[Archived] Virus?

[cn174]

--><div class='quotetop'>QUOTE(Ste B @ Jan 30 2007, 19:58 ) 485447[/snapback]</div><div class='quotemain'><!--quotec-->

No, some russian ###### did though.

Delete the mail.

How did the Russian ###### get my email address?

You need an email address to sign up to the site, so if you're still using the same one, thats the one they'll have got.

[ewoodblue]

You need an email address to sign up to the site, so if you're still using the same one, thats the one they'll have got.

Well,mines clear, but if i get one , I'll delete it immediately.

[yoda]

You need an email address to sign up to the site, so if you're still using the same one, thats the one they'll have got.

my email address is not posted though! so its not visible, how is it possible Steb

[des]

just opened my email and my hard drive went mad used a restore date to fix it and have delected the email

[Modi]

my email address is not posted though! so its not visible, how is it possible Steb

I guess the email addresses are held on a database in case there is a need to reverify passwords, contact members etc.

this is probably what the hacker managed to use to send the email out.

[cn174]

my email address is not posted though! so its not visible, how is it possible Steb

As modi said, your email address which you used to register for the messageboard will be stored in a database.

The said russian ####### hasn't gone through the messageboard reading each and every thread looking for people who have put their email address on. They get into behind the scenes and do it automatically

[yoda]

I guess the email addresses are held on a database in case there is a need to reverify passwords, contact members etc.

this is probably what the hacker managed to use to send the email out.

I would have thought the data base was stored away from internet access to avoid this kind of thing happening, am i wrong?

[cn174]

I would have thought the data base was stored away from internet access to avoid this kind of thing happening, am i wrong?

Well as far as most people know the databases that drive sites such as this are hidden away and are secure. So don't worry, there isn't a page on this website which has your name, email etc etc spelled out for everyone to see.

However the database is still held on the same webspace (or the website wouldn't work) and sometimes annoying people come along, break the security and can get in behind the scenes and go out to cause everyone an inconvenience by spreading a virus.

Its just the same as every other computer program really, it is protected as best as can be and updated when new security patches come out. But people, if they are that way inclined, will always find a way round them.

[Ste B]

there is a bulk email function in our admin programs. once they have got in they use that to send to every member.

they also add a line of code to the board wrapper which downloads the same program. fortunately it was spotted and removed reasonable quickly.

FYI, the board will also be upgraded again in the near future, to the very latest version which should give us more tools we can use. Also will help us add some extra functionality. Not sure when yet, but will keep people posted.

[broadsword]

brfcs.com would never (I assume) send out a mail with an attachment on it, especially an exe file.

Does this mean we're going to get more spam now?

Ta.

[Cocker]

-->

QUOTE(Ste B @ Jan 30 2007, 19:30 ) 485466[/snapback]

There was a security flaw (since corrected) where a user could put a dodgy image in the avatar.

I thought that we couldnt upload our own avatars though

[Moppy]

Yoda "my email address is not posted though! so its not visible, how is it possible Steb"

When they get in as admin they have extra rights and probally full access to the database. All html requests are individual and retain no memory. (Cookies arnt really that advanced). The virus they planted can give access to the database (if they know it) or run appliaction commands or can simply give admin rights and the hacker/program can guess (or go straight there if they know hoe the application works)

By guessing they would run commands such as "showtopic". Everything after the ? in the address bar is in effect a function call.

Now change that to command to the command to bulk email or retrieve an email from the database and you have someones email, if the functions exist that is. (this would need lots of extra info in addition to he url stuff I have mentioned)

Most hackers will use automation to work out these commands and then they can link directly into the web application code.

------------

Yoda "I would have thought the data base was stored away from internet access to avoid this kind of thing happening, am i wrong?"

It would be very unusual if it was. It would make the registration process very long winded and non-automated.

------------

Well done on catching this early admin. Its not the easiest thing to do so I dont think anyone needs to be worried about their data security.

[Ste B]

brfcs.com would never (I assume) send out a mail with an attachment on it, especially an exe file.

Does this mean we're going to get more spam now?

Ta.

No, as whoever did it hasnt actually got your email addresses. All that has happened is that the bulk mail tool from within IPB was invoked (and stopped)..

As for the avatars, I still dont know exactly how this happened, but it was the most likely security breach.

[bazza]

Does this virus represent a danger to Macs?

I would like to ask the same question. Can anyone give us an answer?

[b12_simon]

Does this virus represent a danger to Macs?

I'd be very surprised if it was. Viruses for Macs (also linux, UNIX and whatnot) do exist, but they're very rare proof of concept thingies.

Simon

[Moppy]

I would like to ask the same question. Can anyone give us an answer?

Very unlikly but not impossible.

[Daje]

When will people stop infecting the net using IE?

Hope everyones files are ok. I'm afraid I didn't get the mail myself so I haven't had any chance to find out exactly what it was supposed to do.

Good job cleaning up so fast, Admins

[3recurring]

Does this virus represent a danger to Macs?

If you run Parrallels, or Boot Camp etc on a Mac (and use IE), then yes - if not, then no.

When will people stop infecting the net using IE?

When end users realise that there are better and more secure alternatives to Microsoft products.

[broadsword]

If you're worried about your mac, I'd just take it to the dry-cleaner's, no worries.

[Hasta]

If you're worried about your mac, I'd just take it to the dry-cleaner's, no worries.

As opposed to having to get the window cleaner to come round twice a week.