welshsmoker
Well-Known Member
just log on through google cache.
Virus/malware on website!
- Thread starter .breeze
- Start date
doc111
Well-Known Member
That's your choice and probably a wise one if you don't feel it's safe. Sometimes you have to forgo a little safety for the greater good. That's what this place is all about.........keeping the MJ community educated and informed on the latest techniques, helping people with problems in the garden, etc. Without sites like these we would likey still be in the dark ages as far as growing is concerned. I would personally like to thank everyone who has taken the leap to put themselves out there, risking their security in order to help others who share a love and dedication to this amazing plant. Without peaceful, caring folks like yourselves, this would be much more difficult and probably more dangerous. Again, thank you!
welshsmoker
Well-Known Member
i think that is their.
Amaximus
Well-Known Member
i think that is their.
Already corrected =D
Nitegazer
Well-Known Member
There is no way with the current fee structure (ie.for free) that this site could be expected to keep us secure from all hacking. Sony couldn't do it, and they are a bit better heeled than this organization.
However, there is an expectation that the owners of the site will take reasonable efforts to prevent hacking, particularly since there are potential legal ramifications for some members. I don't know anything about web server security, but reading the previous posts it sounds like there may be some simple steps that could be taken to provide better security (might just be bs from a couple of complainers though).
So-- I have a constructive proposal or two:
#1 - Put up a statement about the efforts RIU is taking to keep the site secure (closed ports, latest virus protection and such). I am sure a lot of work is being done, and we don't know about it enough.
#2 - Make a contest for members of the site that are hackers (I'm sure there are a few) offering a reward for those who expose and remedy a security vulnerability. Lots of corporations do this.
It's in the interest of the owners to make some effort to address security concerns of the community. Simply saying "RIU's the biggest" and "caveat emptor" could drive too many people away from this community.
However, there is an expectation that the owners of the site will take reasonable efforts to prevent hacking, particularly since there are potential legal ramifications for some members. I don't know anything about web server security, but reading the previous posts it sounds like there may be some simple steps that could be taken to provide better security (might just be bs from a couple of complainers though).
So-- I have a constructive proposal or two:
#1 - Put up a statement about the efforts RIU is taking to keep the site secure (closed ports, latest virus protection and such). I am sure a lot of work is being done, and we don't know about it enough.
#2 - Make a contest for members of the site that are hackers (I'm sure there are a few) offering a reward for those who expose and remedy a security vulnerability. Lots of corporations do this.
It's in the interest of the owners to make some effort to address security concerns of the community. Simply saying "RIU's the biggest" and "caveat emptor" could drive too many people away from this community.
obijohn
Well-Known Member
Far as personal info, if you posted a picture of yourself on Facebook doing something stupid, and a potential employer denies you because of that.....you wouldn't blame Facebook, it'd be your own fault for posting it. Same here. Whether or not we really are hacked doesn't matter as far as personal info. Whatever you post here or anywhere on the internet, it's out there available for all to see. You don't want it known, don't put it on the Internet.
Its YOUR responsibility to practice safe Internet use. If you don't have a virus program and get a virus, that's on you
lol im no fucking noob matey haha 1stly facebook is totally legal and that has absolutely NO baring on this,so what your saying is FUK the people dont upload anymore pictures,what would this site be without these tutorials and poeple shwoing ther shit? i tell u wat it would be,,trichomecentral LOL
if u post personall info that on you,
BUT
the sites getting fucking hacked,we dont need to post personal info,theyve gained access to the sql database and can qwite possibly have all our ip addresses and everything else senstaive
AS FOR av I USE THE BEST ON THE MARKET FULLY LICENCED AND PAID FOR.
stupid people
search google for fake antivrus removal tool,if u cant find it inobx me il get it too u
Amaximus
Well-Known Member
But, But, That makes too much sense.
The internet isn't secure. Security is YOUR responsibility. If you don't feel that a site is safe, don't log into it.........simple!!!!!
Amaximus
Well-Known Member
And now we have 3 moderators telling us that it's up to US to secure our computers from hacks located on their server. Awesome.
And in another thread we have one other mod telling us the admins are aware of this problem that doesnt exist and they're working on it.
God forbid anyone can bring a problem to light on this website without self righteous moderators trying to flame them because they're too ignorant to address a problem.
And in another thread we have one other mod telling us the admins are aware of this problem that doesnt exist and they're working on it.
God forbid anyone can bring a problem to light on this website without self righteous moderators trying to flame them because they're too ignorant to address a problem.
just shows mate they dont know wat the hell ther talking about,and just usng guess work and wingingit lol
forget it mate ther rite wer wrong thats ther menatallity
Amaximus
Well-Known Member
Aye, I'm done with this thread. Let them be delusional. im gonna go play Diablo 3.
racerboy71
bud bootlegger
who says that a problem doesn't exist?? i have never said that, and i'm the one who says that admin is aware of the problem and are working on it..
there's obviously a problem and admin is working on it as far as i know from what i read on here yesterday from mr roll it up himself.. don't know what else to say about it m8..
Amaximus
Well-Known Member
Not you mate... Your the only one here that is making sense. Ok, for real, Diablo 3. I'll respond to any other ignorance later.
badmojo420
Well-Known Member
you speak of personal info like you have uploaded you CC #'s, SSN, Address, Full name, DOB, Bank accounts, previous addresses, the names of your mother, father, and children. Chill the fuck out and smoke another joint dude. Your obviously not paranoid.
Scan your computer, remove the virus and MOVE ON. Problem solved? If you dont like the security here then move on to the next forum. No one is holding a gun to your head forcing you to stay here..
Scan your computer, remove the virus and MOVE ON. Problem solved? If you dont like the security here then move on to the next forum. No one is holding a gun to your head forcing you to stay here..
.breeze
Active Member
You do realize that the majority of people on this forum use their credit card info online to buy supplies to grow with? You do realize that quite a bit of people do not have adequate protection on their computers which means that they are infected and have in turn already had their credit card info compromised by the malicious software installed? People don't "hack" websites for fun anymore, it's all about money and the "black market". While people have a responsibility to protect themselves, webmasters have the responsibility of NOT opening up a bigger can on already opened can here on the internet.
Be serious..
.breeze
Active Member
It's also completely fucking ridiculous that we users are expected to have an anti-virus, but the webserver this website is hosted on doesn't even have one, what a joke. Since no admin or mod has considered messaging me for help on this issue, I will post it publically.
Back up the forum skin (only it's skin), back up the forum images (only the images). DO NOT BACKUP ANY .PHP FILES AS THEY MAY BE A SHELL (IE. Backdoor).
Back up the SQL database. Extract all backed up files to another machine, and run a virus scan on all files. Reformat the server this forum is hosted on, or atleast that partion if it's a VPS, reconfig the server (should be fast, it's just a simple webserver, I also recommend nginx or IIS if security is a concern, like here). Do a CLEAN install of the vbulletin (if the vbulletin is nulled/illegal, you can forget security, there is a reason people null/crack web software, and it's to have access to the websites using it (i.e hack them)). After you have done a clean install, replace the SQL database the clean install is using with the backup so it will restore all users, content, posts, ect. Then overwrite your images folder and replace the skin. Make sure a decent webserver anti-virus is installed such as Kaspersky Server, or if you are running a windows server, microsoft security essentials is just perfect.
Once all of this is complete, change SQL admin/db passwords, and then of course change them in the config.php of vbulletin. Next, make sure your read/write permissions are correct according to your web software (in this case, vbulletin). Make sure you are closing all ports as this site is only using port 80 to broadcast on, if you are secretly running an FTP server, make sure the password is complex enough so that a "hacker" will not gain access and upload a milicious file. Make sure anywhere a default password may of been used on your server that it is CHANGED (use capitals, lower case, letters, numbers AND special characters, you do NOT need to remember the password, simply paste it somewhere in a notepad file and write it down on a physical piece of paper -- to make it harder for hackers to brute force or use other means of getting in).
Add a cool-down to login attempts - meaning, make sure that if 3-4 invalid logins are made in let's say 5-10 minutes on the backend side (server/cpanel, ect) that the IP that made the invalid login attempts is blocked for atleast 15 minutes. Run a few scan tools such as acunetix or nexus on the webserver/site and make sure there are no vulnerabilities existing, such as sql injection, outdated software/os, windows updates, ect. And finally, add a connection limit such as 3-4 connections max PER IP. All of this will greatly reduce the surface area making it harder for hackers. The reason for deleting and doing a clean install is to remove any secondary backdoors the hacker may of left as the first one was discovered. Anyone who takes the time to hack a website will always leave a backdoor to get back in after being discovered, there is NO USE in removing the malicious code/file if you are going to use the same frame it was hacked on, don't be lazy - redo it.
People's credit card info, personal info, ect. are at risk and like I said the majority of people on this forum do use their credit cards to buy supplies/seeds online. Be smart about this, it's not something to be taken lightly. When people start noticing illegal changes on their account, new bank accounts being opened in their name/ssn, their paypals being hacked ect. and have to start making phone calls to these agencies to have their problems fixed it will be far too late. Snip it NOW
Back up the forum skin (only it's skin), back up the forum images (only the images). DO NOT BACKUP ANY .PHP FILES AS THEY MAY BE A SHELL (IE. Backdoor).
Back up the SQL database. Extract all backed up files to another machine, and run a virus scan on all files. Reformat the server this forum is hosted on, or atleast that partion if it's a VPS, reconfig the server (should be fast, it's just a simple webserver, I also recommend nginx or IIS if security is a concern, like here). Do a CLEAN install of the vbulletin (if the vbulletin is nulled/illegal, you can forget security, there is a reason people null/crack web software, and it's to have access to the websites using it (i.e hack them)). After you have done a clean install, replace the SQL database the clean install is using with the backup so it will restore all users, content, posts, ect. Then overwrite your images folder and replace the skin. Make sure a decent webserver anti-virus is installed such as Kaspersky Server, or if you are running a windows server, microsoft security essentials is just perfect.
Once all of this is complete, change SQL admin/db passwords, and then of course change them in the config.php of vbulletin. Next, make sure your read/write permissions are correct according to your web software (in this case, vbulletin). Make sure you are closing all ports as this site is only using port 80 to broadcast on, if you are secretly running an FTP server, make sure the password is complex enough so that a "hacker" will not gain access and upload a milicious file. Make sure anywhere a default password may of been used on your server that it is CHANGED (use capitals, lower case, letters, numbers AND special characters, you do NOT need to remember the password, simply paste it somewhere in a notepad file and write it down on a physical piece of paper -- to make it harder for hackers to brute force or use other means of getting in).
Add a cool-down to login attempts - meaning, make sure that if 3-4 invalid logins are made in let's say 5-10 minutes on the backend side (server/cpanel, ect) that the IP that made the invalid login attempts is blocked for atleast 15 minutes. Run a few scan tools such as acunetix or nexus on the webserver/site and make sure there are no vulnerabilities existing, such as sql injection, outdated software/os, windows updates, ect. And finally, add a connection limit such as 3-4 connections max PER IP. All of this will greatly reduce the surface area making it harder for hackers. The reason for deleting and doing a clean install is to remove any secondary backdoors the hacker may of left as the first one was discovered. Anyone who takes the time to hack a website will always leave a backdoor to get back in after being discovered, there is NO USE in removing the malicious code/file if you are going to use the same frame it was hacked on, don't be lazy - redo it.
People's credit card info, personal info, ect. are at risk and like I said the majority of people on this forum do use their credit cards to buy supplies/seeds online. Be smart about this, it's not something to be taken lightly. When people start noticing illegal changes on their account, new bank accounts being opened in their name/ssn, their paypals being hacked ect. and have to start making phone calls to these agencies to have their problems fixed it will be far too late. Snip it NOW
Very nicely thought out, rational post. Just like the first rule of growing is, tell no one. The first rule of internet security is leverage security through obscurity first (ie tell no one what you are using for security). This does not alleviate the need for concentric rings of security but you still should not give specific information. So much of hacking is understanding how the other party is thinking and approaching their security model. So no this information should not be posted as it would be used against them.
With this level of knowledge then you know that many antivirus scanners do not detect malware or foistware. That's why so much of the problem population moved to malware to avoid the virus scanners.
I do not specialize in security however I must admit I am taken aback seeing a recommendation for IIS for security over apache, although I agree with your recommendation of nginx, but I digress.