IMPORTANT: Server Hacked - spyware alert

I, Brian · 03-20-2004, 12:10 PM

This is a IMPORTANT notice to all members:

Earlier the server that the comparative-religion site is running on was hacked. Here is the explanation from my webhost:

Quote:

Someone used an exploit with an sql inject command on a sites insecure
script. We have been trying to clean up the mess they caused and the site
that was abused has been suspended. We are now recompiling php and mysql

That along has casued some appreciable downtime for the forums.

However, is not the end of the matter.

Apparently - though this has yet to be confirmed - the person(s) involved in hacking the server may have also installed some form of scumware into the forum via the database software on the server.

ALL MEMBERS OF COMPARATIVE-RELIGION.COM ARE URGED TO DO A PROPER SECURITY CHECK ON THEIR MACHINES.

If you run a Firewall such as ZoneAlarm you will find the following program files trying to be executed:

msvb_7662.exe
mshta.exe

DO NOT CLICK ON "YES" TO CONNECT TO INTERNET WITH THESE PROGRAMS!

Also - DO NOT accept the security prompt asking you to connect to a premium rate number!!

Here are the programs that will help remove the software:

Firewall: Download FREE ZoneAlarm

Spybot S&D and AdAware.

HOWEVER I'm currently having problems removing one particular piece of scumware from my machine, that insists on making my browser homepage "mybookmarks.ws"

Just a note as well - this has apparently affected every site on the same server that used databases (it was the database software itself that was exploited, not this forum itself).

Also note that Internet Explorer users are probably more vulnerable to this use of scumaware than users of the Mozilla Firebird browser, which apparently does not share the same security exploits.

I am not yet aware of the actual extent of this problem, and give full warning to all members of the potential security situation that has arisen.

I would also like to point out that this issue could have happened to any server, and is in now way particular to this site.

I'll keep everybody informed of progress on this issue.

I, Brian · 03-20-2004, 04:04 PM

I'm honestly not sure if there really has been spyware involved with the site because of the hacking - either way, comparative-religion.com is now running on a completely new - and more powerful - server.

Members are highly recommended to run a check for spyware, though.

Pathless · 03-24-2004, 04:48 PM

I wonder if this has anything to do with my msn account not being able to log in lately. I doubt it; probably just something about a crummy phone connection. But I will try this ZoneAlarm and see if it fixes it. Thanks for the heads up, B!

I, Brian · 03-24-2004, 10:26 PM

As I say, I've no idea if there was a real secuirity threat - it could be coincidence. However, I thought it best to warn members here.

BYRD GRIMM · 03-31-2004, 03:07 AM

MY SPY HUNTER PICKED-UP ON IT A FEW DAYS AGO.

I WAS WONDERING WHY I GETTING RESTICTED ACCESS TO MY PC FILES.
GOOD LOOKIN' OUT
BYRD