|
#1
June 17th, 2008, 06:27 AM
| ||||
| ||||
| Coincidence? I manage a running club forum using vBulletin. Over the last few months, numerous spammers have set up user accounts, only for me to delete them once I know they are there. After a while I gave up and closed down user registration. Now to join, prospective members have to email me with some evidence that they are local and that are genuine sports people. So far so good. However this morning - out of the ordinary I may add - I logged into the forum admin control panel using Windows XP on the VMware virtual machine and within twenty minutes some hackwallah from Turkey had broken in and had created a new user account. I suspect he did it to prove it could be done. I just find it hard to believe that he would have achieved this had I logged in using MacOS. Or am I wrong?
__________________ Intel Mac Mini 1.83 1GB 10.5.4 PowerMac G4 833Hz 768MB 10.3.9 Education is when you read the fine print - experience is what you get when you don't. Pete Seeger  |
|
#2
June 17th, 2008, 09:03 PM
| ||||
| ||||
| It is hard to know without knowing at what point you've been compromised. If it was a vulnerability in VBulletin, or if your VBulletin password was insecure and was brute-force hacked, or had been picked up through being used at another site, then no, using a Mac would not have made a difference. If the access was gleaned using spyware, a keylogger, or remote access to a file share on your computer, perhaps grabbing your cookie files or any documents containing the word "password" then it might have made a real difference. Perhaps the access had been achieved much earlier, perhaps you accessed your account from another compromised computer, or perhaps the database backend to the forum was vulnerable enough to allow the hacker to read the username/password table. The real question is, where did this guy get in? Without carefully checking each link in the chain, you can't really be sure. Would I discount a Windows virus/spyware program infecting your Windows VM: hell, no. It would be pretty high on my list of suspects.
__________________ - iMac G5 1.8GHZ 17" | SuperDrive | 160GB | 512MB | Airport Extreme | Bluetooth Keyboard & Mouse | Wacom Intuos II - Pentax *ist DL - JVC MiniDV Camcorder - Airport Express - iPod Nano 1gb white |
|
#3
June 18th, 2008, 11:03 AM
| ||||
| ||||
| Yes, I need to investigate it a little more. It just seemed a coincidence that this person got in whilst I was using Windows. Interestingly the hacker's username is the same one identified in another forum hosted in our village. That person was traced back to Turkey, but after that it was a dead end. Your reply is very helpful. I shall delve into the forum control panel and see if I can see anything that might help.
__________________ Intel Mac Mini 1.83 1GB 10.5.4 PowerMac G4 833Hz 768MB 10.3.9 Education is when you read the fine print - experience is what you get when you don't. Pete Seeger |
|
#5
June 20th, 2008, 03:36 AM
| ||||
| ||||
| I don't know. That's outside my scope of practice. I do sometimes refer to the good wife as the dobi wallah (at the risk of having certain parts of my body removed against my will).
__________________ Intel Mac Mini 1.83 1GB 10.5.4 PowerMac G4 833Hz 768MB 10.3.9 Education is when you read the fine print - experience is what you get when you don't. Pete Seeger |
|
#6
June 20th, 2008, 11:26 AM
| ||||
| ||||
| In my experience, such hacks are done by (ab)using existing exploits for the forum software. It's a drag.
__________________ MacBook Air 13" 1.6 GHz, 2 GB RAM, 80 GB HD. Mac OS X 10.5.5 MacBook 13" 1.83 GHz, 2 GB RAM, 160 GB HD. Mac OS X 10.5.5 Hackintosh Core2Duo 2.4 GHz, 2 GB RAM, 160 GB HD. Mac OS X 10.5.5 iPhone 3G 16 GB (v2.1), AppleTV 1G 40 GB (v2.1) Mac user since 1987, Apple Product Professional 2007, 2008. |
