Airsoft Canada
007 Licence to Shoot

Go Back   Airsoft Canada > General > General
Home Forums Register Gallery FAQ Calendar
Retailers Community News/Info International Retailers IRC Today's Posts

SQL Injection mass attack

:

General

Reply
 
Thread Tools Search this Thread
Old August 6th, 2008, 16:49   #1
MadMorbius
Administrator Malleus Veto
 
MadMorbius's Avatar
 
Join Date: Jan 2002
Location: Mississauga, Ontario
Send a message via ICQ to MadMorbius
SQL Injection mass attack

Not sure who to bring this to, so I thought I'd post it here in General to ensure it gets the admin's attention.

There is currently a mass attack taking place against millions of internet databases serving content to ASP and PHP powered websites. Thus far, over 700,000 web servers have been compromised.

The result of a compromise is the injection of code into active content tables which will initiate a cross-site scripting call to one of dozens of sites in Russia. The result of the cross-site scripting call is the download and execution of malicious javascript; the javascript then installs a downloader which will download the ASPROX virus. No interaction is required by the end user, who by all accounts is visiting a trusted web site.

The ASPROX virus serves two major purposes. First, it seeks out and attacks additional databases, usually sites that the infected user is visiting. Attacks may be persisitent, i.e. over many months, until the virus eventually finds and exploits a vulnerable application, function or table.

Secondly, the ASPROX virus installs a "BOT" on the end user's computer. The Bot becomes part of the ASPROX BOTNET. The ASPROX BOTNET's primary usage is to faciliate ROCK PHISH attacks against multiple financial institutions.

Based on the database errors I've seen occurring on this site recently, it is my believe that this site is being targetted by the Asprox virus. If there is a vulnerability anywhere within the site's application code, the virus will eventually exploit it. Exploitation may result in collateral infection of the entire ASC user community.

To the ADMINS: Please check your sql logs for evidence of multiple stacked SQL statements using CAST method and followed by a long string of Base64 characters. Additionally, please ensure you've updated to the latest version of the board software to ensure there are no application vulnerabilities to exploit.

To the USERS: Please ensure your antivirus software is up to date, and that you are running regular scans. FYI if you wind up with the ASPROX virus on your machine, you will be an unwilling participant in international criminal activity. Oh, it will also keylog the fuck out of you, so you'll probably lose most of your personal information in the process.

Enjoy.



More information on the ASPROX virus: http://technology.timesonline.co.uk/...cle4381034.ece
__________________
[/FONT]
Quote:
Originally Posted by Deaf_shooter View Post
what if it model after his?

Last edited by MadMorbius; August 6th, 2008 at 16:56..
MadMorbius is offline   Reply With Quote
Old August 6th, 2008, 17:00   #2
Mantelope
Scotty aka harleyb
 
Mantelope's Avatar
 
Join Date: Mar 2004
Location: Toronto, Ontario
Send a message via AIM to Mantelope Send a message via MSN to Mantelope
TBH, ASC has had SQL problems its entire life. This is scary shit though, and I'm looking into it. Don't be surprised if ASC goes down in the near future for a security audit.
__________________
Mantelope is offline   Reply With Quote
Old August 6th, 2008, 17:02   #3
Gunk
In his Trunk!
 
Gunk's Avatar
 
Join Date: Aug 2004
Location: Mostly Canada
Send a message via MSN to Gunk
Emailed to work's IT dept...

Suggest anyone else who's ever visited ASC in the past 2-3 months at work do the same, just in case.

+1 to scary shit
__________________
"War must be, while we defend our lives against a destroyer who would devour all; but I do not love the bright sword for its sharpness, nor the arrow for its swiftness, nor the warrior for his glory. I love only that which they defend: the city of the Men of Numenor, and I would have her loved for her memory, her ancientry, her beauty, and her present wisdom. Not feared, save as men may fear the dignity of a man, old and wise." - J.R.R. Tolkien
Gunk is offline   Reply With Quote
Old August 6th, 2008, 17:03   #4
Shrike
ASC Philosopher
 
Shrike's Avatar
 
Join Date: May 2004
Location: Ont.



Morb you know too much about computer stuff. You and some of the other brainiacs on here should drink more alcohol to kill some brain cells and level the playing field.

On a related note we got a warning today at work to NOT open any e-mail with the word "POSTCARD" or any similar variation, not sure if it's different or same attack.
__________________
Quote:
Enjoy the true freedom that comes from being completely free of the shackles of reality.
Shrike is offline   Reply With Quote
Old August 6th, 2008, 17:11   #5
warbird
 
warbird's Avatar
 
Join Date: Oct 2006
Location: NB, Canada
Quote:
Originally Posted by Gunk View Post
+1 to scary shit
me too...
warbird is offline   Reply With Quote
Old August 6th, 2008, 17:16   #6
Maverick0
 
Join Date: Apr 2006
Location: Winnipeg
I run my team's site / forum...

We were hit with something similar if not this exact thing about 4 months ago. Had to switch providers and upgrade forum software. It's a real bastard because it gets into the webserver itself and infects other sites hosted on it. I'm not sure if anything can be done from a user standpoint, as in, I who rent space on a webserver am virtually powerless as I don't have access to the server backend. It can only hit certain webservers that have a particular vulnerability as I understand it.

Just be weary of any redirects when you try to get to a familiar site...
__________________
Maverick0 is offline   Reply With Quote
Old August 6th, 2008, 17:50   #7
Sha Do
 
Sha Do's Avatar
 
Join Date: Jun 2003
Location: No where to be seen......Hillsburgh
Hell crap.....just when I'm trying to organize the US team for Border War II...

Thanks for the head's up Morb.
SHA DO
Sha Do is offline   Reply With Quote
Old August 6th, 2008, 17:58   #8
Mantelope
Scotty aka harleyb
 
Mantelope's Avatar
 
Join Date: Mar 2004
Location: Toronto, Ontario
Send a message via AIM to Mantelope Send a message via MSN to Mantelope
I'm not 100% convinced that ASC is safe and secure from this, but I have confirmed that a lot of the performance issues we've been experiencing have been from phpbb forums running on the same server, being pounded by spambots.
__________________
Mantelope is offline   Reply With Quote
Old August 6th, 2008, 18:48   #9
MadMorbius
Administrator Malleus Veto
 
MadMorbius's Avatar
 
Join Date: Jan 2002
Location: Mississauga, Ontario
Send a message via ICQ to MadMorbius
There's a simple fix to keep spambots out. Put the entire site behind simple authentication /htaccess. Doesn't matter if it's a shared username / password, but the bots will hit the auth page and won't be able to go beyond it unless someone tells the bot the password.

Intrusive perhaps, but desperate times....note that this will also stop web crawlers from indexing the site. So if that's a problem, perhaps it's not the right solution.
__________________
[/FONT]
Quote:
Originally Posted by Deaf_shooter View Post
what if it model after his?
MadMorbius is offline   Reply With Quote
Old August 6th, 2008, 19:19   #10
Tankdude
 
Join Date: Jan 2005
Location: Ontario
Send a message via MSN to Tankdude
its ok, i got vista.
Tankdude is online now   Reply With Quote
Old August 6th, 2008, 19:21   #11
Mantelope
Scotty aka harleyb
 
Mantelope's Avatar
 
Join Date: Mar 2004
Location: Toronto, Ontario
Send a message via AIM to Mantelope Send a message via MSN to Mantelope
Quote:
Originally Posted by MadMorbius View Post
There's a simple fix to keep spambots out. Put the entire site behind simple authentication /htaccess. Doesn't matter if it's a shared username / password, but the bots will hit the auth page and won't be able to go beyond it unless someone tells the bot the password.

Intrusive perhaps, but desperate times....note that this will also stop web crawlers from indexing the site. So if that's a problem, perhaps it's not the right solution.
Not feasible for ASC, too much work for the other sites with phpbb; I've just disabled the insecure forums, they weren't even being used.
__________________
Mantelope is offline   Reply With Quote
Old August 6th, 2008, 19:24   #12
underground
 
underground's Avatar
 
Join Date: Sep 2006
Location: Calgary
I'm on a mac, I wonder if it affects us mac users...
underground is offline   Reply With Quote
Old August 6th, 2008, 19:25   #13
hattrick
NAAZ's #1 fan!
 
hattrick's Avatar
 
Join Date: Aug 2005
Location: Uptown GTA
Send a message via MSN to hattrick
Quote:
Originally Posted by Tankdude View Post
its ok, i got vista.
hahahahaah
__________________
Quote:
Originally Posted by Brian McIlmoyle View Post
you are going to die..

maybe not from this .. and probably not today... but I assure you, you will die
hattrick is offline   Reply With Quote
Old August 6th, 2008, 20:31   #14
Gunk
In his Trunk!
 
Gunk's Avatar
 
Join Date: Aug 2004
Location: Mostly Canada
Send a message via MSN to Gunk
Quote:
Originally Posted by Tankdude View Post
its ok, i got vista.
Put that in the "you laugh you lose" thread...
__________________
"War must be, while we defend our lives against a destroyer who would devour all; but I do not love the bright sword for its sharpness, nor the arrow for its swiftness, nor the warrior for his glory. I love only that which they defend: the city of the Men of Numenor, and I would have her loved for her memory, her ancientry, her beauty, and her present wisdom. Not feared, save as men may fear the dignity of a man, old and wise." - J.R.R. Tolkien
Gunk is offline   Reply With Quote
Old August 6th, 2008, 20:50   #15
Styrak
 
Styrak's Avatar
 
Join Date: Jan 2007
Location: Saskatoon, SK
Send a message via MSN to Styrak
Quote:
Originally Posted by Tankdude View Post
its ok, i got vista.
I hope that's a joke.
__________________

Airsoft Sales and Repair/Upgrade Services
Styrak is offline   Reply With Quote
ReplyTop


Go Back   Airsoft Canada > General > General

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Airsoft Canada
007 Licence to Shoot

All times are GMT -4. The time now is 09:48.


Powered by vBulletin® Version 3.8.10
Copyright ©2000 - 2017, vBulletin Solutions, Inc.