Boards.ie Attack - What Happened? Please post all questions here.

rusty999

why am I unable to access adverts .ie yet theres no problem with Boards.ie?

Thanx
Rusty

partyatmygaff

rusty999 wrote: »

why am I unable to access adverts .ie yet theres no problem with Boards.ie?

Thanx
Rusty

It's still being worked on afaik.

Steve

Master-Geek wrote: »

Why hasn't their been a technical thread about the more technical specifics? As it all sounds very quick to judge.
Like the proxy the cracker(not hacker, it's an insult) would have used. And was their anti-proxy methods for the admin directory, Was the code injected via vBulletin's template engine, was the DUMP downloaded via phpAdmin, which admin account was SNIFFED, how come htaccess was not in place to ensure optimal security with access to the admin directory of vBulletin?(http://www.boards.ie/vbulletin/admincp/)
I'm taking a guess, but the database must be quite large. And a two minute window for the DUMP and download to occur. So IF the cracker was international (most likely not, probably falsified headers). 2 minutes is a very short time for DUMP and download to be accomplished.

I'm sure Conor will publish a full report into how exactly one can crack boards and what all the weaknesses are in due course..

Overheal wrote: »

NO.

Now I know we all spent the last 2 days learning how to Tweet but Ill be damned if I start seeing it here :cool:

Tweet? what's tweet?

Conor

Master-Geek wrote: »

Why hasn't their been a technical thread about the more technical specifics?

As a practical matter, the only people who know the details are myself, Ross and the Gardai. None of us have had the time to do that.

Master-Geek wrote: »

As it all sounds very quick to judge.
Like the proxy the cracker(not hacker, it's an insult) would have used. And was their anti-proxy methods for the admin directory, Was the code injected via vBulletin's template engine, was the DUMP downloaded via phpAdmin, which admin account was SNIFFED, how come htaccess was not in place to ensure optimal security with access to the admin directory of vBulletin?(http://www.boards.ie/vbulletin/admincp/)
I'm taking a guess, but the database must be quite large. And a two minute window for the DUMP and download to occur. So IF the cracker was international (most likely not, probably falsified headers). 2 minutes is a very short time for DUMP and download to be accomplished.

It's much too soon to be publishing details. There's a Garda investigation and our own, internal, thorough investigation to be done first. Then, whatever details are appropriate to be released will be.

dingding

Well done on getting the site back, for the communication, and all the hard work.

johnny_ultimate

Thanks for all the info, hallowed members of boards HQ

Was nice to be able to follow what was going on (even if I had to go onto Twitter, although I still won't join ) and fair play for keeping the members up to date on happenings.

Most importantly we all learned something about ourselves: specifically, that fresh air, while mildly pleasant, is a poor substitute for boards.ie.

hinault

This may sound like a stupid question - but indulge me please.

Do we know who/why the site was attacked?

Presumably it was a malicious attack - one would wonder at the motive.
Was it to an attempt to access confidential information?
Was it just a prank?

Well done on keeping us all informed and the prompt return to service.

The Paws

Well done everyone for getting this back on again - like everyone I was heart broken when I heard this was "attacked" for 24hrs! I couldnt wait to see the usual carry on here!!
also what happened?

Carsinian Thau

Well done on handling this whole thing. You did brilliantly.


Also, Welcome Back!!!!! I missed you!:D:D:D:D

Daemos

rusty999 wrote: »

why am I unable to access adverts .ie yet theres no problem with Boards.ie?

Thanx
Rusty

See smashey's reply here

runswithascript

How as the administrative account compromised?

NTMK

Well done lads ye deserve a break after the last two days. most other sites with bigger would be down for much longer

old_aussie

Welcome back boards.ie.

Downtime was not wasted, as the whole family went out and gathered dry firewood and found a good size stake.

The firewood and stake will be necessary to complete the envisaged witch hunt, which I imagine is about to begin at any moment.

Thanks

muffler

Judgement Day wrote: »

OK so Pissed_Off has gone away for good but I'm still rather p.....off and it really does make me wonder about whether it is wise to continue to participate in message board type forums - as it is we have to use pseudonyms to prevent Whackos on the Boards from targeting us. Obviously we have to be careful about passwords but there is a limit to how many different ones you can have without total confusion and I would have expected the Boards to be better protected against hackers. In common with many others, I'm sure, I had to change email passwords on gmail/hotmail/yahoo accounts, on eBay/PayPal accounts and on blogs etc. That is not because they all had the same password but just to cover any possible cross referencing by the hackers. I accept that this is because I am a technophobe but there you have it and I really do appreciate the good unpaid work that the Mods and others do.

What can I say other than never look up to the heavens again................cause a bird just might shit in your eye

CrazyRabbit

hinault wrote: »

This may sound like a stupid question - but indulge me please.

Do we know who/why the site was attacked?

Presumably it was a malicious attack - one would wonder at the motive.
Was it to an attempt to access confidential information?
Was it just a prank?

Well done on keeping us all informed and the prompt return to service.

1. To harvest and sell the email addresses to spammers.

2. A person/group out to 'prove' their skills.

3. Someone with a severe disliking of boards.ie or its staff.

Tigger

LA3G wrote: »

How as the administrative account compromised?

the password was apparently password

schoolboy error

Spiritine

Tigger wrote: »

the password was apparently password

schoolboy error

i find it hard to believe that someone with access to the database would use such a simple password for such a massive site

Nice job on the informing everyone bit, very professional

nesf

Murray135 wrote: »

i find it hard to believe that someone with access to the database would use such a simple password for such a massive site

One assumes Tigger was pulling the piss.

Ruu_Old

Tigger wrote: »

the password was apparently password

schoolboy error

Nope, I heard it was actually 'god'. Hehehehe.

wil

Murray135 wrote: »

i find it hard to believe that someone with access to the database would use such a simple password for such a massive site

Nice job on the informing everyone bit, very professional

I'm sure tis all right. Real hackers would never read this far down.;)

Well done all on the way ye dealt with it, somewhat better than the previous similar event on another site last year.
I'm not impressed that goooogle is still caching that list a year on.:(
Lets hope your list doesnt appear likewise:eek:

Pittens

1. To harvest and sell the email addresses to spammers.

On that subject, I use an alias for this account - my email provider allows me 5 and I cycle through them specifically to avoid spam ( for instance: from commenting online). The one I use here has not been used anywhere else and it does not seem to be compromised - no spam yet.

K-9

anniehoo1 wrote: »

God i missed yas!Welcome back. Was strangely proud when i heard boards mentioned on the news

Cant get access to my original email account so had to reregister!I used the same password for that as on here..:( I cant open any mails in my inbox at all.Hopefully its just my laptop acting funny.

If you can get into your email account you should be able to go to settings or my account, or similar and edit your password there.

Hotmail, yahoo and GMail etc. get hacked regularly. If you use GMail make sure you use the https connection under settings, though I believe they are making that automatic.

Gatling

i Blame the Chinese:eek:
Excellent job in shutting down and getting all this sorted,
now i have a twitter account hmmmm

Thanks to all involved in running the show

wil

anniehoo1 wrote: »

Cant get access to my original email account so had to reregister!I used the same password for that as on here..:( I cant open any mails in my inbox at all.Hopefully its just my laptop acting funny.

If you had any financial stuff linked to or listed in that email address I'd change those details immediately.
Never a good idea to use the same password across different sites. Where once you were told never to write down passwords, it's probably considerably safer to write down several different strong difficult to remember passwords than to use one easy to remember pw everywhere.

James T Kirk

Kudos to Boards.ie HQ! Now to find the culprits and go Steven Seagal on their ass. :pac:

xoxyx

Go boards. It's your birthday. Party like, it's your birthday.
Well, you've been rebirthed, so it could count as a birthday.
What I'm trying to say is - I'm so glad you're back safe!! xx

Magenta

Overheal wrote: »

Thank God - my caffeine-free solidarity is over. I had already fallen off my chair in Work.

I don't know if this was already posted but BBC News have quoted you!!!

http://news.bbc.co.uk/2/hi/uk_news/northern_ireland/8476259.stm

Spiritoftheseventies

can we assume at this stage there was more than one person involved in this attack on the boards?

redman

Thanks Guys, well done and good to have you back

angel01

Well done on getting the site back so fast! you kept us all informed & did a brilliant job.