Somethings not right...

[DJ Dank]

So maybe someone's already posted this but I can't seem to read the last page of the Poho thread so I can't tell...

 

There's a 1 pixel by 1 pixel square on the top of the window and on the bottom as well and as 88 said the other day, it is a sort of Hex code. Its looks fishy...

 

I don't have the time right now as I'm on my lunch break but when you view the source, you'll can see the string of numbers as the src of the link...you can find out what letter each of those #'s mean and find out where its linking to or sourcing from...but then again maybe they WANT you to go there...just a thought...

 

Just a word of caution.

[Pezzy]

yup.

[bear claw]

 

 

It takes a hacker to catch a hacker lol

 

OK if any NPORA member has any counter hacking techniques let yourself known by pm or email moderator

 

Thanks ahead of time for your help

 

[DJ Dank]

Well if you do a quck google search for "IPB hack" or "IPB exploit" you'll be amazed at the different references out there. Maybe by looking into some of these, we can find out how to prevent this kind of thing from happening?

[DJ Dank]

Doing a quick search yielded this interesting page.

 

IPB Hack How-To

 

[adamzan]

Sometimes when i visit this site my virus scanner starts picking up a bunch of files in the temporary internet files folder saying they are infected with a trojan. Ive completly scanned my pc and theres none now but its done it from different pc's. Also it tries to get me to download a bunch of files. It even happend today at school while I was on spare, well at least those aren't my computers and network.

[vengeful]

We are aware of the situation. We are working diligently to rectify it. Please continue to be patient during this time. We apologize for the inconvenience and ask that you do not start any more new threads saying that there's a gad-blasted virus. WE KNOW!

 

- The Mangement.

[SaKaNa]

first thing to do is find it again and find out where its goin

 

i remember a couple years ago when some major IE exploit came out, i had a 1x1 image in my signature on a website, and it'd crash anyones IE.

[Jdpathy]

The following code should set your USERNAME to admin:

 

Ouch they hit us where it hurts, I see you down there 88, is that really you?

[88pathoffroad]

To explain...what's happening is this:

 

A hacker gains access to the board wrapper or HTML files either by cracking or guessing an admin password, using a hacking tool or FTP program, or through some other exploit...then adds malicious code to the board's base HTML. That's what the board runs on, besides PHP.

 

The code being planted in our case is an HTML "iframe" (Google it for more) enclosing an active link to the hacker's website. The iframe can be any size from 1x1 up to fullscreen. In our case, the hacker is planting a 1x1 framed window that opens by itself when the page is loaded. The hacker's website automatically responds to a page request with a virus or trojan attack.

 

When I find the extra 1x1's on the main forum page, I have to go search for where the hacker placed it. Most of the time it's fairly easy to find because it's been placed right in the board wrapper, which dictates how the board looks and general placement of tables and info, etc. The other times, however...I have to go through over 300 different sub-categories of HTML coding and manually edit each to look for the code, starting with global HTML sections and moving on through the most likely sections to contain such code. The hacker can only place his code in several main places, otherwise it would be fairly ineffective and not everyone would be open to attack by the virus/Trojan. When I find it, I delete it and save the fixed HTML.

 

That's the story. I've taken several steps to eliminate possible holes and wow, today we have no hacking! Let's hope it stays that way.

[SaKaNa]

Are you running an unpatched IPB? And if any of the usernames on here and on the FTP or whatever you're using share passwords, then they probably used the MD5 hash from here after exploiting it to get into there to keep uploading their custom index.

[88pathoffroad]

It is version 1.3 Final which was the last free version. It is unpatched because I have no FTP access to the account. Jim is the owner of said account and has thus far proven unhelpful in gaining access to his own forum...apparently he's forgotten the login and password. Anyway...

[SaKaNa]

Sounds like someone should really be calling their hosting company fairly soon.

[88pathoffroad]

The main reason it hasn't been done is that IPB 2.1xx costs $185. 1.3 was free, but there ain't no such thing as a free lunch any more, so now if you want an upgrade you have to either do a minor upgrade yourself to 1.31 with security add-ons or buy the new forum software from IPB. Those are the only options we have available to us.

[Pezzy]

if we had the $$$, could we even upgrade w/o Jim's help?

[88pathoffroad]

Probably not, but I could try.

[Jdpathy]

The main reason it hasn't been done is that IPB 2.1xx costs $185. 1.3 was free, but there ain't no such thing as a free lunch any more, so now if you want an upgrade you have to either do a minor upgrade yourself to 1.31 with security add-ons or buy the new forum software from IPB. Those are the only options we have available to us.

Question: Does the costly forum require monthly payments or is it one time.

Is it any better than the free forums.

[88pathoffroad]

That's a one-time payment for use of the software and free upgrades for life. One year tech support included. The latest version has more features, yes.