So.. Has Anandtech Been Hacked?

[Train]

I hosted a phpbb a few years ago that fell to a SQL Injection attack, and got spam not only as posts, but in every members profile and signatures as well.

Though I'm pretty sure PHPBB has closed those security holes since. Not sure about VB though. you would think in this day and age a widely used app like VB would be protected against SQL Injection

Or they may have just brute forced/guessed an admin password

 

[indamixx99]

Yeah i agree... Plain english please?

 

[ViviTheMage]

huh... i just figured AT sold out to advertisers to pay for vbulletin, lol

vb is cheap, very cheap.

 

[ivan2]

Yeah i agree... Plain english please?

we've been haxxored?

 

[El Guaraguao]

what? we've been haxxored?!


LET OUR POWERS COMBINE!


EARTH!

 

[lxskllr]

what I want to know is, whats up with the 'funny' notices? AT used to be rather professional...Not that I mind, just wondering about the 'change'

I like the writing style. It conveys all the necessary information, but is still entertaining to read. I've half thought about saving them, but there isn't much point in that. It's the spontaneity and surprise that makes them fun :^)

 

[Platypus]

It would be helpful if someone would step forward and disclose information about what happened instead of posting cute messages at the top of the forum. Depending on the attack vector and severity this has the potential to be much worse than anyone running the show here realizes.

With this breach and many other warning signs before it, it's obvious that the people doing this don't even have rudimentary knowledge of securing a webserver/forum.

 

[Alone]

Exploits in vB are not uncommon at all. That's the way any major product is. There will always be someone around to find clever little security holes. This could either be in regards to the forum software itself, or add-ons which would make it the fault of someone other than vB.

I don't think there are any exploits in vB 3.84 PL1, which I believe is being used here. If there are, it was kept very quiet. It was most likely a third party add-on, which I imagine are used here.

Assuming they didn't directly gain entry to the databases, which I seriously doubt happened, then the passwords are safe.

This is just unfortunate timing for AT, and not necessarily a short coming.

Basically, shit happens.

(from LoKe)

 

[Platypus]

Exploits in vB are not uncommon at all. That's the way any major product is. There will always be someone around to find clever little security holes. This could either be in regards to the forum software itself, or add-ons which would make it the fault of someone other than vB.

I don't think there are any exploits in vB 3.84 PL1, which I believe is being used here. If there are, it was kept very quiet. It was most likely a third party add-on, which I imagine are used here.

Assuming they didn't directly gain entry to the databases, which I seriously doubt happened, then the passwords are safe.

This is just unfortunate timing for AT, and not necessarily a short coming.

Basically, shit happens.

(from LoKe)

There's not enough information to say VB was even the attack vector here. There was a potential for any piece of software on the box to be exploited, not just VB itself. It's the most likely I would agree but definitely not the only method, which is why information would be helpful.

 

[Crusty]

There's not enough information to even make an educated guess at this point. There was a potential for any piece of software on the box to be exploited, not just VB itself.

One would hope that if the boxes got rooted someone would have the smart idea of actually taking them offline, but given the track record I wouldn't hold your breath.

/sigh

WTB more information

 

[lxskllr]

Who cares about the passwords anyway? It's just a web forum. I would hope a group of techies wouldn't use the same password for a forum that they use for important stuff....

 

[Alone]

There's not enough information to say VB was even the attack vector here. There was a potential for any piece of software on the box to be exploited, not just VB itself. It's the most likely I would agree but definitely not the only method, which is why information would be helpful.

I agree, but odds are they don't know anything about it either. And I doubt someone gained access to the box just to advertise their website. The process of doing that is so involved that it would be a huge waste of effort for something that can be reversed so quickly.

And given that an old account was taken over, rather than a new one created and given administrator rights sounds simply like a compromised account.

But still, I don't know what happened. The only way to know for sure is to check the access logs.

(from LoKe)

 

[dmcowen674]

It would be helpful if someone would step forward and disclose information about what happened instead of posting cute messages at the top of the forum. Depending on the attack vector and severity this has the potential to be much worse than anyone running the show here realizes.

With this breach and many other warning signs before it, it's obvious that the people doing this don't even have rudimentary knowledge of securing a webserver/forum.

Cut a little slack.

They went from proprietary closed code to off the shelf open code.

It's not like they got into credit card database or something, sheesh.

 

[OILFIELDTRASH]

It's funny a tech website has been haxxored and nobody can figure out what happened. I'm just waiting for all the avatars to be changed to the black man avatar and every post is giving away iPods.

 

[FoBoT]

an existing account was used, i pm'ed the account while the person was using it, the reply basically acknowledged what was going on

i have no idea how the person logged into the account, whether the password was guessed or an exploit exists to access the account

 

[Ausm]

Yeah I have been getting spam also.

 

[Platypus]

I agree, but odds are they don't know anything about it either. And I doubt someone gained access to the box just to advertise their website. The process of doing that is so involved that it would be a huge waste of effort for something that can be reversed so quickly.

And given that an old account was taken over, rather than a new one created and given administrator rights sounds simply like a compromised account.

But still, I don't know what happened. The only way to know for sure is to check the access logs.

(from LoKe)

Like I said that's likely the attack vector but based on stuff I previously found here I'm not entirely sure I can say that with 100% confidence. It would appear that is the case though. I would also love to see said access logs.

 

[Platypus]

Cut a little slack.

They went from proprietary closed code to off the shelf open code.

It's not like they got into credit card database or something, sheesh.

It's obviously just AT so it's not the end of the world. I'm not trying to be an asshole. It's just frustrating that myself and others have offered their free help and time and we do this shit for a living. The response has been a giant "................."

 

[moshquerade]

It's obviously just AT so it's not the end of the world. I'm not trying to be an asshole. It's just frustrating that myself and others have offered their free help and time and we do this shit for a living. The response has been a giant "................."

You didn't know the mob runs this site?
They don't like to let anyone into "the family" that easily.

 

[OILFIELDTRASH]

I'm just worried about the for sale/trade forum. I wouldn't want some hacker using my or some other good traders account to scam other members.

 

[Alone]

I'm just worried about the for sale/trade forum. I wouldn't want some hacker using my or some other good traders account to scam other members.

If that was the intent they wouldn't have made it so obvious that AT's security was compromised.

 

[SunnyD]

I agree, but odds are they don't know anything about it either. And I doubt someone gained access to the box just to advertise their website. The process of doing that is so involved that it would be a huge waste of effort for something that can be reversed so quickly.

And given that an old account was taken over, rather than a new one created and given administrator rights sounds simply like a compromised account.

But still, I don't know what happened. The only way to know for sure is to check the access logs.

(from LoKe)

I'm curious... how would LoKe know that the issues stemmed from a compromised account? I don't believe any of the admins publicly said anything about an old account being compromised... :hmm:

 

[FoBoT]

I'm curious... how would LoKe know that the issues stemmed from a compromised account? I don't believe any of the admins publicly said anything about an old account being compromised... :hmm:

i posted it last night while it was happening
the hacker guy deleted the posts
at the time i wasn't positive , but now i am sure what account was doing it all

 

[PlasmaBomb]

what? we've been haxxored?!


LET OUR POWERS COMBINE!


EARTH!

Did they make a movie out of that?

 

[Alone]

I'm curious... how would LoKe know that the issues stemmed from a compromised account? I don't believe any of the admins publicly said anything about an old account being compromised... :hmm:

Because the notice at the top of the forum was posted by ForumsAdmin, an administrator account that has a post history of being a real staff account?