Evening all..

As an avid member of the CivicType-R.co.uk forum I was horrified this evening to learn that it had been hacked and defaced with 'Mario' style cartoon images. Also it said "All your Forums are owned by Joe". The site also had refrence to We hate Civic Type R's!

The username Limewire appeared as an Administrator!

Just thort id let you giys know as I find this thing appaling. You would thing after working in IT for 7 years id be used to it

thanks.

Jon

i read the other day a thread from it that turned certain words into expletives.made for some "interesting" reading. from what i read its was due to the old software the site uses.

(no years in IT btw)

http://www.seatcupra.net/forums/showthread.php?t=52706&page=1&pp=20&highlight=CTR

thread on cupranet but the link is dead

Just proves that you get people like that (trying hard to call them that). I run a bunch of sites myself, and security issues get found regularly in the forum, add-ons, php or mySQL or Apache. My hosting company updates the backbone stuff, including the backups and so on, which helps a lot.

IMHO there is no excuse for defacing sites. It is wrong, plain and simple. It is especially sad when this happens, it really causes a lot of grief for members & those behind the scenes :(

As for 'old' versions - yep perhaps but it's not always easy to keep everything updated at all times. Most of us need to keep a job down too, plus a SWMBO must be kept in a reasonable state of happiness

Let's hope they had good backups.

Were the civic forums run with phpBB by any chance? There has been a well known exploit around which allowed anyone with half a brain (i.e. script kiddies) to raise their priviledges and become site admin.

Were the civic forums run with phpBB by any chance? There has been a well known exploit around which allowed anyone with half a brain (i.e. script kiddies) to raise their priviledges and become site admin.

I belive it was phpBB2.

www.cruiseessex.com my friends site got done over last night.

Anyone got any virus's handy?

www.cruiseessex.com my friends site got done over last night.

Anyone got any virus's handy?

Have I got a virus or is it that site? Because when I clicked on it, it brought up some porno www. 7 2 . com or something which tried to load dialers and pop ups galore, in the end I had to turn the comp off

Walkie, it should come with CruiseEssex, people just enjoying their cars or something similar.

It was caused by an ex-member of steev.co.uk. I posted up on there asking who it was and all I got was 'It's not us' and then one of the mods decided to put my IP address up. I just hope no-one can track my computer through that.

Thanks for that.

I am presently musing with a bit of house keeping here, removing of various "alterations". Just to make updates and that general peace of mind easier on anybody running the site in the future.

Walkie' date=' it should come with CruiseEssex, people just enjoying their cars or something similar.

It was caused by an ex-member of steev.co.uk. I posted up on there asking who it was and all I got was 'It's not us' and then one of the mods decided to put my IP address up. I just hope no-one can track my computer through that.[/quote']

If your on a static IP address then sadly yes. A quick check of router and firewall settings never hurts. Ip's should never be posted IMHO in public spaces. Anything in there privacy policy that you can ask them to remove it?

Or if your on a non-static address, don't worry about it too much.

If your on a static IP address then sadly yes. A quick check of router and firewall settings never hurts. Ip's should never be posted IMHO in public spaces. Anything in there privacy policy that you can ask them to remove it?

Or if your on a non-static address' date=' don't worry about it too much.[/quote']

I'm on broadband so I believe thats static IP. It has been removed since as someone pointed out that they are breaching their own rules on confidentcilatity (sp). Time to upgrade the firewall then, thanks Colin.

phpBB2 had some security holes, so does vBulletin in many, many, many versions

The real big one wasthe hole in php pre 4.3.10

phpBB is no less or more secure than vBulletin imho. I've used both - and they are both pretty decent imho

I'm on broadband so I believe thats static IP. It has been removed since as someone pointed out that they are breaching their own rules on confidentcilatity (sp). Time to upgrade the firewall then, thanks Colin.

Depending on which broadband you are on will depend on how easy it is to change your IP address.

If you are on Blueyonder for instance just unplug your modem, open up a command prompt and do "ipconfig /release" without the ", wait 24 hours then reconnect the modem and you should have a new IP address.

Means no nternet for 24hours but at least you will have piece of mind.