Well, might as well discuss this topic as, if you're like me, you're wondering "What the heck just happened here, why and how, how vulnerable are discussion forums, etc.?".
So... I'll go first. Note that I don't know much about web tech, so my thoughts are more speculative and conspiratorial.
1) Why was Concen hacked?
From what I gather it's a guy who, may or may not have been part of Concen admin once (to be determined), who wanted to prove his hacking skill (i.e. ego driven?) by exposing security flaws (i.e. false ego-driven justification for meddling in other peoples affairs?). Do you know more than me? Why?
My conspiracy in this matter: Concen was hacked just as it was in the middle of multiple discussion threads regarding the Israel Vs Palestine conflict. We, most regulars at Concen, saw two new users start to push the Jewish propaganda and try to subvert the thoughts of most regulars, but failed because we know better. Just before the forum was hacked the regulars were exposing all the levels of Zionist and Israeli propaganda, and it's my opinion that the two new users (i.e. plants/agents/shills?) were getting their asses handed to them on a platter. Not a good thing to have on the world wide web...?
Anyway, this forum has already been blamed in the past for being a "Zionist Operation" (http://wakeupfromyourslumber.com/blog/joeblow/concenorg-zionist-operatio...). I've never really thought much of this claim, but do consider that the recent hacking may be related to something more than just "a kid exposing a security flaw". The timing makes me wonder. Again, this is conspiracy by nature.
2) How did it happen?
And here is where you computer geeks can explain it to us that want to learn more about this type of hacking.
3) How can it be prevented?
If hackers are always going to find ways through security, then could discussion forum not be set up with mirrors as multiple backups? I mean, and not expert, could we not backup all the data every day on many independent servers and have them merge the data so all the different sites can serve the users? So if one site is hacked then it doesn't matter because many others are still up and running, have all the data, and can be accessed by users. Sort of like how terrorist use "cells", so that if you eliminate one they others can still function; like a replicating virus of sort, but a forum format...
http://skidpaste.org/Qt5DA5q2
this is the chappie here and as far as i know he was fuck all to do with concen EVER.
the previous version of the site used TBdev... this had a vulnerability.
a script this kiddie used scanned sites en masse for that vulnerability
then the little shit used that vulnerability to ravage the site ,change the bitcoin address and mass mail the peeps on the site.
As to it being a zionist conspiracy...... erm... ...
Well remembering the thread where certain blatant Zionist douches were getting a bit of a "kicking" and no matter the Hasbara(propaganda) they put up they got bitchslapped and countered at every single step.
now, while they certainly didn't like it i also cvertainly don't think this script kiddie had anything to do with zionism and everything to do with validating himself in front of his script kiddie peers in the "LOOK HOW GOD LIKE I AM.. I HAVE SMOTE THESE SITES..... PRAISE ME!!!!!"
and this he does on reddit.
have a checksee of the links that were placed on the front page and you can see the little wanker and his little script kiddie cock-stroking pals cornered by a few people here people from this here forum.
IMHO it really is as simple as that and while i first though the same as you..... Applying Occam's razor to this.. the simplest explanation is the one that's been presented as ... it's the simple truth of the matter.
As for forum security.. much like everything else it's a perpetual arms race. As to how to counter it... I am pretty damned sure that the site staff will be considering how to prevent and /or mitigate future attacks should they occur.
just my pennies worth
It used TorrentTrader actually.
This punk used a program called SQLMap to scan the TorrentTrader software for vulnerabilities. He found one, then used it to download the tracker database. He then ran a cracking program on the obfuscated admin passwords. He succeeded in cracking one which he used to log into the forum as an admin. He then used a "feature" of MyBB to download the forum database and send out a mass email. He also changed the bitcoin donation account to his. He then set up a redirect to nsa.gov.
He attempted to obtain root on the server but failed. This meant that he could not cover up how he did it. The web log showed him returning to the site from a specific reddit post seconds after it was created. This is why we know for sure that it was uhx.
Nibs that the wee shite was banging on about TBdev so much???
it seemed that was his "justification" that and how "all torrent sites were run for profit" bullshit...
just interested to know bud
He claimed he was just exploiting TBdev sites in an attempt to make sure torrent sites were secure for the safety of site members. Since we didn't use it, he reasons were a load of bullshit...just like everything he says. He was ego and profit driven.
ah righty.. cheers bud for clearing that up
Glad to know it was this little wanker vs. some other org.
ROTFLMAO
https://www.youtube.com/watch?v=KtlGmF21VXc
BWAHAHAHAHAHAHA!
I noticed that the avatars are gone.
I am curious if this decision has to do with malware embedded in images and if Drupal is vulnerable to it.
In December of 2009 Pilots for 911 truth was taken down by such an avatar uploaded by a malicious user.
( Rob asked me to help diagnose the problem )
I can not remember the name of it and can not find the copy I saved and renamed to a .txt file, but it was a popular hack back then which affected several forum packages.
-- Just curious.
Back to the ZJuice...
The Zionist Juice are not very special. They are the level, but never above or below, unless they put themselves below by their actions, then we can pretty much deduce they certainly are capable of doing the wickedes nad most sickest their side of behavior....
Oh shit...
here we go again.
Exactly what do the last 3 posts have to do with the topic which is
"Why and how Concen was hacked?" ?
mexica & Newsthet: Nope, not in this thread. If you two want to bicker, go make your own thread in the Zionism or Fists of Fury forums.
......why cheebus wept...!!!
newschebs!
OK. Where exactly is that pot stirring smiley ? LOL
Thanks Easy. :)
You really think that some forum threads with some estimated 10 active users discussing and maybe some 50 people reading is worth the hassle for the almighty Zionists? Not trying to minimize ConCen here, but even if it's a little bit more, I think you're overestimating the significance and impact here. If you had read up on UHX on Reddit you would have seen that he attacked other, totally unrelated trackers like one with the name gay-torrents.org. Or do you think the Zionists would go to this length to cover their tracks? *roll eyes*
Bland was not a new user but has posted for quite some time already.
Pathetic "victory dances" that could be considered to be totally unrelated to the topic "Why and how Concen was hacked?" and unnecessary here as well.
I wouldn't put it past the rat-faced hook-nosed tribe after seeing what they've done to other scources of truth such as Ernst Zundel, David Irving inter alia.
what...who...why...where???
get over yerself... :)
So what software does the tracker use now?
Good ol' BNBT did the job in its day and was bulletproof.
I concur with the assessment of this being a script kiddie attack, thanks to the poster above for the DOX links.
With respect to maintaining site security - I would endorse Penetration Testing to be conducted regularly. Red Team / Blue Team if one wants to get serious. One way to reduce the risk exposed through the constantly evoloving arms race.
A front-end reverse proxy using nginx with a in-line IDS scanning traffic, not only detects and blocks attack patterns such as those deployed by script kiddies, it can obsfucate the actual location of the server hosting infrastructure.
If any of the admins is interested in reaching out to myself direct, not suggesting I know anything, far from it. :-)
If the admins are not capable of securing the site then they need to seek assistance from people who know more than them. Not updating software on the server and not keeping a top of admin accounts/passwords is basic administration.
I am not convinced uhx = Julius Kivimäki
Could be. It would be great if the ip addresses of uhx was posted months ago when the problem still occurred so people good investigate the menace themselves.