DJ Dank Posted November 30, 2006 Share Posted November 30, 2006 So maybe someone's already posted this but I can't seem to read the last page of the Poho thread so I can't tell... There's a 1 pixel by 1 pixel square on the top of the window and on the bottom as well and as 88 said the other day, it is a sort of Hex code. Its looks fishy... I don't have the time right now as I'm on my lunch break but when you view the source, you'll can see the string of numbers as the src of the link...you can find out what letter each of those #'s mean and find out where its linking to or sourcing from...but then again maybe they WANT you to go there...just a thought... Just a word of caution. Link to comment Share on other sites More sharing options...
Pezzy Posted November 30, 2006 Share Posted November 30, 2006 yup. Link to comment Share on other sites More sharing options...
bear claw Posted December 1, 2006 Share Posted December 1, 2006 It takes a hacker to catch a hacker lol OK if any NPORA member has any counter hacking techniques let yourself known by pm or email moderator Thanks ahead of time for your help Link to comment Share on other sites More sharing options...
DJ Dank Posted December 1, 2006 Author Share Posted December 1, 2006 Well if you do a quck google search for "IPB hack" or "IPB exploit" you'll be amazed at the different references out there. Maybe by looking into some of these, we can find out how to prevent this kind of thing from happening? Link to comment Share on other sites More sharing options...
DJ Dank Posted December 1, 2006 Author Share Posted December 1, 2006 Doing a quick search yielded this interesting page. IPB Hack How-To Link to comment Share on other sites More sharing options...
adamzan Posted December 1, 2006 Share Posted December 1, 2006 Sometimes when i visit this site my virus scanner starts picking up a bunch of files in the temporary internet files folder saying they are infected with a trojan. Ive completly scanned my pc and theres none now but its done it from different pc's. Also it tries to get me to download a bunch of files. It even happend today at school while I was on spare, well at least those aren't my computers and network. Link to comment Share on other sites More sharing options...
vengeful Posted December 2, 2006 Share Posted December 2, 2006 We are aware of the situation. We are working diligently to rectify it. Please continue to be patient during this time. We apologize for the inconvenience and ask that you do not start any more new threads saying that there's a gad-blasted virus. WE KNOW! - The Mangement. Link to comment Share on other sites More sharing options...
SaKaNa Posted December 2, 2006 Share Posted December 2, 2006 first thing to do is find it again and find out where its goin i remember a couple years ago when some major IE exploit came out, i had a 1x1 image in my signature on a website, and it'd crash anyones IE. Link to comment Share on other sites More sharing options...
Jdpathy Posted December 2, 2006 Share Posted December 2, 2006 The following code should set your USERNAME to admin: Ouch they hit us where it hurts, I see you down there 88, is that really you? Link to comment Share on other sites More sharing options...
88pathoffroad Posted December 2, 2006 Share Posted December 2, 2006 To explain...what's happening is this: A hacker gains access to the board wrapper or HTML files either by cracking or guessing an admin password, using a hacking tool or FTP program, or through some other exploit...then adds malicious code to the board's base HTML. That's what the board runs on, besides PHP. The code being planted in our case is an HTML "iframe" (Google it for more) enclosing an active link to the hacker's website. The iframe can be any size from 1x1 up to fullscreen. In our case, the hacker is planting a 1x1 framed window that opens by itself when the page is loaded. The hacker's website automatically responds to a page request with a virus or trojan attack. When I find the extra 1x1's on the main forum page, I have to go search for where the hacker placed it. Most of the time it's fairly easy to find because it's been placed right in the board wrapper, which dictates how the board looks and general placement of tables and info, etc. The other times, however...I have to go through over 300 different sub-categories of HTML coding and manually edit each to look for the code, starting with global HTML sections and moving on through the most likely sections to contain such code. The hacker can only place his code in several main places, otherwise it would be fairly ineffective and not everyone would be open to attack by the virus/Trojan. When I find it, I delete it and save the fixed HTML. That's the story. I've taken several steps to eliminate possible holes and wow, today we have no hacking! Let's hope it stays that way. Link to comment Share on other sites More sharing options...
SaKaNa Posted December 2, 2006 Share Posted December 2, 2006 Are you running an unpatched IPB? And if any of the usernames on here and on the FTP or whatever you're using share passwords, then they probably used the MD5 hash from here after exploiting it to get into there to keep uploading their custom index. Link to comment Share on other sites More sharing options...
88pathoffroad Posted December 2, 2006 Share Posted December 2, 2006 It is version 1.3 Final which was the last free version. It is unpatched because I have no FTP access to the account. Jim is the owner of said account and has thus far proven unhelpful in gaining access to his own forum...apparently he's forgotten the login and password. Anyway... Link to comment Share on other sites More sharing options...
SaKaNa Posted December 3, 2006 Share Posted December 3, 2006 Sounds like someone should really be calling their hosting company fairly soon. Link to comment Share on other sites More sharing options...
88pathoffroad Posted December 3, 2006 Share Posted December 3, 2006 The main reason it hasn't been done is that IPB 2.1xx costs $185. 1.3 was free, but there ain't no such thing as a free lunch any more, so now if you want an upgrade you have to either do a minor upgrade yourself to 1.31 with security add-ons or buy the new forum software from IPB. Those are the only options we have available to us. Link to comment Share on other sites More sharing options...
Pezzy Posted December 3, 2006 Share Posted December 3, 2006 if we had the $$$, could we even upgrade w/o Jim's help? Link to comment Share on other sites More sharing options...
88pathoffroad Posted December 3, 2006 Share Posted December 3, 2006 Probably not, but I could try. Link to comment Share on other sites More sharing options...
Jdpathy Posted December 3, 2006 Share Posted December 3, 2006 The main reason it hasn't been done is that IPB 2.1xx costs $185. 1.3 was free, but there ain't no such thing as a free lunch any more, so now if you want an upgrade you have to either do a minor upgrade yourself to 1.31 with security add-ons or buy the new forum software from IPB. Those are the only options we have available to us. Question: Does the costly forum require monthly payments or is it one time. Is it any better than the free forums. Link to comment Share on other sites More sharing options...
88pathoffroad Posted December 3, 2006 Share Posted December 3, 2006 That's a one-time payment for use of the software and free upgrades for life. One year tech support included. The latest version has more features, yes. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now