Server Compromise
Posted: Thu 21 May 2009, 22:57
Hello everyone, and welcome back,
The website is now up and running again after having being attacked via an exploit in the PHP installation of our webhost's server. This exploit allowed the attacker to place hidden links in all of the forum pages which tried to download trojans silently in the background.
Specifically these links were leading to the niklejo.net website (the link leads to Google Safe Browsing diagnostics page for niklejo.net - some interesting info there).
Everyone that has visited the CarlssonPlanet forums in the last 2 days (and everyone else for that matter!) should make sure they have antivirus software installed and that it is running and up-to-date with the latest virus definitions.
To read more about the exploit that was used here on the CarlssonPlanet forums, please visit this link.
The important thing to note here that this exploit did NOT in any way result in any kind of breach of data, i.e. no passwords or other personal information has been stolen or compromised. The script that was used here merely edited existing web pages on the server to include those links, there was no way for it to access the databases which store passwords etc.
Then again, it's never a bad idea to regularly change passwords just as a general safety measure, and if you're using the same password across multiple sites that is not security wise and should not be done under any circumstance.
Before bringing the site back online, we teamed up with phpBB's Incident Investigation Team who were kind enough to help us sanitize the entire site even though the exploit that was used had nothing to do with phpBB itself.
We are deeply sorry about the unavailability of the website and for any damage caused.
In the coming weeks, we will be moving web hosts since this is not the first time our current web host has had serious breaches of security. A quick Google search for "servage + hacked" should prove that rather well.
The website is now up and running again after having being attacked via an exploit in the PHP installation of our webhost's server. This exploit allowed the attacker to place hidden links in all of the forum pages which tried to download trojans silently in the background.
Specifically these links were leading to the niklejo.net website (the link leads to Google Safe Browsing diagnostics page for niklejo.net - some interesting info there).
Everyone that has visited the CarlssonPlanet forums in the last 2 days (and everyone else for that matter!) should make sure they have antivirus software installed and that it is running and up-to-date with the latest virus definitions.
To read more about the exploit that was used here on the CarlssonPlanet forums, please visit this link.
The important thing to note here that this exploit did NOT in any way result in any kind of breach of data, i.e. no passwords or other personal information has been stolen or compromised. The script that was used here merely edited existing web pages on the server to include those links, there was no way for it to access the databases which store passwords etc.
Then again, it's never a bad idea to regularly change passwords just as a general safety measure, and if you're using the same password across multiple sites that is not security wise and should not be done under any circumstance.
Before bringing the site back online, we teamed up with phpBB's Incident Investigation Team who were kind enough to help us sanitize the entire site even though the exploit that was used had nothing to do with phpBB itself.
We are deeply sorry about the unavailability of the website and for any damage caused.
In the coming weeks, we will be moving web hosts since this is not the first time our current web host has had serious breaches of security. A quick Google search for "servage + hacked" should prove that rather well.