Author Topic: Avast forum back up gratulations Avast team!  (Read 32724 times)

0 Members and 1 Guest are viewing this topic.

rdmaloyjr

  • Guest
Re: Avast forum back up gratulations Avast team!
« Reply #30 on: August 27, 2007, 11:09:29 PM »
rdmaloyjr,
Quote
Try messing with Bob, he's an easier target.
I suggest that you get your facts straight.
You seem to have a problem with facts. Still waiting for your facts to back up
your claims against Comodo.

Words are cheap. Facts are harder to come by.
I'm glad to see you're still worried about comodo. ;D

drhayden1

  • Guest
Re: Avast forum back up gratulations Avast team!
« Reply #31 on: August 28, 2007, 12:18:45 AM »
Quote
I'm glad to see you're still worried about comodo
nope-not worried about it-i use it-if i was worried about it-i wouldn't use it ::) :o ;)

 
         
« Last Edit: August 28, 2007, 01:11:02 AM by drhayden1 »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #32 on: August 28, 2007, 01:13:37 AM »
Quote
I'm glad to see you're still worried about comodo.
I don't worry about Comodo I do worry about people trying to mislead others
without any facts to back up their statements.  :(
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast forum back up gratulations Avast team!
« Reply #33 on: August 28, 2007, 01:18:03 AM »
Quote
I'm glad to see you're still worried about comodo.
I don't worry about Comodo I do worry about people trying to mislead others
without any facts to back up their statements.  :(
Me too...
But, aren't we going to another closed thread story here?
The best things in life are free.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #34 on: September 03, 2007, 06:12:19 PM »
Guys,

I'm also still waiting for a detailed explanation of what actually took place. All I know is that the scum took advantange of a vulnerability in SMF 1.1.12 (that was installed on the server). Kubecj (our web admin) is out of the country but we were able to have him fix the issue yesterday late night. He should be coming home tonight so I hope I (and you, too) will get a satisfactory explanation soon.

Thanks
Vlk

Vlk or Kubecj,
Any further word as to what caused this attack to happen in the first place?
Have any precautions been taken that it will not happen again ?

Thanks
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast forum back up gratulations Avast team!
« Reply #35 on: September 03, 2007, 10:15:27 PM »
1. The attacker used a vulnerability in SMF version 1.1.12 (the forum software that was in use when it happened).

2. The attack was led from Russia

3. The attack consisted in adding an iframe to each and every page of the forum. The iframe led to a remote site.

4. The remote site hosted an exploit for IE and an exploit for Firefox (both benign if an up-to-date version of the browser was used).

5. Avast was able to block the IE exploit directly, and also blocked the EXE that was downloaded by means of the Firefox exploit

6. This suggests that it was not a targeted attack (specific to avast forum) - it would be hard to believe that the attacker wouldn't have checked that the malware was undetected by avast

7. It took us about 12 hours to clean the forum and restore it to the original state (Saturday August 26). We also upgraded the forum software to the latest version (which has the vulnerability fixed). Unfortunately, the initial cleaning attempt wasn't perfect so the attacker, in a much smaller extent, was able to carry out another attack a couple of days later. This time, it was quite an easy (and quick) "fix", though.

8. No data was lost from the forum database

9. It is hard to say if the attacker stole any data from the database. It seems unlikely, but unfortunately, it cannot be guaranteed. That would mean mainly the email addresses (the passwords are not stored in the db - just their hashes).

10. It was a good lesson for us. We apologize for any inconveniences this might have caused to you.

Cheers
Vlk
« Last Edit: September 03, 2007, 11:05:06 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Avast forum back up gratulations Avast team!
« Reply #36 on: September 03, 2007, 11:01:13 PM »
Thanks for the info.

CharleyO

  • Guest
Re: Avast forum back up gratulations Avast team!
« Reply #37 on: September 03, 2007, 11:05:40 PM »
***

Thanks for the update, Vlk.


***

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #38 on: September 04, 2007, 12:27:32 AM »
Thanks Vlk for your detailed description of the events related to the attack and it's fix.
It's nice to know that avast! kept us safe and the forum software has now been updated.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast forum back up gratulations Avast team!
« Reply #39 on: September 04, 2007, 03:50:40 AM »
Thanks Vlk.
Transparent explanation as usual Alwil policy.
The best things in life are free.

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Avast forum back up gratulations Avast team!
« Reply #40 on: September 04, 2007, 03:35:46 PM »
thanks for info Vlk ... by luck i missed the 'critical' times :)

anyway i wonder if anything like this may be prevented by software checking if 'code' of SMF was changed (in server memory)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

kubecj

  • Guest
Re: Avast forum back up gratulations Avast team!
« Reply #41 on: September 04, 2007, 03:50:45 PM »
We already have new server for hosting this forum, so as soon as possible I'll make fresh new install (with the database imported). On that server I'm planning to tighten up some procedures and removing most of the file system permissions in order for this not to happen again. OTOH I can't 100% guarantee anything, because every piece of software contains bugs.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast forum back up gratulations Avast team!
« Reply #42 on: September 04, 2007, 06:39:41 PM »
Thanks.  :)
Quote
OTOH I can't 100% guarantee anything, because every piece of software contains bugs.
avast! being the one exception to that rule...... ;D ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet