* * *

Author Topic: Forum software hacked (not this Forum)?  (Read 1775 times)

theo

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1889
Forum software hacked (not this Forum)?
« on: March 22, 2017, 04:01:39 pm »
I have no luck with Forums atm.
German Lazarus Forum is down: http://lazarusforum.de/
And Opensuse returns a PHP File: http://forums.opensuse.org/
Both were working this morning.
What's going on?

rvk

  • Hero Member
  • *****
  • Posts: 2416
Re: Forum software hacked (not this Forum)?
« Reply #1 on: March 22, 2017, 04:12:01 pm »
For the first:
Maybe the provider changed something about the MySQL config (like setting -sercure-auth) or upgraded MySql.
There is much to be found about this error/message.

Just first two hits:
http://stackoverflow.com/questions/29811694/how-to-fix-java-sql-sqlexception-server-is-running-in-secure-auth-mode-but
http://www.mysqlab.net/knowledge/kb/detail/topic/error+messages/id/5377

For the second... see if PHP is still running (and configured) on the server.
(although news.opensuse.org is online so I would guess PHP should be fine)
Your server doesn't seem to handle application/x-php locally on that subdomain (which is strange because I would expect this to be a server-wide setting in PHP/Apache)

If you don't recognize the xxsyspro_8lipcc5 user and you think you are hacked... take everything down as soon as possible and use a backup.
« Last Edit: March 22, 2017, 04:23:09 pm by rvk »

theo

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1889
Re: Forum software hacked (not this Forum)?
« Reply #2 on: March 22, 2017, 04:23:02 pm »
@rvk: I am just a user, not sysadmin of these forums.
Just wondering about the coincidence.

rvk

  • Hero Member
  • *****
  • Posts: 2416
Re: Forum software hacked (not this Forum)?
« Reply #3 on: March 22, 2017, 04:24:28 pm »
Wel, both servers are from different IPs so I guess this is a coincidence.

Ñuño_Martínez

  • Hero Member
  • *****
  • Posts: 579
    • Burdjia
Re: Forum software hacked (not this Forum)?
« Reply #4 on: March 23, 2017, 11:42:55 am »
Administrator of Pascal Game Development has send a message to all members talking about this.  If you have an account you should enter and update your password.

rvk

  • Hero Member
  • *****
  • Posts: 2416
Re: Forum software hacked (not this Forum)?
« Reply #5 on: March 23, 2017, 11:46:04 am »
Administrator of Pascal Game Development has send a message to all members talking about this.  If you have an account you should enter and update your password.
Isn't lazarusforum.de different from PGD (Pascal Game Development) ??
(or do they have the same owner?)

forums.opensuse.org is working again (as of yesterday).
lazarusforum.de still has problems.

Ñuño_Martínez

  • Hero Member
  • *****
  • Posts: 579
    • Burdjia
Re: Forum software hacked (not this Forum)?
« Reply #6 on: March 23, 2017, 11:51:15 am »
Administrator of Pascal Game Development has send a message to all members talking about this.  If you have an account you should enter and update your password.
Isn't lazarusforum.de different from PGD (Pascal Game Development) ??
(or do they have the same owner?)

forums.opensuse.org is working again (as of yesterday).
lazarusforum.de still has problems.
I don't know actually.  I know that somebody has hacked about +150 forum websites.

af0815

  • New member
  • *
  • Posts: 33
Re: Forum software hacked (not this Forum)?
« Reply #7 on: March 24, 2017, 08:19:38 am »
I think, this cannot fixed without the admin of lazarusforum.de. It looks not a hack more than an securityupdate by the hoster. But the admin is not responding to any published mail (I have tried this few weeks ago, for other reasons).

So if Theo cannot reach him, it looks bad.

Andreas aka af0815
regards
Andreas

marcov

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5338
Re: Forum software hacked (not this Forum)?
« Reply #8 on: March 24, 2017, 10:45:27 am »
If I read the message, then the shared hoster might have updated a package that found out that hashes for certain passwords are in an old configuration and it simply refuses to show it.

That's different from hacking, but might be due to an emergency action/upgrade of the hoster because of the similar attacks.

rvk

  • Hero Member
  • *****
  • Posts: 2416
Re: Forum software hacked (not this Forum)?
« Reply #9 on: March 24, 2017, 10:50:16 am »
Yes, that's what I thought too (just an updated MySQL package).

I am surprised it takes so long for lazarusforum.de to be working again.
My impression was that it was a relatively active forum.

af0815

  • New member
  • *
  • Posts: 33
Re: Forum software hacked (not this Forum)?
« Reply #10 on: March 24, 2017, 11:10:54 am »
It was an intzernal diskussion because the owner of lazarusforum.de has in the meanwhile other interests.So the forum was in an adminless state for al longer time. So there was an discusion few weeks ago about this reason. Now the hoster have made an 'point of decision', where will go the german community from now.
I hope its not 'a point of no return'.

Andreas
regards
Andreas

wp

  • Hero Member
  • *****
  • Posts: 3449
Re: Forum software hacked (not this Forum)?
« Reply #11 on: March 24, 2017, 11:18:16 am »
Can't the German forum be a sub-forum here, like the Italian, Spanish, Portuguese boards under "Other languages"?
Lazarus trunk / fpc 3.0.0 / Win32

af0815

  • New member
  • *
  • Posts: 33
Re: Forum software hacked (not this Forum)?
« Reply #12 on: March 24, 2017, 11:28:51 am »
Looks like a point of no return -> look at whois. There has something changed

[Zone-C]
Type: PERSON
Name: Hostmaster Of The Day
Organisation: velogrid GmbH

His other page have the same issue
http://www.monta-n.net/
regards
Andreas

af0815

  • New member
  • *
  • Posts: 33
Re: Forum software hacked (not this Forum)?
« Reply #13 on: March 24, 2017, 11:51:29 am »
Can't the German forum be a sub-forum here, like the Italian, Spanish, Portuguese boards under "Other languages"?
A good idea, but it is sad, if we lost the information from the lazarusforum.de

I have send a fax to a company where i think the admin of lazarusforum will work today.
regards
Andreas

theo

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1889
Re: Forum software hacked (not this Forum)?
« Reply #14 on: March 24, 2017, 03:58:23 pm »
Micha (m.fuchs) has contacted Monta.
Monta said, he's trying to fix the issue.

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus