RCU Site problems
04-17-2008, 10:21 PM
#1
RCU Site problems
Unfortunately many of you may have noticed posts missing and/or an inability to access the site.
There have been a few problems with the site of recent which are seeing the full attention of the RCU administrators. The site had been the target of hackers as well as the usual virus potential for problems. Many of the problems have been addressed however some changes impact other things. One option that has been used when all hell breaks loose is a roll back where they roll the site back a few hours to remove malicious scripts etc.
Please know that the administrators and owners of the site are aware of the frustrations these changes have to all who use the site. Please know these are reactionary measures to actions being taken against the site. Please also be assured that the site will be back to full strength soon and further to that the site will soon see an upgrade that will see these problems as a thing of the past (with any luck).
If you have any questions or concerns please do not hesitate to contact myself or any Moderator or administrator.
I appreciate your patience (I too have seen a few of my posts disappear into the abysis [
])
There have been a few problems with the site of recent which are seeing the full attention of the RCU administrators. The site had been the target of hackers as well as the usual virus potential for problems. Many of the problems have been addressed however some changes impact other things. One option that has been used when all hell breaks loose is a roll back where they roll the site back a few hours to remove malicious scripts etc.
Please know that the administrators and owners of the site are aware of the frustrations these changes have to all who use the site. Please know these are reactionary measures to actions being taken against the site. Please also be assured that the site will be back to full strength soon and further to that the site will soon see an upgrade that will see these problems as a thing of the past (with any luck).
If you have any questions or concerns please do not hesitate to contact myself or any Moderator or administrator.
I appreciate your patience (I too have seen a few of my posts disappear into the abysis [
])
04-18-2008, 05:22 PM
#2
Senior Member
Join Date: Mar 2002
Location: Kingsport,
TN
Posts: 1,803
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Site problems
Matt, I have noticed that when I click on a link provided by email for one thread, I am transferred to a completely different thread usually an airplane thread. Is this a product of the issues you have been having?
04-18-2008, 06:06 PM
#3
RE: RCU Site problems
ORIGINAL: Paul M
Matt, I have noticed that when I click on a link provided by email for one thread, I am transferred to a completely different thread usually an airplane thread. Is this a product of the issues you have been having?
Matt, I have noticed that when I click on a link provided by email for one thread, I am transferred to a completely different thread usually an airplane thread. Is this a product of the issues you have been having?
This too is a problem that shoul dbe resolved once security of the site is tightened a little more.
04-28-2008, 09:09 PM
#4
RE: RCU Site problems
Info on the recent hacks - http://blog.wired.com/monkeybites/20...oft-datab.html
Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection
By Scott Gilbertson April 28, 2008 | 8:04:40 AMCategories: security
A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. While the attack is not Microsoft's fault, it is unique to the company's IIS server.
The automated attack takes advantage to the fact that Microsoft’s IIS servers allow generic commands that don’t require specific table-level arguments. However, the vulnerability is the result of poor data handling by the sites’ creators, rather than a specific Microsoft flaw.
In other words, there’s no patch that’s going to fix the issue, the problem is with the developers who failed follow well-established security practices for handling database input.
The attack itself injects some malicious JavaScript code into every text field in your database, the Javascript then loads an external script that can compromise a user’s PC.
Most of the larger sites affected have already long since repaired themselves and claim that the underlying problems in their code have been fixed. However, if you don’t want to take the chance there’s a simple way to avoid the problem — use Firefox with NoScript. Since the attack loads a script from a different domain, NoScript will stop it from running.
If your site has been affected you’re going to need to restore your database from a clean backup copy and start reviewing your code to make sure all input is properly sanitized, otherwise you’ll just get hit again. Should you not have a clean backup of you database hackademix.net has a workaround for rerunning the attack, but changing a couple lines to remove the injected JavaScript.
If you’ve been hit by the attack, you should, as Bill Sisk, Microsoft’s Trustworthy Computing, Response Communications Manager, suggests on his blog, report the attack.
Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.
So far there have been no details about who is behind the attacks.
Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection
By Scott Gilbertson April 28, 2008 | 8:04:40 AMCategories: security
A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. While the attack is not Microsoft's fault, it is unique to the company's IIS server.
The automated attack takes advantage to the fact that Microsoft’s IIS servers allow generic commands that don’t require specific table-level arguments. However, the vulnerability is the result of poor data handling by the sites’ creators, rather than a specific Microsoft flaw.
In other words, there’s no patch that’s going to fix the issue, the problem is with the developers who failed follow well-established security practices for handling database input.
The attack itself injects some malicious JavaScript code into every text field in your database, the Javascript then loads an external script that can compromise a user’s PC.
Most of the larger sites affected have already long since repaired themselves and claim that the underlying problems in their code have been fixed. However, if you don’t want to take the chance there’s a simple way to avoid the problem — use Firefox with NoScript. Since the attack loads a script from a different domain, NoScript will stop it from running.
If your site has been affected you’re going to need to restore your database from a clean backup copy and start reviewing your code to make sure all input is properly sanitized, otherwise you’ll just get hit again. Should you not have a clean backup of you database hackademix.net has a workaround for rerunning the attack, but changing a couple lines to remove the injected JavaScript.
If you’ve been hit by the attack, you should, as Bill Sisk, Microsoft’s Trustworthy Computing, Response Communications Manager, suggests on his blog, report the attack.
Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.
So far there have been no details about who is behind the attacks.
