If that happens, I will be gone for a while. I am still expecting to have to deal with that family emergency. There are so many more people trying to destroy than create. It is unfortunate that they have applied themselves to this end, likely for pay. The sophistication in this attack is very high, and shows an intimiate familiarity with both Rust and XenForo. We needed something custom, but my confidence in my work has been shot.
#Iridium or icecat software
XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions. The script caused the user to load /test-chat, my chat shim, /help/, XenForo's help documentation, /avatar/avatar, to change their avatar to the logo of another site (likely as a frame job), and admin.php?tools/phpinfo, if they were an admin. There's no information tied to that page. The webhook site allows for you to redirect to other scripts and to delete request history, which was done. opus file that contained a web document that looked like this. It's impossible to say if they acquired user data through other means, but I did not see any other attempt to complete this transaction or otherwise scrape user data. However, their request did not appear to go through because they requested too many records at once.
#Iridium or icecat download
Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff. My admin account was compromised through this mechanism. I initially believed that this allowed a hacker to take over that webserver and snoop data as a man-in-the-middle.Ī bad actor was able to upload a webpage disguised as an audio file to XenForo.Įlsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account.
Yesterday, vsys - one of our hosts out of Ukraine - was compromised. It is very draining to deal with such miserable people all the time. More than anything, I really miss spending time with you guys and laughing at stupid shit. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public. I am very, very tired of writing statements like this, but I find it difficult the stifle my righteous indignation.Įvery time I see the reaction of these people, it is this hideous arrogance. I need to completely evaluate my security from the top down.Ĭloudflare not only provided DDoS protection, they also accounted for many popular exploits like this.Īs I've worked for weeks to combat the endless flow of attacks from every conceivable angle I have spread myself very thin and hurridly replaced old systems with new ones that are not properly vetted.Įven now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation. I need to reformat and reinstall everything. The site will be restored from a backup point taken at September 17th at Noon GMT. If they scraped information through some other mechanism, I cannot say with any confidence either way. This caused an error and no output was returned. In my access logs, they attempted to download all user records at once. I do not know for sure if any user information was leaked. Use email aliases instead of burner emails so you keep access to your accounts without risking your privacy.
#Iridium or icecat password
Use a passphrase with a password manager suggested on PrivacyGuides. Use an email address from a reputable provider.
You should take a moment to read, even if you hate this site. Thankfully, most users pay attention to my privacy checkups and there isn't much to leak.
0 kommentar(er)
