APSA Malware Hack

Discussion in 'Announcements' started by Ryan, Aug 12, 2010.

  1. Ryan
    Offline

    Ryan Green fingers

    • APSA Member
    37%
    Joined:
    Jun 28, 2006
    Messages:
    1,447
    Likes Received:
    4
    Trophy Points:
    48
    Location:
    25°52'43.48"S 28°11'14.33"E
    Hi guys

    If you tried to log in earlier today you might have noticed that APSA was not working.

    The site was hacked. I am still trying to work out how it happened.

    The hack involved changing a line on all the index.php files which was supposed to include a hidden iframe that would redirect any visitor to that page to an attack site.

    I hope that none of you were affected by this, but as far as I can tell, the extra line of code that was added had a syntax error so it wouldn't have been able to actually do the nasty redirection.

    If you come across anything strange on the site please let me, Andre or one of the moderators know about it.

    Kind regards,
    The APSA Team
     
  2. altondaley36
    Offline

    altondaley36 Algae harvester

    • APSA Member
    40%
    Joined:
    Sep 8, 2010
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    26
    Location:
    Richards Bay
    Sorry to hear that Ryan.

    I manage a large network (about 3000 users) and it makes you sick to see how many malware and viruses are out there. I fight off about 5 to 15 different malware and virus every day .

    Good luck
     
  3. Max98
    Offline

    Max98 Algae harvester

    • APSA Member
    53%
    Joined:
    Jul 22, 2010
    Messages:
    127
    Likes Received:
    6
    Trophy Points:
    28
    Location:
    Gauteng - Pretoria East
    Yesterday morning there was a strange post where casino's where advertised. Possibly linked?
     
  4. Ryan
    Offline

    Ryan Green fingers

    • APSA Member
    37%
    Joined:
    Jun 28, 2006
    Messages:
    1,447
    Likes Received:
    4
    Trophy Points:
    48
    Location:
    25°52'43.48"S 28°11'14.33"E
    Thanks Alton. Like I said the redirect code had an error so nobody would have been sent to the attack site.

    It's possible but we get bots like that all the time. It will start happening with more and more frequency as they start getting better at beating the captcha. I'll just have to look into better captcha, I have a few ideas for it though.
     
  5. Luis Embalo
    Offline

    Luis Embalo Valued Contributor

    • APSA Member
    23%
    Joined:
    Feb 11, 2010
    Messages:
    5,342
    Likes Received:
    1,184
    Trophy Points:
    223
    Location:
    Elsies River - Cape Town
    Hi Ryan,

    You should also look for patches to the SMF app you are using to display APSA, malware sites usually hack unpatched sites home page.
     
  6. Ebrahim
    Offline

    Ebrahim Green fingers

    • APSA Member
    9%
    Joined:
    Jun 24, 2010
    Messages:
    370
    Likes Received:
    29
    Trophy Points:
    38
    Location:
    Marlboro gardens,Johannesburg
    Thank heavens the hacker wasnt a good programmer or we could have heard that some coporate monolith DDOS'd by APSA!.lol
     

Share This Page