admin (no pm's please)
Site Admin
Virtual Cash: 46590
Joined: 22 May 2005
Posts: 19715
Add Karma
rated by 164 members
Add Comment
Show Comments
 |
 Posted: Thu Dec 06, 2007 2:59 pm Post subject: Slarti going down for emergency maintenance. |
 
|
|
| Quote: |
After some extensive forensics and emergency development, it appears that your server has been compromised with a loadable kernel module that has altered some important system binaries. Because of this, we need to take the server down into rescue mode to reinstall the affected software from a known good location (the original media). At this time, we are relatively certain that a recently released operating system vulnerability resulted in the initial intrusion. We are still examining the code found elsewhere, but have yet to determine the vector.
|
Looks like we got unlucky, this would have been out of our control 
_________________
Family Friendly Shareware | | Web Design/Services | Free Forums
forum.myfreeforum.org |
|
| Back to top |
|
 |
thehrforum2
Novice
Joined: 15 Nov 2007
Posts: 20
Add Karma
rated by 0 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 4:34 pm Post subject: |
|
|
I realize that you have no crystal ball, but given history (hindsight) what's a rough estimate or guesstimate regarding access? Currently the message states- Cannot find server.
I have the patience of a saint, but the members of the forum aren't as understanding. Any input is useful and I appreciate all efforts involved to remedy the situation. As you mentioned, somethings are beyond our control.
Thank you,
M
www.thehrforum2.myfreeforum.org
|
|
| Back to top |
|
|
fish
Pupil
Virtual Cash: 250
Joined: 29 Nov 2007
Posts: 35
Location: in the woods
Add Karma
rated by 0 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 4:41 pm Post subject: |
|
|
so was this a virus attack on MFF as a whole?
|
|
| Back to top |
|
|
admin (no pm's please)
Site Admin
Virtual Cash: 46590
Joined: 22 May 2005
Posts: 19715
Add Karma
rated by 164 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 4:48 pm Post subject: |
|
|
Not a virus, and not against the forums as such.
This looks like a server being compromised at the operating system level by hackers.
Operating system exploits are rare, but can happen if an exploit gets known before a fix is in place.
On a positive note, the system is now believed to be restored.
This may not be a good time to wave myff flags, but I will say that we pay good money for server level support, both to prevent this kind of thing occurring and to be able to recover if it does.
_________________
Family Friendly Shareware | | Web Design/Services | Free Forums
forum.myfreeforum.org |
|
| Back to top |
|
|
admin (no pm's please)
Site Admin
Virtual Cash: 46590
Joined: 22 May 2005
Posts: 19715
Add Karma
rated by 164 members
Add Comment
Show Comments
|
|
| Back to top |
|
|
thehrforum2
Novice
Joined: 15 Nov 2007
Posts: 20
Add Karma
rated by 0 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 4:52 pm Post subject: |
|
|
Admin- permit me to wave the mff flag!
As a newbie, and not a techie at that, I have nothing but high opinions/comments of this establishment and the people behind it.
Thank you to you and your team!
M
www.thehrforum2.myfreeforum.org
|
|
| Back to top |
|
|
admin (no pm's please)
Site Admin
Virtual Cash: 46590
Joined: 22 May 2005
Posts: 19715
Add Karma
rated by 164 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 4:57 pm Post subject: |
|
|
| Quote: |
Unfortunately, we know little more about it. We have performed some examination of the trojaned binaries but it has not revealed much. They are packed, statically compiled binaries, so analysis using strings is not particularly useful. strace also does not reveal much, and ptrace does not work at all. libbfd does not recognize it, so gdb will not load it. objdump works if the data and header orders are forced, but the low-level output is not very informative. Thus, we are left with the unsatisfying answer of an LKM of unknown origin.
The vector of the attack is also not known precisely, but the profiles of the compromised servers thus far indicates that the vector is through an exploit in an outdated system package: The less likely the server has been completely updated recently, the more likely it was to have been compromised. We have not yet detected any malicious activity from the compromised servers, which suggests that the attackers were simply amassing zombies to create or add to an attack network.
|
Note this seems to be about many servers not just us.
_________________
Family Friendly Shareware | | Web Design/Services | Free Forums
forum.myfreeforum.org |
|
| Back to top |
|
|
wildgarlic
Pupil
Virtual Cash: 160
Joined: 02 Jul 2007
Posts: 33
Location: Aberdeenshire
Add Karma
rated by 0 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 8:33 pm Post subject: |
|
|
Thanks - as always any problems are handled swiftly and efficiently by admin and the team (not like some other free forum providers that I could mention!). I am always happy to wave the myff flag and have recommended other people to come and use myff in preference to other forums for the reasons I just stated.
_________________
neeps.myfreeforum.org
|
|
| Back to top |
|
|
Daniel(u1bd2005)
Teacher
Virtual Cash: 1580
Joined: 24 Feb 2006
Posts: 591
Add Karma
rated by 4 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 9:35 pm Post subject: |
|
|
Admin, I haven't noticed my forum go down at all recently, and haven't had any reports of it going down by my members.
Does this mean that I am on a different server?
And if so is it possible to find out which server I am on (just wondering)?
http://the4aces.myfreeforum.org
_________________
http://the4aces.myfreeforum.org |
|
| Back to top |
|
|
admin (no pm's please)
Site Admin
Virtual Cash: 46590
Joined: 22 May 2005
Posts: 19715
Add Karma
rated by 164 members
Add Comment
Show Comments
|
|
| Back to top |
|
|
Daniel(u1bd2005)
Teacher
Virtual Cash: 1580
Joined: 24 Feb 2006
Posts: 591
Add Karma
rated by 4 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 9:56 pm Post subject: |
|
|
i tried typing http://the4aces.myfreeforum.org/blurb.html but it just shows the missing/suspended page and i cant see any mention of Zaphod or any server at the top of that page?
_________________
http://the4aces.myfreeforum.org |
|
| Back to top |
|
|
Sukisue
Apprentice
Virtual Cash: 10
Joined: 10 Aug 2006
Posts: 233
Location: Ireland
Add Karma
rated by 1 members
Add Comment
Show Comments
|
| Posted: Thu Dec 06, 2007 10:18 pm Post subject: |
|
|
^ Yeah, I got the same.
_________________
Digital Lounge |
|
| Back to top |
|
|
CodyT07
Guru
Virtual Cash: 2600
Joined: 22 Mar 2006
Posts: 3425
Location: Smyrna, Rutherford County, Tennessee
Add Karma
rated by 21 members
Add Comment
Show Comments
 |
| Posted: Sun Dec 09, 2007 10:09 pm Post subject: |
|
|
Because of this, did the server change its location? E.g I see it in Connecticut now. While the others it doesn't say.
TemplateTester and Link Exchange |
|
| Back to top |
|
|
admin (no pm's please)
Site Admin
Virtual Cash: 46590
Joined: 22 May 2005
Posts: 19715
Add Karma
rated by 164 members
Add Comment
Show Comments
|
|
| Back to top |
|
|
Daniel(u1bd2005)
Teacher
Virtual Cash: 1580
Joined: 24 Feb 2006
Posts: 591
Add Karma
rated by 4 members
Add Comment
Show Comments
|
| Posted: Sun Dec 09, 2007 10:28 pm Post subject: |
|
|
Is the cause of this known yet? and if its still unknown does that mean that theres a risk it could happen to the other servers too?
_________________
http://the4aces.myfreeforum.org |
|
| Back to top |
|
|
FAQ 
Search 
Memberlist 
Usergroups 
Join! (free)
Profile 
Log in to check your private messages 
Log in
