LaserDisc Database https://forum.lddb.com/ |
|
HACK ATTEMPT on LDDb.com https://forum.lddb.com/viewtopic.php?f=2&t=8809 |
Page 1 of 1 |
Author: | admin [ 02 Jan 2020, 05:08 ] |
Post subject: | HACK ATTEMPT on LDDb.com |
Thanks to blam1 for pointing out that the Global Shop sub-categories was sending back "Wrong country code, sorry" The country code itself (ALL) was correct, it's what came after that wasn't! Ex: %20%27-6863%20union%20all%20select%201,CONCAT(0x3a6f79753a,IFnull(CAST(COUNT(*)%20AS%20CHAR),0x20),0x3a70687a3a)%20FROM%20lddb_search._search_2008#&cat=video&key=3 Google for the first CONCAT Hex code and you'll see that quite many websites have also been infected: https://www.google.com/search?q=0x3a6f79753a It's not the database, admin account hasn't been compromised but somehow they found a way to poison/compromise the memcached data. I invalidated all data to start from fresh again, but will monitor if they ever try again. Julien |
Author: | jakeheke [ 02 Jan 2020, 05:46 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
b*****ds! Good on ya for reporting blam1 |
Author: | firehorse_44 [ 02 Jan 2020, 08:25 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
Hat is off to blam1.... Cheers mate... Repel borders ! |
Author: | xtempo [ 02 Jan 2020, 13:56 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
great job on blam1's part and Julien for this to be an attempt only. |
Author: | hippiedalek [ 04 Jan 2020, 23:18 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
Excellent work both of you for fixing this. Interestingly Google notified me that an account I used had been compromised but didn't tell me which. I changed all my passwords but I guess it was probably LDDB. Well done spotting and sorting it : ) |
Author: | admin [ 10 Feb 2020, 13:15 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
hippiedalek wrote: Interestingly Google notified me that an account I used had been compromised but didn't tell me which. I changed all my passwords but I guess it was probably LDDB. Google would only notify of major websites, not LDDb. And the passwords here are encrypted one-way, there's no way I can guess it even if I wanted to. blam1 saw another round of attacks (from a Russian IP) so today I beefed up the firewall rules to try to catch these script kiddies before they make any damage. Already caught 5 more, keeping them out for a month. Should make them give up pretty quickly. Julien |
Author: | admin [ 30 Apr 2020, 03:48 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
And one of the attacks was eventually successful in getting some data out. The very few (~12) accounts with unencrypted passwords that could have been retrieved were updated and notified. These attacks were based on a 2016 scripts readily available: https://github.com/samedog/PHPmvs/blob/master/PHPmvs.php I'm getting a daily log of suspicious URLs that got caught and blocking their IPs for a month. They happen in waves with sources spread around the world, meaning that they are part of a botnet made of compromised computers launching parallel attacks to improve efficiency. These attacks basically cost nothing to perform: they do not pay the electricity for compromised computers, it runs automatically from temporary Amazon, Azure or Google clouds costings a few $/hour. They will just increase over time, better be ready! Julien |
Author: | admin [ 08 May 2020, 08:34 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
SQL injection attempt banning time (by IP) increased from 1 to 6 months. Top 20 countries for such attacks: Code: Select all +------------------+-------+ USA is #1 because most disposable VMs from cloud service provides are originating from Amazon, Google or Microsoft. Julien |
Author: | admin [ 27 May 2020, 05:50 ] |
Post subject: | Re: HACK ATTEMPT on LDDb.com |
Last (I hope!) round or of update on this type of attack. I finally found the remaining piece of code that still allowed the cached version of the Global Shop to be poisoned (for 24h) by outside bogus URL probings. It will be fully fixed for the LDDB v3.3 upgrade coming... maybe tonight! Julien |
Page 1 of 1 | All times are UTC [ DST ] |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |