Author Topic: Avast forum back up gratulations Avast team!  (Read 26978 times)

0 Members and 1 Guest are viewing this topic.

Offline rdmaloyjr

  • Super Poster
  • ***
  • Posts: 1864
  • The beatings will continue until morale improves!
    • The Cross
Re: Avast forum back up gratulations Avast team!
« Reply #30 on: August 27, 2007, 11:09:29 PM »
rdmaloyjr,
Quote
Try messing with Bob, he's an easier target.
I suggest that you get your facts straight.
You seem to have a problem with facts. Still waiting for your facts to back up
your claims against Comodo.

Words are cheap. Facts are harder to come by.
I'm glad to see you're still worried about comodo. ;D
"If you want to make a Conservative angry, tell him a lie. If you want to make a Liberal angry, tell him the truth." - Rush Limbaugh

avast! Free    Mbam Pro   Privatefirewll  WinPatrol Plus               Pentium Dual-Core  Windows 7 64bit SP1  8 gigs of RAM

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3234
  • Avast & Garfield-Best Protection
Re: Avast forum back up gratulations Avast team!
« Reply #31 on: August 28, 2007, 12:18:45 AM »
Quote
I'm glad to see you're still worried about comodo
nope-not worried about it-i use it-if i was worried about it-i wouldn't use it ::) :o ;)

 
         
« Last Edit: August 28, 2007, 01:11:02 AM by drhayden1 »
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 42782
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #32 on: August 28, 2007, 01:13:37 AM »
Quote
I'm glad to see you're still worried about comodo.
I don't worry about Comodo I do worry about people trying to mislead others
without any facts to back up their statements.  :(
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67273
Re: Avast forum back up gratulations Avast team!
« Reply #33 on: August 28, 2007, 01:18:03 AM »
Quote
I'm glad to see you're still worried about comodo.
I don't worry about Comodo I do worry about people trying to mislead others
without any facts to back up their statements.  :(
Me too...
But, aren't we going to another closed thread story here?
The best things in life are free.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 42782
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #34 on: September 03, 2007, 06:12:19 PM »
Guys,

I'm also still waiting for a detailed explanation of what actually took place. All I know is that the scum took advantange of a vulnerability in SMF 1.1.12 (that was installed on the server). Kubecj (our web admin) is out of the country but we were able to have him fix the issue yesterday late night. He should be coming home tonight so I hope I (and you, too) will get a satisfactory explanation soon.

Thanks
Vlk

Vlk or Kubecj,
Any further word as to what caused this attack to happen in the first place?
Have any precautions been taken that it will not happen again ?

Thanks
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast forum back up gratulations Avast team!
« Reply #35 on: September 03, 2007, 10:15:27 PM »
1. The attacker used a vulnerability in SMF version 1.1.12 (the forum software that was in use when it happened).

2. The attack was led from Russia

3. The attack consisted in adding an iframe to each and every page of the forum. The iframe led to a remote site.

4. The remote site hosted an exploit for IE and an exploit for Firefox (both benign if an up-to-date version of the browser was used).

5. Avast was able to block the IE exploit directly, and also blocked the EXE that was downloaded by means of the Firefox exploit

6. This suggests that it was not a targeted attack (specific to avast forum) - it would be hard to believe that the attacker wouldn't have checked that the malware was undetected by avast

7. It took us about 12 hours to clean the forum and restore it to the original state (Saturday August 26). We also upgraded the forum software to the latest version (which has the vulnerability fixed). Unfortunately, the initial cleaning attempt wasn't perfect so the attacker, in a much smaller extent, was able to carry out another attack a couple of days later. This time, it was quite an easy (and quick) "fix", though.

8. No data was lost from the forum database

9. It is hard to say if the attacker stole any data from the database. It seems unlikely, but unfortunately, it cannot be guaranteed. That would mean mainly the email addresses (the passwords are not stored in the db - just their hashes).

10. It was a good lesson for us. We apologize for any inconveniences this might have caused to you.

Cheers
Vlk
« Last Edit: September 03, 2007, 11:05:06 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: Avast forum back up gratulations Avast team!
« Reply #36 on: September 03, 2007, 11:01:13 PM »
Thanks for the info.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: Avast forum back up gratulations Avast team!
« Reply #37 on: September 03, 2007, 11:05:40 PM »
***

Thanks for the update, Vlk.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 42782
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #38 on: September 04, 2007, 12:27:32 AM »
Thanks Vlk for your detailed description of the events related to the attack and it's fix.
It's nice to know that avast! kept us safe and the forum software has now been updated.  :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67273
Re: Avast forum back up gratulations Avast team!
« Reply #39 on: September 04, 2007, 03:50:40 AM »
Thanks Vlk.
Transparent explanation as usual Alwil policy.
The best things in life are free.

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Avast forum back up gratulations Avast team!
« Reply #40 on: September 04, 2007, 03:35:46 PM »
thanks for info Vlk ... by luck i missed the 'critical' times :)

anyway i wonder if anything like this may be prevented by software checking if 'code' of SMF was changed (in server memory)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline kubecj

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1123
    • ALWIL Software
Re: Avast forum back up gratulations Avast team!
« Reply #41 on: September 04, 2007, 03:50:45 PM »
We already have new server for hosting this forum, so as soon as possible I'll make fresh new install (with the database imported). On that server I'm planning to tighten up some procedures and removing most of the file system permissions in order for this not to happen again. OTOH I can't 100% guarantee anything, because every piece of software contains bugs.
Jindrich Kubec

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 42782
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #42 on: September 04, 2007, 06:39:41 PM »
Thanks.  :)
Quote
OTOH I can't 100% guarantee anything, because every piece of software contains bugs.
avast! being the one exception to that rule...... ;D ;D
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq