OT: teamanandtech.net defaced

[caferace]

So, while it appears the forums have not been hit the front page has definitely been compromised.

Visting there with Firefox 1.5.01 kills it. Odds are visiting the page with MSIE would do worse, so my suggestion is don't. Assume your data there is compromised, unless otherwise notified. I've PM'ed petrusbroder and PM'ed and emailed amdx.borg. If there is someone else that needs to know, please do so. I've heard back from neither of them as of this posting.

Page source available, for those that are interested in web security.

I hate it when this happens.

-jim

 

[Hurricane Andrew]

People like that really piss me off. :| :| :| :| :| :| :| :| :| :|

 

[BadThad]

Criminals...I'm so proud of him. :disgust:

 

[Ken g6]

I got a copy of the page source with wget. Looks like it was done by a script kiddie:

<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">

I'd also block the server "mp3.mp3evi.com" in your hosts file before going anywhere near that page. He has an auto-launched wma file there.

 

[caferace]

Thanks Ken. I didn't know whether or not to say anything in public. But I figured saying nothing was worse.

Some people suck.

-jim

 

[RaySun2Be]

Originally posted by: caferace
Thanks Ken. I didn't know whether or not to say anything in public. But I figured saying nothing was worse.

Some people suck.

-jim

You did the right thing!

some people do suck! :|

 

[caferace]

Thanks.

Nice milestone, BTW: " Posts: 15000"

-jim

 

[Wolfsraider]

Johan, same guy that attacked reddeye.com, or same group. Let me know if I can help in anyway.

Damn kids.

I emailed the abuse Department at the hosting company. I asked that they look into this matter.

 

[petrusbroder]

Nice wake up on a sunday ...
I have received caferaces PM (thanks a lot! ) and looked into it. .... sorry to say: Johan has to undo this defacement - I am considering to take the site down - that is about all I can do. OTOH: the damagis is done (???).
I'll confer with my co-admins/mods and we will increase security, report to the correct people etc.

But OT and OTOH: this is a miserable day: It has snowed daily for the last 5 days, some 25 - 30 cm new, wet, heavy, slushy snow. Removing is like moving half melted ice-cream. I want to be warm, cuddly, have a cup of hot tea in my bed and stay there - (with my girl friend but she is not here just now ... )
One of the kids has a cold :roll: and I have to write a report about my business trip until tomorrow 8:00 am. :disgust: :evil:

 

[Spacehead]

Thanks for the heads-up caferace :thumbsup:

 

[caferace]

Tea and Cake. Tea and cake. Repeat after me.

Sorry for the rude awakening.

-jim

 

[petrusbroder]

I have checked - the site takes down IE, Firefox, Netscape (older versions) but not Opera. I'll shut down the board because of the risk tht it will spread some kind of contamination.

Sorry folks!

Edit: The TAS-board is off line now!

Please check if malicious code has been put onto your computers by running anti-virus softvare and anti - spyware software. I'll let you know if there is anything suspicious on the comp I used for checking the site out.

 

[Wolfsraider]

Originally posted by: petrusbroder
I have checked - the site takes down IE, Firefox, Netscape (older versions) but not Opera. I'll shut down the board because of the risk tht it will spread some kind of contamination.

Sorry folks!

Edit: The TAS-board is off line now!

Please check if malicious code has been put onto your computers by running anti-virus softvare and anti - spyware software. I'll let you know if there is anything suspicious on the comp I used for checking the site out.

Nothing here on ie6.

ran hijack adaware spybot and avg

 

[BlackMountainCow]

Peter, the TAS board is NOT offline. Via a direct link, you can still reach the board!

http://www.teamanandtech.net/forums/index.php?showforum=42

 

[petrusbroder]

Originally posted by: BlackMountainCow
Peter, the TAS board is NOT offline. Via a direct link, you can still reach the board!

http://www.teamanandtech.net/forums/index.php?showforum=42

I could not use the link at all (when not being logged on ... ) or when I tried go get in as a guest.

If you log out and do not log in again (remember that your comp may remeber the username and password) can you read it?

If yes, then only Johan kan take it down completely.

When trying to use the link (while being logged of ... ) this happenend:

TeAm AnandTech DC

This menu has been disabled
TA DC Forums

Board Offline

The board has been hacked. Since it takes down several browsers (among them Firefox 1.0x and 1.5.x, IE and older Netscape) We have taken down the board until it has beeen restored.

Your account username:

Your account password:

Lo-Fi Version Time is now: 9th April 2006 - 08:18 AM

The hacked page is on-line though ...

 

[amdxborg]

lol Mofos!

This hasn't been the first time.. Well the original frontpage has been restored. Is there any problems except the frontpage?

Thanx to everyone who pmed me.. mailed me.. and posted here! Wow thanx for everyone's efforts!

edit.. Well looks like it's time to change all the passwords again... :| Not that they were bad but ahh crap this sux!

edit.. Forums are back online.

 

[Wolfsraider]

Great news and Great Job Johan

 

[Hurricane Andrew]

Great job guys. It just burns me up that my 1000th post has to be about this rather than congratulating someone on a milestone!

 

[petrusbroder]

Congrats on your 1 000th post and your new status, Hurricane Andrews!

:beer: to a 1 000 more!

 

[Hurricane Andrew]

Originally posted by: petrusbroder
Congrats on your 1 000th post and your new status, Hurricane Andrews!

:beer: to a 1 000 more!

Thanks! And here's a few :beer::beer::beer::beer::beer::beer::beer::beer: for the rest of the gang!