Sheldon Posted June 3, 2016 Posted June 3, 2016 On May 5th, 2016, TAZ had its security breached for the second time. Unlike the previous intrusion, this was a sophisticated attack where the hacker was somehow able to upload a malicious file onto TAZ's test board (perhaps by exploiting a Brivium add-on installed on the old Admin Extra site which was still on the server) which then allowed them to give themselves SFTP access to the nginx user account and run commands. They then altered several core XenForo files in order to begin logging member username/password combinations, logging out members forcing them to log in again, and finally by preventing the File Health Check from reporting the file modifications. Due to some of the safeguards we installed last time we were attacked, were were able to identify this intrusion almost immediately and take steps to block the hacker, limiting the time the login logger was operational to a matter of hours. We then forced a password reset for all members. It's certainly unfortunate that TAZ was hacked again and I take full responsibility for it - the test site should not have been kept on the primary TAZ server nor should the old TAZ sites have been there. The previous intrusion was a much simpler exploitation of a staff member's username/password being harvested from another site and being used to gain access to the AdminCP to alter the login templates. We took a number of steps to prevent this kind of thing from happening again - forced 2FA for staff members and htaccess on the AdminCP for example. There are good things to do, but in a way it gave us a false sense of security that left us vulnerable to the second, much more sophisticated attack. The hacker was not able to gain access to the server root. Using the logs we were able to see exactly what changes the hacker made and undo them. Many other security measures have been put in place to prevent this from happening again, and several more are planned. Please keep in mind that unlike commercial sites, TAZ does not collect sensitive data about its members - we don't collect your full name, address, social security number, or credit card numbers for example. All a hacker can get here is your username, password, and email address. You can protect yourself by using a unique password on each site (or at the very least, use unique passwords on all of your important sites), and not using your primary email address as your registration email address (better to use a secondary email address for forum registrations, a different one for really important sites like banking sites, government sites, etc. and perhaps even a third one for semi-important things like your server hosting, registrar, etc.). Finally, do not put any "secret" information (such as access codes for your server) into a forum's personal or private message system - use secure email for that. If you follow these simple steps on TAZ (or any discussion forum) you won't be at risk even if the site is hacked. Again, my apologies for this security breach. I made some mistakes which made TAZ vulnerable. We are doing everything possible to prevent any further intrusions. Howard (The Sandman) Quote
SneakyDave Posted June 3, 2016 Posted June 3, 2016 Is that from email or a link? What has he done to prevent this happening a tenth time? Nothing, it appears. And it doesn't appear he even knows how the malicious file was added to the server, so the exploit can still exist? Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Paul Posted June 3, 2016 Posted June 3, 2016 It took Howard long enough. I wonder if his team of lawyers told him to wait? Quote
SneakyDave Posted February 28, 2017 Posted February 28, 2017 Uh oh, was there yet another security breach? Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
SneakyDave Posted February 28, 2017 Posted February 28, 2017 Lol. No security breach, yet. But the security mod that was added as the result of the last breach, has been disabled Question - What is that (dbtech_security_pending_upgrade) Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Sheldon Posted November 8, 2017 Author Posted November 8, 2017 So, another breach, Howie password getting owned. Wonder what data was compromised with that one. Quote
Kent.S Posted November 9, 2017 Posted November 9, 2017 He has probably had more than a bushel full of breaches that he never reports. Quote
SneakyDave Posted November 9, 2017 Posted November 9, 2017 Exactly, these are just the ones that he was kinda forced to provide a little information about. Who knows how many others there were, or even some Howie still doesn't know about? Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
SneakyDave Posted November 9, 2017 Posted November 9, 2017 For the record, Howard admitted it was his administrator account breached due to a password that the attacker guessed, or obtained. So this means userid's, emails, IP addresses, and (as always) personal conversations could have been harvested Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.