOOb

So far, my experience of the Garda computer crime people has been very positive.

Conor

Ziycon wrote: »

Just curious, as the site is hosted by Digiweb was their datacentre breached as well or have you got the servers elsewhere?

No, neither Digiweb nor the other boards.ie machines in our cabinet were affected.

Master-Geek

Conor wrote: »

vBulletin is not open source.



So far, my experience of the Garda computer crime people has been very positive.

Vbulletin's code source, is open sourced. It is not closed (aka, encrypted by Zend)

leninbenjamin

Conor wrote: »

Yes. It would be wild speculation.

It's much too early to tell.

Can we expect any statements about this in the near future, will public disclosure be an option down the line? Or will it be a case of having to wait until any arrests/charges brought?

Ziycon

Conor wrote: »

No, neither Digiweb nor the other boards.ie machines in our cabinet were affected.

Coolio

Master-Geek

Ziycon wrote: »

They where able to dump data from the database which would require access to the server itself which in turn would mean they would have access inside the network.

Yeah, but the DUMP file would have to be downloaded remotely, can understand the DUMP speeds from local perspective.

Conor

Master-Geek wrote: »

Vbulletin's code source, is open sourced. It is not closed (aka, encrypted by Zend)

Please read and understand this: http://en.wikipedia.org/wiki/Open_source_software

Conor

leninbenjamin wrote: »

Can we expect any statements about this in the near future, will public disclosure be an option down the line? Or will it be a case of having to wait until any arrests/charges brought?

I'm certainly going to wait until the Gardai get a bit further with their investigation before releasing any significant details. We'll see how far they get and decide then.

Conor

Master-Geek wrote: »

Yeah, but the DUMP file would have to be downloaded remotely, can understand the DUMP speeds from local perspective.

They didn't get the whole database, just a portion of it which was only a few tens of megabytes.

There is a possibility that they didn't manage to download it all, but we have to assume that they did.

EDIT, to clarify:

There is a possibility that they failed to download all of the portion which they accessed. The most that they could have accessed was a small portion of the database and they may not have got all of that.

Sorry, had been rewording vigorously and may have caused confusion.

Our man in Havana

Conor wrote: »

They didn't get the whole database, just a portion of it which was only a few tens of megabytes.

There is a possibility that they didn't manage to download it all, but we have to assume that they did.

EDIT, to clarify:

There is a possibility that they failed to download all of the portion which they accessed. The most that they could have accessed was a small portion of the database and they may not have got all of that.

Sorry, had been rewording vigorously and may have caused confusion.

Indeed.

Hope for the best and prepare for the worst.

cornbb

Thanks for offering us the opportunity to ask questions, here are a few:

- How many people had access to the password that was comprimised? i.e. how many people had access to the root password for the servers, for reading the database etc, as opposed to just having admin control panel logins?
- What measures do you plan on taking to prevent this from happening again?

Cheers, and kudos for all the hard work.

Conor

cornbb wrote: »

- How many people had access to the password that was comprimised?

1

cornbb wrote: »

i.e. how many people had access to the root password for the servers,

2, and no server passwords were compromised.

cornbb wrote: »

for reading the database etc

2

cornbb wrote: »

, as opposed to just having admin control panel logins?

It was an admin control panel password that was compromised.

cornbb wrote: »

- What measures do you plan on taking to prevent this from happening again?

Several, but these will be discussed in the fullness of time. Not until I get initial feedback from the Gardai anyway.

cornbb

Thanks Conor!

copacetic

Conor wrote: »

It was an admin control panel password that was compromised.

It couldn't have been brute force? Was it guessing or dictionary attack?

marco_polo

Master-Geek wrote: »

Vbulletin's code source, is open sourced. It is not closed (aka, encrypted by Zend)

Its code can be viewed openly, however vBulletin is licensed software which you have to pay to use. As you are not allowed to redistribute the software/code (modified or unmodified) in any way it cannot be considered open source.

Conor

copacetic wrote: »

It couldn't have been brute force? Was it guessing or dictionary attack?

I'd prefer not to go into details on this yet, but the password was relatively strong. A guessing/dictionary attack is quite unlikely to have succeeded on it given the rate-limiting in vBulletin.

natat

Thanks Lads and Ladies of Boards.ie

Any Idea when adverts will be back up and Running?

Natat

Saibh

natat wrote: »

Thanks Lads and Ladies of Boards.ie

Any Idea when adverts will be back up and Running?

Natat

Information in this post

TXCork

Excellently handled!!:D

Pittens

Anybody seeing spam they haven't seen before, then?

I suspect this was an attempt to get emails rather than passwords.

Richersounds.ie: John

To all at Boards,

Guys thanks for all the hard work getting the site back up - it was awful yesterday - we actually had to serve real Customers rather than just chat with Boardies!

Again thanks for all the sweat & slog - it's great to see you back,

ATB,

John Mc & Crew

Darragh

Thanks very much John - appreciate the support

copacetic

Conor wrote: »

I'd prefer not to go into details on this yet, but the password was relatively strong. A guessing/dictionary attack is quite unlikely to have succeeded on it given the rate-limiting in vBulletin.

interesting, that tells a fair bit, I'll make my own wild assumptions!