RPF Hacked

[Jedirick]

From Nov 15 through Nov 18 there where a number of attempts to hack the RPF database. A number of RPF viewers have experienced difficulty in accessing the RPF. Those of you that experienced redirected pages, error messages or anything other than normal website access should run your PC virus scan software as a precaution.

As more information becomes available, we will let you know if there is any other safeguard you may want to consider.

-Rick

UPDATE (Nov 27):
<div class='quotetop'>QUOTE(Lord_Gita @ Nov 27 2006, 12:38 PM) [snapback]1366171[/snapback]</div>

This was not another hack.

Just want to make that clear so people don't freak out about new viruses. This was a utilization issue due to a software upgrade that we didn't request, and weren't advised of until yesterday, that the host put in to try and prevent any future hacks.

Unfortunately, we don't know how stable it's going to be for the immediate future until we can get some specific answers about what the code problem was and how it was fixed. Until then, we are watching closely to report if looks like it's starting again.
[/b]

 

[shado pilot]

Yup. I got infected yesterday trying to log in. Thankfully my PC caught it and I was able to delete it.

 

[Shai`tan]

Same here.

 

[Too Much Garlic]

Thanks for the heads up. I had some problems with people not being able to log on to my own forum and even one who got hit with 3 different types of virus when logging on when it was just starting out. Very bad, as I lost several users, not wanting to come back, because of it - I can understand, as I would not want to risk my own computer by using a forum... though, fortunately haven't had that many problems since. Still a rotten shame. :cry

Hacks and virus attacks are serious issues that annoy the heck out of me. :angry

Hope nothing really serious like what happened at my place has happened to any users here.

 

[Double T]

Well, I know F-Secure nabbed something yesterday, but I didn't associate it with the RPF since I normally am browsing at least three or four tabs and a BBS all at the same time...

Plus the Virus Scan found this last night:
Exploit.HTML.IESlice.d

Is this from the hack?

T

 

[12Rogues]

I don't know if this was related, but I kept getting errors saying an unknown IP address was trying to access my computer. Not when trying to log into the RPF, but just sitting idle. It was after I made my morning "rounds" on the net though.

Just seems like a coincidence that it happened yesterday.

 

[Boba Debt]

My virus software can find it but can't do anything to remove or fix it.

Does anyone know of a free way to remove this virus?

It's a java/exploit strain.

 

[synasp]

What software are you using? Tom said Avast Home works well.

http://www.avast.com/eng/programs.html

 

[Boba Frett]

I was infected as well.

 

[Darth Detroit]

Yup, ran mine. I had a virus, and a worm. The worm was immediatly caught and stopped. and I got rid of them, and my computer works much smoother now. Had some troubles signing on. It would kick me back to the sign in page. My computer was slow too. i ran my PC Cillin and I found out why. I was pretty scared for a minute there too.

 

[wolverine solo]

I got it and went to add or remove programs, there it was, removed it and havent had a problem since. couldnt clean or quarantine it either, but after removing it nothing has happened and my PC is running fine again.

 

[SithLord]

I found that the RPF website would not load on occasion, but since I have a Mac I don't worry about the viruses. Although I also have both software and hardware firewalls and use "Netbarrier X4".

 

[CessnaDriver]

I didn't detect anything.
Using Norton and A2 Trojan scanner, ran Spybot too.
Software and hardware firewalls as well.

 

[synasp]

If any of you had to log in during the hack attempt, please change your password. You may also want to change your password on other sites as well as a safety precaution. I don't think the hack went very far, but just to be safe...

Besides, it's good to rotate your passwords frequently anyway (advice I should take )

 

[Qui-Gonzalez]

AVG caught it yesterday. It started at around 5:39pm yesterday evening. The ones that were picked up were:
xpladv497[1].wmf 15.66kb Trojan
slide497[1].htm 2.47kb Exploit
newsploit.exe 9kb Win32/PEPatch
loaderadv497_5[1].exe 9kb Win32/PEPatch

Don't know if any of that helps you at all, but there it is.

 

[Boba Debt]

I got this from the AVG web site



If you have the virus called Java/ByteVerify, your AVG Anti-Virus cannot get rid of this alone so if you are having troubles finding a way to get rid of it, here is a step by step guide for removal.

-Go to your control panel
-(if in windows XP change over to the classic mode by clicking the link on the left just under your toolbars)
-Open Java Plug-in
-Click on the Cache tab
-Click clear

-To stop this from happening again uncheck the enable cache-ing

This should clear all of these viruses right off of your computer and stop this from happening again.

 

[thatguyno1]

I kept getting a window when trying to sign onto RPf that asked if I wanted to open or save a file (something I didn't recognize). I tried cancelling it but it kept coming back every time I tried to get on RPF (after several tries I finally did get the sign-on screen). I could get on other sites without that window popping up so I figured something was going on with the RPF server. AVG found several files right after that - several Java files and the Exploit file. Hope I caught evcerything in time. I changed all my passwords afterwards.

Paul ô¿ô

 

[nash]

what the hell? is there no better security measures to take? This sucks, if this is going to be a constant on going thing, i'm going to stop visiting this site. wow, just wow.

 

[Qui-Gonzalez]

<div class='quotetop'>(nash @ Nov 19 2006, 09:06 PM) [snapback]1361547[/snapback]</div>

what the hell? is there no better security measures to take? This sucks, if this is going to be a constant on going thing, i'm going to stop visiting this site. wow, just wow.
[/b]

Wow...sites get hack attempts and people get virii from the intraweb? I am sorry for the sarcasm, but for God's sake, this is a free site that many of us enjoy. There are hundreds of sites getting hammered on a day to day basis. We just happened to be on the receiving end this time.

 

[amish]

Nash, as far as I know, this was a first time someone did this.

RPF Staff, was this an attack on the RPF or on Invision?

Please make sure regardless of what happens here that you always keep your virus definitions updated as well as always run a firewall.