Update your PivotX immediately: you have been hacked

Get help with installation and running PivotX 2.0.x here. Please do not post Extension or Theme related questions here.

Re: Update your PivotX immediately: you have been hacked

Postby orangeek » Sun Feb 13, 2011 3:00 pm

Bob wrote:No, that will not do. If they left files behind, they will be new files, that will not be replaced if you overwrite the pivotx folder with a backup. Just browse through the folders. The most common places are in /images, /pivotx/db/ and /pivotx/templates/

uhm, the problem is that I upgraded right after hansfn email and now I do have files updated/created recently but I don't know if are the legit 2.2.4 files or the files created/modified by the "hacker".

What if I delete the images and pivotx folders, replacing them with the ones in the backup set? Could it work?
thank you
orangeek
 
Posts: 27
Joined: Mon Sep 13, 2010 3:45 pm

Re: Update your PivotX immediately: you have been hacked

Postby corkypa » Sun Feb 13, 2011 3:26 pm

I was hacked, too. It looks like 3 files dropped in the images folder. Turkish Team claimed it. I upgraded to 2.2.4, changed passwords, deleted old accounts, looked for recent files. I didn't get any email about it, just noticed it when I went to the site. Any idea how it was done?

Edit: logging in, I got a message the warning "Your password is not fully encrypted yet. Please go to My Info, and set your password again." Obviously, under the circumstances I am suspicious that this is just something to fool me into typing a new password for the hackers to capture. Is the request legit?
corkypa
 
Posts: 11
Joined: Wed Sep 30, 2009 6:31 am

Re: Update your PivotX immediately: you have been hacked

Postby Bob » Sun Feb 13, 2011 4:41 pm

Jackobli wrote:Strange or lucky?


A bit of both, I think. ;-)

I see that you've upgraded to 2.2.4, so this shouldn't happen again.
Bob
Lead Developer
 
Posts: 1374
Joined: Tue Nov 20, 2007 11:16 pm

Re: Update your PivotX immediately: you have been hacked

Postby hansfn » Sun Feb 13, 2011 5:12 pm

corkypa wrote:I was hacked, too. It looks like 3 files dropped in the images folder. Turkish Team claimed it. I upgraded to 2.2.4, changed passwords, deleted old accounts, looked for recent files. I didn't get any email about it, just noticed it when I went to the site. Any idea how it was done?

Yes, we know how the attack is executed. We don't want to disclose the details - please don't reveal anything if you understand how ...
Edit: logging in, I got a message the warning "Your password is not fully encrypted yet. Please go to My Info, and set your password again." Obviously, under the circumstances I am suspicious that this is just something to fool me into typing a new password for the hackers to capture. Is the request legit?

Yes, this is legit.

Regarding uploaded files: Just look in the images folder - that is the only place where they can be uploaded from within PivotX. If there are any unwanted files, you should really get a warning on the dashboard.
hansfn
Developer
 
Posts: 3282
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway

Re: Update your PivotX immediately: you have been hacked

Postby Bob » Sun Feb 13, 2011 8:01 pm

hansfn wrote:Regarding uploaded files: Just look in the images folder - that is the only place where they can be uploaded from within PivotX. If there are any unwanted files, you should really get a warning on the dashboard.


Don't forget the pivotx/templates/ folder!

Added by hansfn: Bob is correct - the hacker can have created file in the pivotx/templates folder. You should check that one too, but since PHP execution (normally) is blocked there by the pivotx/templates/.htaccess file, the hacker will always try images first.
Bob
Lead Developer
 
Posts: 1374
Joined: Tue Nov 20, 2007 11:16 pm

Re: Update your PivotX immediately: you have been hacked

Postby danielschut » Sat Feb 19, 2011 11:59 pm

I was hacked, too, and they've deleted almost all my content (on zone-h, where the hacker proudly 'notified' his exploits, my site is marked as 'massive defacement'). I'm updating 2.2.5 and I'm writing everything from scratch.

But more importantly: I noticed someone trying the same trick again yesterday evening. As far as I can see, it didn't work this time, but how can I be sure? The backup that Bob put back had disappeared again, but I'm thinking this was just the same database-error that had happened earlier.

Also: several people have urged me to file a complaint with the police against these hackers. I'm pretty sure nothing will come of it, but at least it's something and it provides an outlet for the frustration I know many of you must have been feeling, too. Any of you considering the same?
danielschut
 
Posts: 69
Joined: Tue Jun 02, 2009 4:42 pm

Re: Update your PivotX immediately: you have been hacked

Postby Schop » Sun Feb 20, 2011 2:58 am

danielschut wrote: Any of you considering the same?


No. It will only make a fool out of you. The police will most likely have no clue what you are talking about anyway, let alone be able to do something about it.
User avatar
Schop
Contributor
 
Posts: 485
Joined: Mon Apr 21, 2008 1:47 pm
Location: Hudson, Ohio

Re: Update your PivotX immediately: you have been hacked

Postby danielschut » Sun Feb 20, 2011 8:59 am

@schop: Thanks, but that's a terribly sad answer. You would regard me as stupid, as the victim of a (admittedly, relatively light) crime for trying to confront people who willingly sabotage other people's work, only because the police and justice department don't understand what I am asking? Suppose someone broke into my house, I go to the police, and the police officer on duty doesn't have a clue what burglary is, so nothing happens - would that also make a fool out of me?

I've worked with pretty high-ranking government officials in the high-tech cybercrime unit in the Netherlands, and they say the same thing: officers on the ground don't understand it when a civilian comes with a complaint like this. But the only way to change the police force is to keep on pressing them. That way, they'll eventually be forced to understand what's happening, and that way, they can pass on their cases to the high-tech crime unit and other more capable forces.

Just being passive and leaving it at that never changed anything.
danielschut
 
Posts: 69
Joined: Tue Jun 02, 2009 4:42 pm

Re: Update your PivotX immediately: you have been hacked

Postby Schop » Sun Feb 20, 2011 2:18 pm

danielschut wrote:@schop: Thanks, but that's a terribly sad answer. You would regard me as stupid, as the victim of a (admittedly, relatively light) crime for trying to confront people who willingly sabotage other people's work, only because the police and justice department don't understand what I am asking? Suppose someone broke into my house, I go to the police, and the police officer on duty doesn't have a clue what burglary is, so nothing happens - would that also make a fool out of me?

I've worked with pretty high-ranking government officials in the high-tech cybercrime unit in the Netherlands, and they say the same thing: officers on the ground don't understand it when a civilian comes with a complaint like this. But the only way to change the police force is to keep on pressing them. That way, they'll eventually be forced to understand what's happening, and that way, they can pass on their cases to the high-tech crime unit and other more capable forces.

Just being passive and leaving it at that never changed anything.


I never called you stupid. I said 'you will only make a fool out of yourself', meaning not especially you, but 'people that file a report with the police will make a fool out of themselves'. You asked if other people were considering the same, I gave an answer. If you already know that they won't understand you, then yes, it seems foolish to me to try and go file a report. And since the 'pretty high-ranking government officials in the high-tech cybercrime unit in the Netherlands' probably have other things to worry about than people's blog getting hacked, you're on your own.

Part of the problem is the 'open-source' nature of PivotX. If you put plans of your house online, that can be read by anyone to see if there is a secret door in your house that is aways left open, would you be surprised if somebody eventually finds that door and gets in? Luckily the developers of PivotX are pretty knowledgeable when it comes to this, so that chance is pretty slim, but it did happen. So I think we should forget about it, go on, and try to make things better.
User avatar
Schop
Contributor
 
Posts: 485
Joined: Mon Apr 21, 2008 1:47 pm
Location: Hudson, Ohio

Re: Update your PivotX immediately: you have been hacked

Postby danielschut » Sun Feb 20, 2011 5:24 pm

Ha Schop,

Maybe my tone seemed a bit harsh, sorry. They've just really pissed me off....
danielschut
 
Posts: 69
Joined: Tue Jun 02, 2009 4:42 pm

Previous

Return to 2.x Support Forum

Who is online

Users browsing this forum: No registered users and 10 guests

cron