LaserDisc Database :: View topic - HACK ATTEMPT on LDDb.com

Code: Select all

+------------------+-------+
| Origin of attack | Total |
+------------------+-------+
| US               |  1046 |
| FR               |   134 |
| DE               |   127 |
| RU               |    95 |
| CN               |    94 |
| GB               |    54 |
| NL               |    53 |
| TR               |    50 |
| UA               |    45 |
| JP               |    30 |
| CA               |    29 |
| BR               |    26 |
| ES               |    23 |
| CZ               |    21 |
| PL               |    19 |
| SE               |    18 |
| AU               |    15 |
| IT               |    14 |
| VN               |    14 |
| SG               |    11 |
+------------------+-------+

Author:	admin [ 02 Jan 2020, 05:08 ]
Post subject:	HACK ATTEMPT on LDDb.com
Thanks to blam1 for pointing out that the Global Shop sub-categories was sending back "Wrong country code, sorry" The country code itself (ALL) was correct, it's what came after that wasn't! Ex: %20%27-6863%20union%20all%20select%201,CONCAT(0x3a6f79753a,IFnull(CAST(COUNT()%20AS%20CHAR),0x20),0x3a70687a3a)%20FROM%20lddb_search._search_2008#&cat=video&key=3* Google for the first CONCAT Hex code and you'll see that quite many websites have also been infected: https://www.google.com/search?q=0x3a6f79753a It's not the database, admin account hasn't been compromised but somehow they found a way to poison/compromise the memcached data. I invalidated all data to start from fresh again, but will monitor if they ever try again. Julien

Author:	jakeheke [ 02 Jan 2020, 05:46 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
b*****ds! Good on ya for reporting blam1

Author:	firehorse_44 [ 02 Jan 2020, 08:25 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
Hat is off to blam1.... Cheers mate... Repel borders !

Author:	xtempo [ 02 Jan 2020, 13:56 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
great job on blam1's part and Julien for this to be an attempt only.

Author:	hippiedalek [ 04 Jan 2020, 23:18 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
Excellent work both of you for fixing this. Interestingly Google notified me that an account I used had been compromised but didn't tell me which. I changed all my passwords but I guess it was probably LDDB. Well done spotting and sorting it : )

LaserDisc Database https://forum.lddb.com/

HACK ATTEMPT on LDDb.com https://forum.lddb.com/viewtopic.php?f=2&t=8809	Page 1 of 1

Author:	admin [ 10 Feb 2020, 13:15 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
hippiedalek wrote: Interestingly Google notified me that an account I used had been compromised but didn't tell me which. I changed all my passwords but I guess it was probably LDDB. Google would only notify of major websites, not LDDb. And the passwords here are encrypted one-way, there's no way I can guess it even if I wanted to. blam1 saw another round of attacks (from a Russian IP) so today I beefed up the firewall rules to try to catch these script kiddies before they make any damage. Already caught 5 more, keeping them out for a month. Should make them give up pretty quickly. Julien

Author:	admin [ 30 Apr 2020, 03:48 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
And one of the attacks was eventually successful in getting some data out. The very few (~12) accounts with unencrypted passwords that could have been retrieved were updated and notified. These attacks were based on a 2016 scripts readily available: https://github.com/samedog/PHPmvs/blob/master/PHPmvs.php I'm getting a daily log of suspicious URLs that got caught and blocking their IPs for a month. They happen in waves with sources spread around the world, meaning that they are part of a botnet made of compromised computers launching parallel attacks to improve efficiency. These attacks basically cost nothing to perform: they do not pay the electricity for compromised computers, it runs automatically from temporary Amazon, Azure or Google clouds costings a few $/hour. They will just increase over time, better be ready! Julien

Author:	admin [ 08 May 2020, 08:34 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
SQL injection attempt banning time (by IP) increased from 1 to 6 months. Top 20 countries for such attacks: Code: Select all +------------------+-------+ \| Origin of attack \| Total \| +------------------+-------+ \| US \| 1046 \| \| FR \| 134 \| \| DE \| 127 \| \| RU \| 95 \| \| CN \| 94 \| \| GB \| 54 \| \| NL \| 53 \| \| TR \| 50 \| \| UA \| 45 \| \| JP \| 30 \| \| CA \| 29 \| \| BR \| 26 \| \| ES \| 23 \| \| CZ \| 21 \| \| PL \| 19 \| \| SE \| 18 \| \| AU \| 15 \| \| IT \| 14 \| \| VN \| 14 \| \| SG \| 11 \| +------------------+-------+ USA is #1 because most disposable VMs from cloud service provides are originating from Amazon, Google or Microsoft. Julien

Author:	admin [ 27 May 2020, 05:50 ]
Post subject:	Re: HACK ATTEMPT on LDDb.com
Last (I hope!) round or of update on this type of attack. I finally found the remaining piece of code that still allowed the cached version of the Global Shop to be poisoned (for 24h) by outside bogus URL probings. It will be fully fixed for the LDDB v3.3 upgrade coming... maybe tonight! Julien

Page 1 of 1	All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/