LaserDisc Database
https://forum.lddb.com/

HACK ATTEMPT on LDDb.com
https://forum.lddb.com/viewtopic.php?f=2&t=8809
Page 1 of 1

Author:  admin [ 02 Jan 2020, 05:08 ]
Post subject:  HACK ATTEMPT on LDDb.com

Thanks to blam1 for pointing out that the Global Shop sub-categories was sending back "Wrong country code, sorry"

The country code itself (ALL) was correct, it's what came after that wasn't!

Ex: %20%27-6863%20union%20all%20select%201,CONCAT(0x3a6f79753a,IFnull(CAST(COUNT(*)%20AS%20CHAR),0x20),0x3a70687a3a)%20FROM%20lddb_search._search_2008#&cat=video&key=3

Google for the first CONCAT Hex code and you'll see that quite many websites have also been infected:

https://www.google.com/search?client=firefox-b-d&q=0x3a6f79753a

It's not the database, admin account hasn't been compromised but somehow they found a way to poison/compromise the memcached data.

I invalidated all data to start from fresh again, but will monitor if they ever try again.

Julien

Author:  jakeheke [ 02 Jan 2020, 05:46 ]
Post subject:  Re: HACK ATTEMPT on LDDb.com

b*****ds!
Good on ya for reporting blam1

Author:  firehorse_44 [ 02 Jan 2020, 08:25 ]
Post subject:  Re: HACK ATTEMPT on LDDb.com

Hat is off to blam1....
Cheers mate...

Repel borders !

Author:  xtempo [ 02 Jan 2020, 13:56 ]
Post subject:  Re: HACK ATTEMPT on LDDb.com

great job on blam1's part and Julien for this to be an attempt only.

Author:  hippiedalek [ 04 Jan 2020, 23:18 ]
Post subject:  Re: HACK ATTEMPT on LDDb.com

Excellent work both of you for fixing this.

Interestingly Google notified me that an account I used had been compromised but didn't tell me which. I changed all my passwords but I guess it was probably LDDB.

Well done spotting and sorting it : )

Author:  admin [ 10 Feb 2020, 13:15 ]
Post subject:  Re: HACK ATTEMPT on LDDb.com

hippiedalek wrote:
Interestingly Google notified me that an account I used had been compromised but didn't tell me which. I changed all my passwords but I guess it was probably LDDB.


Google would only notify of major websites, not LDDb. And the passwords here are encrypted one-way, there's no way I can guess it even if I wanted to.

blam1 saw another round of attacks (from a Russian IP) so today I beefed up the firewall rules to try to catch these script kiddies before they make any damage.

Already caught 5 more, keeping them out for a month.
Should make them give up pretty quickly.

Julien

Page 1 of 1 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/