IMOC Status
From the desk of Speedy..
Morning / Afternoon / Evening, IMOC person. It would seem that some clowns/pond scum decided it would be fun to pick on us again, and have scrawled their nonsense over the site, and probably into your inbox..
This will cause some downtime while I clear the mess up, and find out what exploit in phpBB was used for them to do this. If you are a moderator / committee person, I will be resetting all of your passwords, and you will be informed about them in due course. I will be at work for today, and unavoidably out until later this evening. When I’m back, I’ll get my web-broom out and start clearing up the mess.
You are of course welcome to post your comments below, please be advised that comments on Luckymonkey are moderated before they go live.
(Added - If you have got an email from the IMOC site, please just delete it, and don’t reply to it. Clearly, we are aware of what has happened, and flooding the admin team with a bazillion emails will not help us get it sorted any faster.
Thankyou)
![Joshua Allen [msft]'s Gravatar](http://www.gravatar.com/avatar.php?gravatar_id=c732e6f103b9798375ba072c850d94ea&size=24&default=http://www.luckymonkey.co.uk/wp-content/themes/dark/images/default_24.gif){kind=small}
Bugger ! We occasionally get these tossers attacking our websites over here too. You think they’d get a life, eh ?
Hi I need to get into my private message to retrieve an address to post goods too? my user id is lecutusuk the sale was for mt90
Sorry - you won’t be able to get into your PM’s until the site is back up.
We *might* have to revert to a previous backup of the site database, which will effectivley roll the site back in time a little way, in which case, the PM you are after might have to be sent again.
Yeah, a right pain in the ass these losers, wish their get a life!
If you need any help mate sorting the site out and finding and secure vulnerabilities just let me know and Ill be happy to help.
Im a sensior web developer and imoc has done a lot to help me with my car, so now I think its about time I did something to help out imoc!
Anyway, good luck!
OH No! - what am i going to do at work now !?
good luck Alex on the cleanup.
Sorry to hear you got hacked. Your best move is to hand over any evidence of the attack to the police. Ultimate revenge on script kiddies (ie they just run scripts and pretend to be proper hackers because they daren’t attack the big boys… government computers, banks, military systems) is when they are playing pick-up-soap in prison.
To the tossers who attacked our forums again….
While you were busy hacking our forums… I was with your mothers drinking wine… and you can imagine the rest
Hope you get the ship back up soon lads.
I’m curious what personal details will have been comrpomised during this attack ?
Cheers,
- Jamie
Man that sucks. If we can be of any help, just shout.
Good luck with it! How old are the back ups you have? And did you store the passwords crypted or not?
Q : I’m curious what personal details will have been comrpomised during this attack ?
A : Only whatever you have told the IMOC site. I would guess that means email address & name, assuming they took that information (and I’m not sure they did)
Q : And did you store the passwords crypted
- Yes, phpBB crypts the passwords.
A : Even though you’ve started a sentence with a capital And, I’ll answer it anyway
Grrrhhh…need to post Chris’s carbon light covers today and retrieve his address..hey ho! Meantime numbnuts-donkey-konks-hackers we are going to whip your arse!…grh! LOL!!! Strange days!
Hope it all works out to plan best of luck!Have a good day!
Best Regards,
Hi guys, just got a spammy mail so looked up imoc to see what’s up.
Are you guys ok for bandwidth on this page? If not please feel free to use our japchat forum until you get imoc up and running.
Hope you get this sorted soon chaps.
Gazboy
Booooooo!!! I’m going to have to do some work now! Hope it’s back up and running soon
I received my email this morning from the so called hacker, you have my best wishes and good luck in recovering the site.
Good luck getting the site back up!
[quote=”CosmosblueMR2″]OH No! - what am i going to do at work now !?[/quote]
Er… work? I’m in the same boat actually, don’t tell me I’ll have to go over to the OC!!!!!!!!!!!!!!!
What a bunch of scrotes eh?
Good luck with getting all the jam and custard back in. Hopefully a stronger sponge recipe will stop it from dribbling out again!
What a bunch of minging wankers!
If it was a phpBB exploit it was almost certainly sql injection. If you do ever go back through the access logs and find it, please make sure it gets reported to the developers
You might want to take a look at mod_security for apache, but it would depend heavily on your hosting provider as to whether you could use it!
Good luck - I’ve had to clean up after exploits before and it’s never fun.
who needs IMOC - this is off topic right here ! hehe.. now then - how can we drag this one into the gutter also ? cooo-ey ! Mr Shibby ! tee-hee. Good luck again Alex, you do a great job.
one word………cnuts!
I assume the site will be loaded back from yesturdays tapes so that we don’t lose all our posts right…?
Hope you get the mess sorted, i was suspicious something was going on when i recieved an email saying “your forum has been OWNED”
F***Kin C**nt
Well if we are going ‘off topic’, the reason the site won’t be up til much much later is because the speedy and I will be going to a lecture at Cov uni “Racing tyres - fundamental characteristics and practical testing methods” which is being given by someone from Dunlop Motorsport.
Could be interesting.. 7pm start at the Allan Berry building - free to attend, and you don’t have to be an IMechE member. http://nearyou.imeche.org.uk/events/event.htm?eID=1317
Hmm I baked a yule tide chocolate log on the weekend if this can be used to assist in either mending the site or indeed beating the culprits with please let me know.
Nooooo… No IMOC!!!
And I received two PMs last night at 9 that I’ll probably now never see or know who they came from. Oh well…
Some hacker somewhere deserves a good ass whooping… Got nothing better to do with their time?!?
I personally think it was the ugliness of Laurens new car that caused the site to crash, not all these alligations of hackers….
Good luck fixing the site chaps!
Morons do this kind of thing because its the only thing they have in their sad lives.
aunts!
oh well, guess I’ll be joiing the rest of you in doing some work today. that sucks.
Q : I assume the site will be loaded back from yesturdays tapes so that we don’t lose all our posts right…?
A : We do make regular MySQL backups, although they aren’t stored on C60s. I’ll be looking at the backups, although ideally, i’ll be restoring the database as of now, i’ll have to see when I get my hands on it.
Thankyou for the comments
I noticed it was out this morning. It’s a shame folk have nothing better to do than be a pain in the ass and do such petty childish damage.
…Good luck sorting it out guys.
Richard
Update :
Thanks for the feedback folks - there are some really sad individuals out there that get kicks from defacing sites and causing more work for the admins.
I’ve worked out how they broke into the server and the fix we need to stop it happening again - it was via a SQL injection attack into a page into the Garage. The garage code I know has been through a security audit with the phpBB security team but this was missed. I’ve passed the details back so the Garage code can be updated on our site and other sites also using it.
The attack itself came from an IP address that is owned by RoadRunner / Time Warner cable and I have already followed this up with their Abuse department.
As the server is down, we will be taking the opportunity to do an upgrade of the OS on it - this will be done either late this afternoon or tomorrow morning by our Hosting provider.
Once this has been completed we will start to restore the site from backups we have.
So, the site should be back up for ~11pm Wedneday night, or before if things go smoothly.
Drat! The forums are down on this side of the pond as well. Imagine that.
Imagine me reading this thread and thinking “Hey, this happened on April 12th, too.”
All Wankers Must Die.
Just picking up on the Q about backups above …
Q : I assume the site will be loaded back from yesturdays tapes so that we don’t lose all our posts right…?
A #2 : Yes, we have daily backups. Unfortunately Tuesday’s database backup happened post-hack so isn’t any good, so we will be using the database backup taken at 4am on Monday morning.
The last file backup was on Thursday last week but that should only impact those who uploaded avatars - you will just need to upload them again.
What a downer
Message to Munnsy, Did you get my cheque this morning fella?
Good luck with the clean up Alex, If you need any help in anyway give us a shout.
Was a tad suspicious when i too received an e-mail saying a stupid comment like “your forum has been OWNED”. I need to book my car in somewhere for some work with an affiliate but no longer have a way to contact them, was going to use pm!
Some sad feckwit out there needs to get a life, get a girlfriend, etc.
Sorry to hear it guys, more work you could ill do without. Good luck on sorting it.
T
All our bases are belong to them.
:o(
What a load of wasters…good luck getting the site back up.
HAHAHAHA @ slarty
hang on… its missing some draven spam…
what am i supposed to do at college all day now? god dam them!!!
Argh!! First someone smashes my wingmirror off the n/a and now this, So I cant get my carbon rear centre panel panel for the tubby either. They want their fingers choppin off. :-/
Balls!
I like the new name though its kina funky “LuckyMonkey” the world famous MR2 owners club
Likewise, if you need a hand with anything give me a shout. 10 yrs of unix sysadmin should probably be put to good use at some point in my life
Alex, good luck mate!
Another msg to Munnsy, went to send cheque but I couldn’t retrieve your details from the PM you sent. I’ll get it out to ya as soon as IMOCs back up and running
I have done so much work today I feel dizzy.
Hope you get it back soon, It’s amazing how much you miss something when its gone .
See you all wednesday
Update #2
I’ve just completely shut the server down and it is back with the Hosting provider’s support team for an OS Upgrade to RHEL 5 Server.
If this work is done before the end of the working day today I start re-uploading the site again - there’s 2.3GB of data to shift so it will take a few hours to upload alone (!)
I’ve passed to Esmond the logs showing the hack and and it looks like someone introduced it 8 months ago into his source code (it was just two character changes) after the security audit with the phpBB.com team - looks like they’ve waited until now to use it. Devious b*ggers …
There’s a simple short-term fix we can use to get the site back up and Esmond will be producing a proper code fix shortly.
Also - thanks for the many offers of help to get the site back up.
Certainly will be following up on these
Its scum like this that mean we have stringent gun laws in this country!
The worst thing is, with no IMOC I have actually had to do some work!
Please sort the site soon!
gggrrrrr little toe rags want beating with a rubber pipe! Hope you don’t have too much work to get this place back up and running :-))
Update #3
The server rebuild is complete, the www.imoc.co.uk site is again redirecting back to here.
Currently I’m restoring the site content from backup - starting last night there was 2.3GB of data, and as of 9am this morning there was another 9 hours of content to upload - the majority images from the Garage.
There’s still some server OS configuration to get in place that which will be done this evening.
Providing we don’t hit any showstopper application incompatibilities resulting from the upgrade IMOC should be back late this evening.
Once I’m back in this evening, I’ll be rolling my sleeves up and sweeping up anything which is left needing to be sorted - like Ben says, hopefully will be back up late tonight.
Ben, Alex,
Thanks so much for your hard work. I know how much work you both do in the background but it often goes unnoticed. It’s only when something goes wrong that it comes to the fore…
Just incase anybody bookmarked this page - it looks like our hosting provider is having problems this morning