Forum hack- what happened?

& Crivens & SirDice.

Meanwhile where is Foundation ? Hey , did something happened ?
We are here to collect money :). We are on the high level.
Not this basic stuff which keeps thing going.
Let's make a marketing plan, we need a vision , a mission , a strategy.
 
astyle said:
did everyone else see that same defacing of the Forums, or did anyone see/get a different image?
Click to expand...
I took a screenshot with my cell phone.

Screenshot_20260330-182645_Chrome.jpg

These idiots don't even know what responsiveness is.
 
grandpa said:
I wonder if the XSS hack was combined with other methods to do more damage.
Click to expand...
Not that I could find in our situation. I took apart their injected javascript. It didn't do much besides redirecting to a github repo that hosted the "defacement" page. That defacement page also contained some javascript, but that was nothing more than a basic http/tcp/udp connection flooder. Nothing fancy and most of it didn't even work properly.
 
SirDice said:
No. We were in constant contact with various folks from core, foundation and clusteradmin. So, none of this nonsense please.
Click to expand...
There was a Foundation post on Facebook. Showing they knew nothing. Excuse me if I sometimes over-exagerate. I only tell my feelings. And really have no idea, the good/bad they do. So for me it is something "black".
- Do we really need KDE ?
- Wifi drivers for exotic hardware ?
Are priorities wright ?
---> Me I think more about Netapp & Jupiner.
 
They never were able to access , kernel repo , package repo, or gain root access. Probably only xenforo administator session/cookie/password. And insert there own "front-page".
 
eternal_noob said:
I took a screenshot with my cell phone.

View attachment 25824

These idiots don't even know what responsiveness is.
Click to expand...
i guess that my proxy blocked the bg image. i simply saw a black bg.

a simple cascading stylesheet would solve alot of responsive problems:
Code: 
@media (max-width: 300px) { 
  .haha { display: block;  } 
}

and image sets work wonders these days:

Using responsive images in HTML - HTML | MDN

In this article, we'll learn about the concept of responsive images — images that work well on devices with widely differing screen sizes, resolutions, and other such features — and look at what tools HTML provides to help implement them. This helps to improve performance across different devices.
developer.mozilla.org developer.mozilla.org
 
grandpa said:
This is about the corresponding hack on linux.org from this thread.

"Edit2: more info: https://github.com/methosiea/xenforo-2-xss
So, the attack chain is basically:

  1. Attacker registers an account
  2. New post w/ the xss payload - it goes to the queue
  3. An admin views it, it fires off the xss payload stealing his session
  4. Attacker creates the malicious widget"
I wonder if the XSS hack was combined with other methods to do more damage.

I also wonder why someone would hack a public forum.

/grandpa
Click to expand...
This is literally what happened.
SirDice and myself both caught the defacement live (and in some way, caused it by being online -- see point 3 in quote).
SirDice analyzed the code (which was put in a simple post), nuked the user and their post, found in the admin log what was changed (by "us"), reverted everything.
I was on the server itself, checking possible intrusions in file systems, databases, checking known good file hashes.
Meanwhile, I nudged DanGer to expedite the XF update.
All of this was basically done in under 30 minutes, but the FreeBSD Org wanted a little more detail and reassurance.
And that was it.
 
You must log in or register to reply here.
Back
Top