Jump to content

Recommended Posts

Posted

Today (Sun 19/3) at approx 7.00 in the morning I did a full backup and download of the site and its databases. Then at approx 8.00am I was advised by a user that the site may have been hacked. I did a quick check on the site and saw that a core file had today's date on it which it shouldn't have. Looking in the file and comparing it to the file in the backup I saw that whilst they had exactly the same code, the correct code, the one on the server had line spaces in between the lines of code which didn't add up i.e. why was there extra line breaks in the file compared to the one that I had backed up plus the backup had the correct file date of late last year...something isn't right.

 

I did a complete scan of my own PC and it was clean so I closed the site whilst an extensive scan and analysis was done by the company that provides our own dedicated server, not just my server but all other servers. This took several hours to do and in the end it was decided to just delete the site, its server account, the server software, reinstall it all with new passwords, and then upload the backups I did first thing this morning which again took some time.

 

This however will mean that a few posts i.e. any posts made first thing this morning, will be gone but I believe that there were only a handful anyway.

 

I am very sorry for this.

 

We have extremely strict security here and looking at the logs the so and so was only on for a very very short time but was kicked out, not enough time to break through the site to database connection security and get any info from the database. Even if someone did all passwords are protected by 1 way encryption. This means that the database only stores jumbled up letters and numbers and can't be reconstructed. I can't even tell what a user's password is. If you are using the shop and paying by credit card you are transferred out of Recreational Flying into Westpac's own server so I or the site has no way of knowing what your credit card details are...again another security feature I use here unlike other stores that store your credit card details.

 

All in all, it has been a very long and hard day just to be on the safe side. In a couple of days I will be implementing Secured Socket Layers, an SSL certificate that encrypts the data between your PC and the site as well, adding an even extra layer of security however it requires a lot of work to the site to change from http to https.

 

Please be assured that all is ok and again please accept my apology for this happening.

 

 

  • Like 2
  • Agree 1
  • Helpful 4
  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Oh, and not to mention the $33 for every 15mins of work the server people did today but they did a great job...thanks Nic

 

 

Posted

I actually logged in today just before you took it offline and was greeted by a flash-screen stating "hacked by ............" followed by a message that all files on the site would be deleted.

 

It was only up for a couple of seconds (I couldn't screenshot it in time) and then had no access. I figured the site had either crashed entirely or been taken offline. Glad it's not too bad!

 

 

  • Informative 1
Posted

Well done to pickup the anomaly Ian. I also saw the hacked screen but as you shut the site I assumed that you were onto it.

 

 

  • Agree 1
Posted

They never got a chance to get anywhere but I got the server software reinstalled, changed all passwords and reinstalled the site and database just to be on the safe side

 

 

Posted

The ability to add new attachments to posts has now been fixed

 

The Tutorials have now also been restored. As they are all html files that haven't changed recently I have uploaded the files from a backup done late last year so they should also be clean

 

I still have to do the shop but I am just to exhausted today so I will do that tomorrow morning besides I have to go through every single file, delete all caches and check every image

 

 

Posted

For the tech savvy, the attached image shows the difference I picked up in one of the core files...you can see the code is exactly the same however it wasn't the same as the file that I had just previously backed up

 

1.jpg.4cedeced99976ff547c92356cec9c058.jpg

 

 

Posted

Why would anyone want to hack a site like this ? What would they be able to gain?

 

 

Posted
Why would anyone want to hack a site like this ? What would they be able to gain?

I was wondering the same thing...

 

 

Posted

Sound all like Chinese this savvy tech talk

 

Turn on computer and screen lights up

 

Well done Ian for having such in depth knowledge of computers and software, lost me at the first set of traffic lights lol

 

 

  • Like 2
  • Agree 2
Posted
Why would anyone want to hack a site like this ? What would they be able to gain?

I wonder if it was just coincidence that it happened at such a close time to the opening of the what's up Australia site? Maybe a competitor fishing for stuff?

Anyway it's good to see Ian on it so quick.

 

 

Posted
Today (Sun 19/3) at approx 7.00 in the morning I did a full backup and download of the site and its databases. Then at approx 8.00am I was advised by a user that the site may have been hacked. I did a quick check on the site and saw that a core file had today's date on it which it shouldn't have. Looking in the file and comparing it to the file in the backup I saw that whilst they had exactly the same code, the correct code, the one on the server had line spaces in between the lines of code which didn't add up i.e. why was there extra line breaks in the file compared to the one that I had backed up plus the backup had the correct file date of late last year...something isn't right.I did a complete scan of my own PC and it was clean so I closed the site whilst an extensive scan and analysis was done by the company that provides our own dedicated server, not just my server but all other servers. This took several hours to do and in the end it was decided to just delete the site, its server account, the server software, reinstall it all with new passwords, and then upload the backups I did first thing this morning which again took some time.

 

This however will mean that a few posts i.e. any posts made first thing this morning, will be gone but I believe that there were only a handful anyway.

 

I am very sorry for this.

 

We have extremely strict security here and looking at the logs the so and so was only on for a very very short time but was kicked out, not enough time to break through the site to database connection security and get any info from the database. Even if someone did all passwords are protected by 1 way encryption. This means that the database only stores jumbled up letters and numbers and can't be reconstructed. I can't even tell what a user's password is. If you are using the shop and paying by credit card you are transferred out of Recreational Flying into Westpac's own server so I or the site has no way of knowing what your credit card details are...again another security feature I use here unlike other stores that store your credit card details.

 

All in all, it has been a very long and hard day just to be on the safe side. In a couple of days I will be implementing Secured Socket Layers, an SSL certificate that encrypts the data between your PC and the site as well, adding an even extra layer of security however it requires a lot of work to the site to change from http to https.

 

Please be assured that all is ok and again please accept my apology for this happening.

no need for the apology: you did what you needed to do, and you're doing a great job, much appreciated.

 

 

  • Agree 2
Posted
Sound all like Chinese this savvy tech talk

I read it, can confirm it's not Chinese.

 

 

Posted
For the tech savvy, the attached image shows the difference I picked up in one of the core files...you can see the code is exactly the same however it wasn't the same as the file that I had just previously backed up[ATTACH=full]49403[/ATTACH]

Any chance that there is text in those lines you cannot see i.e. its white on white to prevent viewing? I've acquired and used similar techniques for other reasons in the past ;-)

 

 

Posted
Any chance that there is text in those lines you cannot see i.e. its white on white to prevent viewing? I've acquired and used similar techniques for other reasons in the past ;-)

Good thought but no as it is just plain text

 

 

Posted

If there was additional text, the file sizes would be different.

 

 

Posted

The Recreational Flying/Clear Prop Pilot Supplies Shop has now reopened and working well. Please don't forget that any purchases made in our shop not only gives you far cheaper prices than elsewhere but also any proceeds go towards helping to keep this site alive and available to you...thanks

 

 

  • Like 1
Posted
Why would anyone want to hack a site like this ? What would they be able to gain?

Bored teenager in a hacking group wanting a challenge.

There's absolutely nothing of any material value on the site as far I can tell. But remember, outside of the big boys in the professional international intelligence community, a lot of hackers do it for kicks. It's vandalism and it's the computer nerd equivalent of spray-painting a train, or kicking over someone's letterbox. They do it to get "respect" in their hacking group and show how cool they are.

 

 

Posted

I have just done some maintenance on the site which was only to take about 5 to 8 mins however due to yesterday's issues I had locked down some 40,000 files far to tight which halted the maintenance in mid flight. After changing those files it ended up taking just over 20mins so sorry about the delay...I am very mindful that I do not cause any more downtime after yesterday and thus impacting the site's reputation.

 

 

Posted

Don't worry, Ian. All sites go down, usually on Sundays, for routine maintenance. My wife tried to get onto a Federal Government site on Sunday and it was down. I bet the ratio of down:up time for this site is miniscule.

 

We just have to bitch about its being down. It's what we do. Especially on a Sunday when the weather for a lot of us is socked in.

 

OME

 

 

Posted

Hi Ian!

 

When I go to log in, Firefox gives me this warning message.

 

Clipboard01.jpg.5cf4e4e22dcc282d9cc9c2f92feaa2d2.jpg

 

Been this way for a few days now.

 

Any explanation for this please?

 

 

Posted

Yes I know, this is new with the latest Firefox and being pushed by Google for all web sites to use an SSL Certificate i.e. use https. I will be implementing that soon however it requires a lot of work including searching and replacing links in every single site post plus a lot more. Please if you can just bare with it till I can get this done. In fact as you posted I was on the phone talking to my server provider about this very subject...ears burning 001_smile.gif.2cb759f06c4678ed4757932a99c02fa0.gif

 

 

Posted

This is a terrific site, and a wonderful resource. I'm sure the entire membership appreciate the benefits it brings, and accept the occasional outage as part of the gitalong, just as it is for the interweb in general.

 

Regarding the Firefox warning msg, I have that too, probably at about half the sites I visit here, and I'm sure nobody expects an instant fix on that either!

 

 

  • Agree 2
Posted

No problems Ian. I use a unique password so it's no issue really. I appreciate your work!

 

 

  • Agree 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...