Basenotesnotes
Basenotes Hacked last night
by
, 5th May 2011 at 02:45 PM (20105 Views)
At around midnight (GMT) last night, Basenotes was hacked. If you visited the site early enough before we took the site offline would have seen a black page with the following message, and video:
Hacked by Team Animus
- video -
From Sweden with <3
As soon as we heard about the hack, we (in laymans terms) switched the site off and displayed a message saying that the site was down and we would post further updates on our Twitter page. I fell asleep at 2:30 while waiting for someone from vBulletin (who make our forum software) to get back to me.
It turns out that the site was hacked via a vunerebility in one of the ‘plug-ins’ we use on the site ‘CYB Advanced Forum Rules’. The hackers exploited this script to add a new admin into the forum, and change all other admins to normal users.
The Hackers also:
- Changed everyones user titles to ‘Hacked by Team Animus’ (I’ve deleted all of these, so if you are a Basenotes Plus member, you will need to re-add your custom user title if you had one)
- Added an extra file in one of the folders (possibly to allow them to gain further access)
- Added the index page with the saxophone video to the main site, and the Moderator and Admin index
This appears to be all that was done. Apart from reseting the usertitles, no damage was done -- in the comments of the file with the saxophone they note:
All files should still be untouched. The purpose of this was not to f*** anything up.This attack wasn’t about Basenotes, hundreds (if not more) of other vBulletin sites, which were running that plug-in, have also been affected. We have now removed all of the plug-ins we use (including iTrader), just in case they can also be exploited. - We will add them again shortly
We did it for the lulz.
An unfortunate side-effect of the hack is that when I switched the site off, it seemed to have affected the basenotes.net email, which seemed to have forgotten that it had already sent out lots of email, which meant some people ended up getting a barrage of old emails from us. We’re really sorry about that. If it’s any consolation, I’ve got an additional 2,109 emails in my inbox to deal with now too, due to that same issue.
I’m pretty sure everything is back as usual now (apart from some of the styles on the directory pages, the disabled plug-ins, and user titles) but if you see anything odd, please let me know using the Contact Us link at the bottom right of the page.
I'm going to have a break now, and take another look at getting things back to normal at the weekend.
Added. All the attachments seem to be gone, so no images in albums or articles. This wasn't directly as a result of the hack, this is probably me trying to do things at 3am. Will try and sort out over weekednd
Apologies for all the inconveniences this has caused
8th May 2011, 11am GMT : Sotd / today's scent back working again.
Go to Profile
Mark as Read
