Site got hacked

[otseng]

The site experienced its first major hack this morning around 7 AM (EST). All the posts got corrupted and forum settings were modified. I have restored the site to the last monthly backup. So, unfortunately, all posts and new members since Aug 9 are lost. I'm currently trying to figure out how the hacker got in. In the meantime, the site might continue to experience problems until a patch is done.

[myth-one.com]

Dear Mr. Osteng,

While posting a reply, after entering a rarely used "size" statement as follows:

{size=18} This is a test {/size} (Used {} instead of [] to avoid the ALERT here)

and depressing "preview" the following boxed message appeared:

==================================================================
SECURITY ALERT » » » »
CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.
===============================================================

This does not mean much to me. Does "this site" refer to your site or my computer? Do I need to take any action?

Thanks
Myth-one.com

[Cmass]

I just got the same thing. Is this another attack via another hole?

SECURITY ALERT » » » »
CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.

[bernee51]

I am also getting this message when trying to add a new topic.

I just got the same thing. Is this another attack via another hole?

SECURITY ALERT » » » »
CBACK CrackerTracker has detected a potential attack on this site with a worm or exploit script so the Security System stopped the script.


If you can see this page after including a new MOD into your board or after clicking on a link please contact the Board Administrator with this error message and a description what you have done before you could see this page, that the Admin has the possibility to fix the problem.

[Vladd44]

No, it is a mod that Otseng recently added to improve security on the forum.

Please be patient, it may take a few tries to iron out a few details.

A link to the mod So you can read about it yourself.

If you review the info Otseng gave in the thread about the specifics of the exploit used last week on the forum, and put it into practice (in proof of concept, not destroying people's hard work) you will find many boards that would have been vulnerable are running this mod to protect them from it..and other vulnerabilities.

[Flail]

Yes the newsletter was #13....I have been having bad luck ever since I read it....until I poured chicken soup on my head while dancing the hokey pokey....now all is well.

[otseng]

Yes, I'm having some problems with the CrackerTracker mod. I'm putting it into debug mode until I get it fixed.

If you experience any problems, post what you see in this thread:
http://debatingchristianity.com/forum/v ... php?t=6293

[otseng]

I figured out one reason why it was giving the error message. I've now fixed it. However, there might something else causing it. If you see an error message, please post it here:
http://debatingchristianity.com/forum/v ... php?t=6293