Taijitu
General Category => General Board => Technical Stuff => Topic started by: Eluvatar on January 17, 2012, 06:42:55 AM
-
Due to some hardware problems (http://www.dreamhoststatus.com/2011/12/19/shared-web-server-%E2%80%98astana%E2%80%99-restoring-from-backups-on-new-hardware/) the forum code was restored from an old backup. In that old backup, it happened that some themes were world-writable. Some unknown user on the shared server, probably themselves hacked into against their will, placed scripts on January 6th in those directories allowing them to then place code of nefarious intent all over forum.taijitu.org, wiki.taijitu.org, and several other sites.
(map.taijitu.org toaster.taijitu.org and library.taijitu.org were among those spared)
These scripts appear to have attempted to profile, and possibly attack you, the site's users. If you were using an up to date browser on an up to date operating system you *should* be fine, but I would recommend double checking to be safe. The scripts set some cookies on your computer: I would expect them to be named "lb11". The scripts also made URLs we weren't using point to attacker websites (this is how I discovered the attack).
When I discovered the attack today, I shut down everything. I have cleared out all malicious code from forum.taijitu.org and it is late, so I am leaving wiki.taijitu.org and several other sites shut down for now. I will clean them out and bring them back up as soon as practicable.
I now open the floor to haranguing and abuse. :P Have at it!
-
Don't harangue Elu, I'm pretty sure this is ultimately my fault >__>
Also, I didn't bother looking for lb11, I just burned all the cookies. BURNED THEM ALL. IT'S THE ONLY WAY.
-
I found more evil scripts.
It's possible they're getting through the wiki, but most likely they got back in through map.taijitu.org which was not, in fact, spared.