Are you a spammer

Please note, that the first 3 posts you make, will need to be approved by a forum Administrator or Moderator before they are publicly viewable.
Each application to join this forum is checked at the Stop Forum Spam website. If the email or IP address appears there when checked, you will not be allowed to join this forum.
If you get past this check and post spam on this forum, your posts will be immediately deleted and your account inactivated.You will then be banned and your IP will be submitted to your ISP, notifying them of your spamming. So your spam links will only be seen for an hour or two at most. In other words, don't waste your time and ours.

This forum is for the use and enjoyment of the members and visitors looking to learn about and share information regarding the topics listed. It is not a free-for-all advertising venue. Your time would be better spent pursuing legitimate avenues of promoting your websites.

Ubuntu Forums Hacked

Love it, hate it drop posts here
Forum rules
Comments or opinions expressed on this forum are those of their respective contributors only. The views expressed on this forum do not necessarily represent the views of Ultimate Edition, its management or employees. Ultimate Edition is not responsible for, and disclaims any and all liability for the content of comments written by contributors to the forum.


Ubuntu Forums Hacked

Postby tanmay.01 » Sun Jul 21, 2013 3:27 am

HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 33
Operating System: Other Linux



Re: Ubuntu Forums Hacked

Postby Xanayoshi » Sun Jul 21, 2013 12:23 pm

This isn't particularly shocking. So some trolls come out? In all likelihood, someone got upset with the forum and took it down. Most likely someone very proficient with Linux.

So we see the Microsoft vs. Linux argument come out.

But.....

The security of Microsoft will always be compromised....

http://www.washingtonsblog.com/2013/06/ ... -1999.html

1999
Image

And now, the completely true facts, as told by an anonymous man hiding behind a screen name:

Packard Bell Pack Mate II 286 Intel 80286 1MB RAM
ImageImageImage
User avatar
Xanayoshi
Moderator
 
Posts: 1564
Joined: Thu Oct 18, 2012 1:46 pm
Location: Kitsap County
Age: 45
Operating System: Ultimate Edition 3.4 32 BIT



Re: Ubuntu Forums Hacked

Postby Xanayoshi » Sun Jul 21, 2013 12:27 pm

Now why would Microsoft allow this....

http://en.wikipedia.org/wiki/United_Sta ... orporation

1999
Image

And now, the completely true facts, as told by an anonymous man hiding behind a screen name:

Packard Bell Pack Mate II 286 Intel 80286 1MB RAM
ImageImageImage
User avatar
Xanayoshi
Moderator
 
Posts: 1564
Joined: Thu Oct 18, 2012 1:46 pm
Location: Kitsap County
Age: 45
Operating System: Ultimate Edition 3.4 32 BIT



Re: Ubuntu Forums Hacked

Postby tanmay.01 » Sun Aug 04, 2013 12:31 am

This is the tweet posted by the hacker

You can stop worrying about your passwords. Yes, they were encrypted. Encrypted with the default vBulletin hashing algorithm (md5(md5($pass).$salt). Whilst it may not be the strongest, when you're dealing with 1.8m users it would take a very long time to get anywhere with the hashes. You don't have to worry about a DB leak. That isn't how I like to do things.

If I do get into a website, most of the time there's no REAL malicious intentions. Grab the database, leave a message. That's it. I don't like to over-do things. Might cause some downtime, but what if it WAS the "syr14n c3b3r 4rmy" (not that their brain-dead brains have the power to do anything whatsoever), and they did have malicious intentions, and they did leak the database and use it to their own advantage?

Oh, and keep on raging and sending me rage tweets, I love it.


Source : http://www.twitlonger.com/show/n_1rlft0d

And this is the update from canonical's blog :

As announced previously, there was a security breach on the Ubuntu Forums. The Ubuntu Forums are now back up and running. What follows is a detailed post mortem of the breach and corrective actions taken by the Canonical IS team. In summary, the root cause was a combination of a compromised individual account and the configuration settings in vBulletin, the Forums application software. There was no compromise of Ubuntu itself, or any other Canonical or Ubuntu services. We have repaired and hardened the Ubuntu Forums, and as the problematic settings are the default behaviour in vBulletin, we are working with vBulletin staff to change and/or better document these settings.

What happened
At 16:58 UTC on 14 July 2013, the attacker was able to log in to a moderator account owned by a member of the Ubuntu Community.

This moderator account had permissions to post announcements to the Forums. Announcements in vBulletin, the Forums software, may be allowed to contain unfiltered HTML and do so by default.

The attacker posted an announcement and then sent private messages to three Forum administrators (also members of the Ubuntu community) claiming that there was a server error on the announcement page and asking the Forum administrators to take a look.

One of the Forum administrators quickly looked at the announcement page, saw nothing wrong and replied to the private message from the attacker saying so. 31 seconds after the Forum administrator looked at the announcement page (and before the administrator even had time to reply to the private message), the attacker logged in as that Forum administrator.

Based on the above and conversations with the vBulletin support staff, we believe the attacker added an XSS attack in the announcement they posted which sent the cookies of any visitor to the page to the attacker.

Once the attacker gained administrator access in the Forums they were able to add a hook through the administrator control panel. Hooks in vBulletin are arbitrary PHP code which can be made to run on every page load. The attacker installed a hook allowing them to execute arbitrary PHP passed in a query string argument. They used this mechanism to explore the environment and also to upload and install two widely available PHP shell kits. The attacker used these shell kits to upload and run some custom PHP code to dump the ‘user’ table to a file on disk which they then downloaded.

The attacker returned on 20 July to upload the defacement page.

What the attacker could access
The attacker had full access to the vBulletin environment as an administrator and shell access as the ‘www-data’ user on the Forums app servers.

Having administrator access to the vBulletin environment means they were able to read and write to any table in the Forums database.

They used this access to download the ‘user’ table which contained usernames, email addresses and salted and hashed (using md5) passwords for 1.82 million users.

What the attacker could not access
We believe the attacker was NOT able to escalate past the ‘www-data’ user (i.e. gain root access) on the Forums app servers.

We believe the attacker was NOT able to escalate past remote SQL access to the Forums database on the Forums database servers.

We believe the attacker did NOT gain any access at all to the Forums front end servers.

We believe the attacker was NOT able to gain any access to any other Canonical or Ubuntu services.

We know the attacker was NOT able to gain access to any Ubuntu code repository or update mechanism.

What we don’t know
We don’t know how the attacker gained access to the moderator account used to start the attack.

The announcement the attacker posted was deleted by one of the Forum administrators so we don’t know exactly what XSS attack was used.

What we’ve done
Before bringing the Forums back online, we implemented a series of changes both designed to clean up after this attack and also to defend against and mitigate the fallout from possible attacks in the future.

Clean up

We sent individual mails to all Forums users informing them of the breach and that they should consider their Forum password compromised. We advised them to change this password on any other systems where they may have re-used it.
We backed up the servers running vBulletin, and then wiped them clean and rebuilt them from the ground up.
We randomised all user passwords in the Forums.
We reset all system and database passwords.
We manually imported data into a fresh database after sanity checking each table.
Hardening

We’ve removed the ability to modify or add new hooks except via root access to the database
We’ve disabled all potential HTML posting avenues in the Forums for everyone but administrators.
We’ve switched the Forums to use Ubuntu SSO for user authentication.
We’ve implemented automated expiry of inactive moderator and administrator accounts.
We’ve confined vBulletin with an AppArmor profile.
We’ve reviewed and further hardened the firewalling around the Forums servers.
We’ve reviewed and further hardened the PHP config on the server to close off some vectors used by the attacker.
We’ve switched to forcing HTTPS for the administrator and moderator control panels and made it optionally available everywhere else
We’ve improved escalation procedures for the Ubuntu Community members who graciously volunteer their time to administer and moderate the Forums.
We will continue to work with vBulletin staff to discuss changes to the default settings which could help others avoid similar scenarios as this. The vBulletin support staff have been helpful and cooperative throughout this incident.
Finally, we’d like once again to apologize for the security breach, the data leak and downtime.
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 33
Operating System: Other Linux



Re: Ubuntu Forums Hacked

Postby BBOSAK2143 » Sun Aug 04, 2013 9:00 am

Now could you imagine if these hackers actually did something constructive? Like perhaps fix programs that needs help or create ones to help people??? Personally if I were to move to that dark side, I would have myself committed! I consider myself another kind of hacker which is one that puts pieces from one program into another to fix it! That in turn allows a user to be able to have a program they need functioning for them! I find tons more joy out of being able to make someone happy instead of wreck their day! It is also challenging to make people happy! So really I wish these hackers would take on some of the hacking I do! Sure would be nice instead of taking down forums! I do not know just floors me!!!!!
Firm believer in Asus, Linux and Technology
"Art is to be enjoyed by all that enjoy it"
Asus M5A97 Plus motherboard
AMD FX 4350 Processor
Asus R7250 2GD5 graphics card
16gig DDR3-1333
2TB Hitachi Hard Drive
24in Asus VE248 LED Monitor
OS=My 8th OS Star Trek(Ubuntu 16.04)
Desktops=Gnome 3.20 and LXDE
Warp Speed!
ASUS Laptop R503U
AMD E2-1800
ATI HD7340
4gig Memory
500gig Hitachi HD
OS= Win7 SP1/8th OS Star Trek(Ubuntu 16.04)
Desktops Gnome 3.20 and LXDE
2nd 500gig Seagate HD R.I.P
User avatar
BBOSAK2143
U.E. God
U.E. God
 
Posts: 923
Joined: Tue Jul 03, 2012 7:56 pm
Location: Mount Pleasant, Tennessee
Age: 61
Operating System: Ultimate Edition 3.5 64 BIT


Return to Rants and Raves

Who is online

Users browsing this forum: No registered users and 5 guests