Nature of GitHub hack attack?
#61
(2014-11-18, 05:18 PM)Pirata Nervo Wrote: We have no answers for you, we only know the website it came from.

OK, thank you. hub.org could not provide more information then?

(2014-11-16, 01:41 AM)frostschutz Wrote: The site it was sent to seems to belong to a well-known hacker

Is this informaiton about hub.org incorrect then?
Reply
#62
This user has been denied support. This user has been denied support.
(2014-11-18, 05:21 PM)amanda2014 Wrote:
(2014-11-16, 01:41 AM)frostschutz Wrote: The site it was sent to seems to belong to a well-known hacker

Is this informaiton about hub.org incorrect then?

Wink

http://hub.org/about_us Wrote:Our Founder

Marc Fournier ("Scrappy") has been involved with the Internet and World Wide Web since founding Canada's first private ISP focused on individuals, Internex Online in Toronto, Ontario. Following the sale of Internex to ICAN in 1996, Marc founded Hub.org Networking Services, [...]
He is a founding core member of the PostgreSQL Global Development Group, the world's most advanced open-source object-relational database system.

http://www.postgresql.org/community/contributors/ Wrote:Hackers Emeritus

The following hackers were previously part of the core team. Although they no longer work on the project, they are included here in recognition of their valuable contributions over the years.

Marc G. Fournier (scrappy at hub.org)
Hub.Org Networking Services
Ottawa, Ontario, Canada

You see? A well-known hacker. Big Grin The guy is practically famous.

Seriously though. Hard to believe than in addition of hijacking some average joe's GitHub account and starting a chain reaction down the line of MyBB's version cache, they also managed to hit a site that gives every impression of having a ton of experience in all things web and security... and all that just for forwarding data when any other no-name site would have served just as well.

It's not something you'd expect in the MyBB sphere, that's for sure.

I'm still waiting for someone to jump out and announce something like "ha-ha I did this just to show you how crappy MyBB is", or something.
Reply
#63
(2014-11-18, 05:13 PM)amanda2014 Wrote:
(2014-11-18, 09:24 AM)Euan T Wrote: We're not sure what has happened to the data. The third party website informed me via email that they had removed all foreign objects from their servers, but did not specifically list which files they were. It would be best to assume you were compromised and to reset all passwords and login keys.
I presume the third party website you are speaking of here is hub.org?

(2014-11-18, 03:35 PM)Euan T Wrote: Also, regarding the earlier question about the attacking site, it's worth noting hub.org (the site that had the script on) was also attacked and did not realise they were being used to serve that script.
This is what worries me. I must ask again:

So what does this mean in regards to the data that was stolen from my site and others? Has it been transferred from the attacking website to yet a malicious site/person? And is it known which site/person it all originated from? And what they might do with the data? Is is still thought this was just "an act to show power" rather than to actually abuse the data?

Yes, the site in question is hub.org. I have no idea what happened to the data or whether it was transferred anywhere. When I inquired via email (and informed them of their site being used for malicious purposes), I was told they were not aware but had now deleted all data and files that was not meant to be there. I do not know any further details apart from that.

If you are worried, you can always email them via the contact link on their site (it's how I contacted them) and ask about your specific case.
Reply
#64
Hi everyone,

This topic and the blog post scared me a lot ! i checked the log there was no backup download in november (i backup using server itself). Also i checked the update_check cache and the last check date was :

[last_check] => 1415779712

The date seems to show 12th of november, So is my database stolen or no ? should i do anything ? (i've already updated to 1.8.2)

full content of my update_cache :
Array
(
    [last_check] => 1415779712
    [news] => Array
        (
            [0] => Array
                (
                    [title] => MyBB 1.8.1 & Merge System 1.8.1 Release
                    [description] => MyBB 1.8.1 – Maintenance Release MyBB 1.8.1 is now available from the MyBB website and is a maintenance release. What’s added/changed in this version? This release fixes 74 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version. Bugs […]
                    [link] => http://feedproxy.google.com/~r/MyBBDevelopmentBlog/~3/erxFg7H84tQ/
                    [author] => StefanT
                    [dateline] => 1414093168
                )

            [1] => Array
                (
                    [title] => MyBB Merge System 1.8
                    [description] => The MyBB Merge System for 1.8 is now available from the MyBB website. What’s new in this version? First we decided to drop some old modules which aren’t supported by their developers: BBPress 1 IP.Board 2 Mingle phpBB 2 vBulletin 3 And of course we’ve added more new modules (including some which you requested fairly […]
                    [link] => http://feedproxy.google.com/~r/MyBBDevelopmentBlog/~3/iSA6ZgMX-Us/
                    [author] => Jones
                    [dateline] => 1410948694
                )

            [2] => Array
                (
                    [title] => MyBB 1.8 Released
                    [description] => It is with the highest honor that we release MyBB 1.8 Gold to the general public. Our team, and you the community, have been on a fantastic journey since that April Fools day in 2012 when MyBB 1.8 development was first announced to the public. Now here we are, 2 years and 5 months on, […]
                    [link] => http://feedproxy.google.com/~r/MyBBDevelopmentBlog/~3/nCSkDCtIv5s/
                    [author] => Pirata Nervo
                    [dateline] => 1409571916
                )

        )

)
Reply
#65
my Acp  update_check shows only this :

Array

(
[dateline] => 1416373029
)
Reply
#66
Thank you for your responses, frostschutz and Euan. We'll discuss within the administrative team if we should contact hub.org specifically about our case. This thread has been very helpful in clarifying what's going on. Thank you for the transparency. 
Reply
#67
(2014-11-18, 10:09 PM)noyfound Wrote: Hi everyone,

This topic and the blog post scared me a lot ! i checked the log there was no backup download in november (i backup using server itself). Also i checked the update_check cache and the last check date was :


[last_check] => 1415779712

The date seems to show 12th of november, So is my database stolen or no ? should i do anything  ? (i've already updated to 1.8.2)

full content of my update_cache :

Array
(
    [last_check] => 1415779712
    [news] => Array
        (
            [0] => Array
                (
                    [title] => MyBB 1.8.1 & Merge System 1.8.1 Release
                    [description] => MyBB 1.8.1 – Maintenance Release MyBB 1.8.1 is now available from the MyBB website and is a maintenance release. What’s added/changed in this version? This release fixes 74 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version. Bugs […]
                    [link] => http://feedproxy.google.com/~r/MyBBDevelopmentBlog/~3/erxFg7H84tQ/
                    [author] => StefanT
                    [dateline] => 1414093168
                )

            [1] => Array
                (
                    [title] => MyBB Merge System 1.8
                    [description] => The MyBB Merge System for 1.8 is now available from the MyBB website. What’s new in this version? First we decided to drop some old modules which aren’t supported by their developers: BBPress 1 IP.Board 2 Mingle phpBB 2 vBulletin 3 And of course we’ve added more new modules (including some which you requested fairly […]
                    [link] => http://feedproxy.google.com/~r/MyBBDevelopmentBlog/~3/iSA6ZgMX-Us/
                    [author] => Jones
                    [dateline] => 1410948694
                )

            [2] => Array
                (
                    [title] => MyBB 1.8 Released
                    [description] => It is with the highest honor that we release MyBB 1.8 Gold to the general public. Our team, and you the community, have been on a fantastic journey since that April Fools day in 2012 when MyBB 1.8 development was first announced to the public. Now here we are, 2 years and 5 months on, […]
                    [link] => http://feedproxy.google.com/~r/MyBBDevelopmentBlog/~3/nCSkDCtIv5s/
                    [author] => Pirata Nervo
                    [dateline] => 1409571916
                )

        )

)

Sounds like you're okay then Smile

(2014-11-19, 05:05 AM)new1 Wrote: my Acp  update_check shows only this :

Array

(
[dateline] => 1416373029
)

Same goes for you Smile

@amanda2014 Ok, no problem!
Reply
#68
Did this attack actually create a backup then take it, or did a backup need to exist?
Reply
#69
It created a backup.
[Image: logo.png]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)