Important! - Message Board hacked

What about those of us using firefox? Are we likely to be infected?

Firefox users probably are not affected. The particular vulnerabilities that the hackers tried to exploit were IE specific but were also a year or more old. Anyone who has kept their system's patch level reasonably up to date wouldn't have been at risk.

Those who do not keep their systems up to date with security patches for their OS and software including Firefox are playing Russian roulette. Its unpatched systems that provide a fertile environment for malicious programs to exist and provide an incentive for the people that create them to continue doing so. Most spam email is sent from zombie machines that are created as a result of attacks like the one that affected this messageboard. I have ZERO sympathy for anyone who might have been infected with malware as a result.

If it were up to me people would have 6 months after a vulnerability was discovered and a patch made available to patch their systems, then malware that exploited the vulnerability and trashed the unpatched systems would be released into the wild. A sort of accelerated natural selection on the Internet. After a couple of years there would be very few vulnerable systems and few new security vulnerabilities. And there would be no spam and no need for anti-virus software and I would have more time to ponder the MM, the EPH and Martians with Art degrees.

JR

Today's news is that the hacker-spambot has apparently been targeting Snitz Message Boards everywhere, so Meta Research was probably just a victim, not a specific target. We found that the bot had apparently exploited a security vulnerability to give itself administrative privileges, then used SQL injection (for those who know what that means) to hide malicious code on the home page of this Message Board. We eliminated that unauthorized account and are in the processing of closing that vulnerability so the bot cannot attack again. But for another day or so, we have only vigilance to prevent a repeat incident.

In the meantime, we've tightened up security in several areas and are making some other changes. We'll keep them as transparent to users as possible. But until we give the "all clear", those wishing to be extra cautious might wish to click directly on links to the forums you subscribe to and avoid the Message Board's home page. -|Tom|-

In response to Tom's and jrich's messages, I want to report that I saw the attack on the "All Forums" page of this message board. It seems that my Norton firewall, anti-spam, anti-virus features protected my computers (at work and at home) because they work fine.

Except for one thing. I no longer get any images at all on the message board, just the code for them. Everything else is ok and all other internet and computer functions seem to be alright.

Can you shed any light on this issue?

Neil

<blockquote id="quote"><font size="2" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Originally posted by neilderosa

...I no longer get any images at all on the message board, just the code for them. Everything else is ok and all other internet and computer functions seem to be alright.

Can you shed any light on this issue?

Neil<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">I see the same thing. Just the forum [img][/img] tags. The forum code is not coverting them to HTML image tags.

JR

When making the changes for the new security features, we initially got two of the Message Board settings wrong. Those are now fixed, and links to images should now display as before. Let me know if there are any other symptoms. If we have no repeat attacks within the next 36 hours, I think we're in the clear -- at least for this particular type of attack. -|Tom|-