This evening someone succeeded in exploiting a security vulnerability in the Invision Board software and was able to gain access to the UM administration section. They proceeded to send out a number of malicious e-mails to some of our members containing a virus. They also made a virus popup appear on the forum. It appears that we weren't alone, several other Invision Board forums have also been hit in a similar manner in the last few days.

If you have received a strange e-mail containing a lot of garbage and a weird link that appears to have come from this web site - delete it immediately.

The security hole has been plugged now thankfully, I must emphasise my loathing for the type of individuals who get their pleasures from doing this kind of thing

We apologise sincerely for any problems this issue may have caused, and very much hope that it will not discourage you from participating on the site again in future.

Awesome job, SaRuMaN! Thanks for the warnings and work.

Not your fault in the least saru. You did and are doing a mighty fine job reassuring everyone.

*hugs saru*

Scripting... I understand nothing of it (refering to a window that appeared in this website, along with some virus trying to come in a dozen of times)

zomg

Thanks for the warning, SaRu.

There is a word to describe the people that do things like this, but I won't use it in polite company.

ah that explains the other members wierd email, that he posted in another thread in this section. thanks for the warning and for fixing it

thanks for the warning, I don't usually get any mail from here, but now I know.

You can't guard against everything, Saru....

times like this I really really want to believe in Karma

Thanks for all you do SaRuMaN!

It's time to stop calling these people hackers, they should be given a name that really describes them, cyber-vandals would be my suggestion.

Indeed, there's something to be said for the type of people who do this, it's simply dispicable but gladly, it's all been taken care off and hopefully that'll be the last of it.

Good job getting it fixed so quickly.

When I used I.E. to access the board I got a pop up telling me that something was installing, but I when I tried using Firefox nothing came up. I guess if anyone was on the board using Firefox they should scan their computer.

calling them hackers would be complimenting them, they are script-kiddies. check the IP logs, he probably didn't even use a proxy.

p.s. - if you are still using internet explorer, smack yourself then download FireFox!

Wow! Thanks alot for the warning, Saruman! I will now be carful if I see an e-mail that seems like the one mentioned and delete it.

crypto

It's a disgrace to call them hackers...true hackers are in it for the developtment of software, not lame cyber vandelism.


Any, I'm glad its sorted out!

SaRu, your quick response was phenomenal.

*hugs*

people are just that messed up...

im going to check my e-mail, if i got one........things will happen to this sikkos computer........bad things, lol

Thanks SaRuMaN. I had a hard time deleting all the infected files. I was hoping the files wouldn’t spread and infect the other computers at my office. I’ll find out in the morning. Thanks again .

*sigh* doing a V scan now. so the script prompt thing was a virus? i didn't click okay so do you think i'm still safe? we'll find out soon enough. in the mean time i'd suggest everyone running a scan who visited at that time. freakin people man, wtf is with people like that???

There was a weird chap on here posting random bollocks with weird links...any connection?

When isnt there a person doing that? lol

Unfortunately even if you do not press OK, you are not safe...as the prompt has nothing to do with it. Whilst the prompt is coming up, the virus is dlíng to your computer... unless you have good security or a virus blocker....

I got the virus from this site not once, but TWICE!

I came home from school, refreshed the page of UM first thing, and then all of a sudden something downloads and I get a strange Trojan virus. Soooo.....I ended rebooting my entire hard-drive again, so I unfortunately lost everything (I've lost count of how many times I've had to do that). Thinking nothing of it, I reinstalled my Internet software, and went back to UM right away, where I got the virus again, thus forcing me to reboot my hard-drive again. That time I knew it had to be that someone hacked into UM. I was hesitant to come back here this time, but thankfully, I come to read that Saru has fixed the problem. Thanks for fixing the problem!

I HATE people who put viruses into computers. I seriously wish they would all die violently.

Good job SaRu!

I might know who did this...PM if you want to know.

Thanks I read this before checking my mail, and guess what. There was an email I deleted it right away. Thank you so much, I need my computer for 3 projects. Thank You.

That's why I was getting virus notices earlier today! Now it makes sense, I was wondering why my internet was being all funny after visiting here from occasion to occasion.

Great job SaRuMaN, hopefully you found the guy(s) who did this, it almost put an infected virus on my computer, HOPE YOUR HAPPY JACKASSES!

Furthermore, if you took care of the problem or were able to find the source of it then I wouldn't expect too many problems, my advice about this whole ordeal is to get some elight personnel or some technical backup to watch over your forum from time to time, perhaps contact any vital support, or the Invision Power Board forum.

Another thing you might want to consider are some security installments, right now at the point I'm not the biggest techy when it comes to websites, I'm okay with management, but I'm too all about HTML, guess I have stuff to work on myself.

I'd say to prevent this from happening again, just install mods of some type, security bots, if this forum provides them, or if there installable (I would imagine they are with the extensions to an IPB board), at least, I'd want to make sure it doesn't happen again for the most part of the greater concern.

I will be making some changes to implement additional security features to try and prevent this from happening again. Although the security hole in Invision Board which allowed this user access has been patched, you never know when another will surface.

i have a question for the people who got infected; what browser were you using at that time? i wonder if it could have been avoided by using firefox. for anyone still using IE i suggest to switch anyways, its more secure. and how exactly did it infect your computers? though the browser and through email?

I don't know if this is related to the email, but I sent a PM to one of our members - tyleriscool. He hasn't received it yet, and I checked my message tracker and it says it's now been posted to R3LOAD. I'm guessing the problem was either to do with the hacking, or tyleriscool has had his username changed......

That aside, seriously Saruman, no need to apologise for the problem. These things happen on the web these days. It's sad that people feel the need to destroy other people's work for no reason, but it's not your fault, no system is hack-proof, and it's the hacker's job to get around it, after all.

Thanks for the quick response time, plugging the gap, fixing it all up.

Regards, PA

He did actually request a name change, so he's nothing to do with it.


I had to use Firefox to access the forum to disable the malicious script as Internet Explorer kept crashing. I don't think the code that was embedded on the forum actually had any effect on Firefox.

GR8..

Ah, thanks.

SaRu, You were incredibly quick at sorting this out. From now on I am calling you Super'S'
Thankyou for your hard work and quick response and its not your fault so don't worry.

((((Big Hugs))))

I use firefox, so would I still be infected? or am i safe?

EDIT

forget that, Saru already mentioned something on it 3 posts up >_<

I don't think its anything to do with the browser you use. The virus could effect anyone who doesn't have the appropriate security and anti-virus features on windows.

aye, but Firefox is better protected than IE. you get less spyware, viruses ect than if you were to use IE.

It's not that Firefox is better protected, it's that most viruses etc. are designed to work with IE, since most people use it.

My cpu would freeze and the UM site would close, followed by a message from my virus scanner stating I had infected files.

This happened 5 times in 35 min. Each and every time I logged on the infected files would change, on one occasion I had 5 infected files and on another I had 18.

What concerns me the most is that I log on to UM when I’m at work. I was afraid the virus would spread throughout my entire office and spread via email.

All the computers here seem to be working properly, so far nobody has complained about an unsuspecting virus.

Thanks again SaRu.

*Bleap* those people who infected UM

Yea, i just found one of those in my inbox , to bad they dont have the brains to compose a more convincing mail ..



Edited to remove malicious link- Dot

I'm still getting a pop up window on here..I didn't know what the deal was until i read this..It happen once a few hour's ago...Do i need to run a virus scan or is the pop-up's safe..Just a pain to deal with....

What section of the site do you see a popup, and whats on it ?

I'm especially angry about this type of thing because I just got infected with spyware (luckily Raptor X7 helped me). I can see if you're a hacker in the way of modding a game to add a level and practice coding, but what kind of lowly urchin sits around creating traps for people's computers? Grr.

Thanks For Informing Saru....
U r the Best Admin!