Today, around 3:13PM PST, the 6G Celicas forums were hacked. I got several phone calls (thanks guys) letting me know while I was in the middle of my brake upgrade. I confirmed the site had been hacked, and killed the web services running on the server to prevent any more damage. I then waited for my parents to get home, took their car, came up to my apartment where I have fast and reliable internet access, and fixed the problems.

I don't know who did it, where they did it from, why they did it, or exactly how they did it.

I do know that just before the hacker got in, a password recovery request email was sent to me that I did not request. Somehow, a malicious user could get the necessary code to complete the password recovery section, allowing that user to set a new password. In this case, they changed my password, and took the board offline, with a inappropriate message that redirected to a site after a few seconds.

With the help of Invision Power Services, the forum software manufacturer, I got the problem fixed, applied my own security updates, and upgraded the board software to the latest version, which includes critical security updates. This was the first time that 6G Celicas was hacked, and should be the last.

With administrative access, it appears that the only thing the malicious user did was take the board offline. There's no evidence of the user accessing the administrative control panel, or doing any other malicious work to the board.

I know some of you were worried that your password might have been seen by the attacker, but it's impossible for anyone to view any user's password, because they are one-way encrypted using advanced and secure algorithms.

The bottom line is that this shouldn't happen again. I'll keep better tabs on applying those security updates, and in the event that something catastrophic were to happen, I do keep frequent database and full filesystem backups.

Should you notice anything different, suspicious, any errors, etc., PLEASE let me know immediately. I really appreciated everyone's help and concern today, and I'm sorry to the people I was blunt with on AIM, but we made it through this and shouldn't have to go through it again.

Regards,
Christian Coomer

>


Yeah, I was @ work, surfing the forum when it happened. It didn't send a virus out or anything did it? would be bad since all of our company computers run off the same network...

lol i was greeted to the word "F**K" and some other words as I tried to reply to a post and my boss was sitting right next to me (she didn't see).

I have to commend you and all those who tipped you on the issue for such a speedy recovery of the forums.

Thanks Christian.

Justin-

Thanks coomer for being on top of this! youre welcome for the call ;-) and getting the message out via bulletins on myspace!

keep up the good work on the site! I know we all appreciate the effort you put into it

>

Nope, it shouldn't have sent out viruses or anything like that. And you're welcome...glad I could get it back online in decent time.

yea so like that was the reason why i couldn't get on 6gc damn hackers first i thought my computer was f'd up, but anyways thanks coomer

coomer, thank you for taking care of 6gc!

Man, i directed to a porn site. I was like damm Coomer. I looked around for a few hours.

thanks Coomer for getting the site back up so quickly , i felt like i was lost without it

0h snpz! ub98r l89t h0x0r FTL!!

>
LMAO. Yeah, but thanks boo. I was 6GC deprived.

i however was redirected to another site right when they did so, just my luck. im racking my brain for the site name because it was an obvious hackers forum where they go about their duties. its not in my history (already checked) time to use some googling

nvm, it was in another part of another topic.... goons.net ill look into it ^.^ im majoring in computer networking, so i should help out.

+ okay. it was from http://www.g00ns.net and i've found a user named Lad. pretty active member of the forums, and not to mention i've checked all of the sites this specfic forum has defaced and pretty much owned. we're just one in a million.

This post has been edited by Blakout16: Aug 28, 2006 - 2:39 AM

nice save.

must be them civic people LMAO!

hehe but yeah. keep up the good work!

It was probably some form of SQL injection that caused your password to be sent to their email adress. You can try and change some of the table names in your DB to nonstandard names to make it more difficult for hackers to figure out. Also make sure that none of your table names are listed in any errors generated.

Oh man, this is too funny. When I tried to get onto the forums yesterday, they were down...and I was like "hmm, that's strange." So I went to my second-favorite site (a literature thing...I'm an English major, remember?) and IT was down too! I thought "no way, my internet must be screwing up, did I pay my bill this month?"

Turns out that the literature site was updating was updating some software or something at the same time 6gc went down, lol.

Great job Coomer, 6gc prevails!!! Mwahahaha...

Glad to see that nothing else was tampered with except the redirection and nasty message.

How did everyone handle, not having 6gc.net in there life for a few hours????? I know Derrick (maskedman), was Iming me, freaking out cuz he was SOOO bored lol.

Anyone have any bored stories?

>
i had them taken down for an hour in response

>

huh?

>
i called the interweb police on them

if anyone went to the site and was redirected to a page not found or dns lookup problem last night, that would have been indirectly my doings.

Coomer to the rescue
Keep up the good work mate

and yes I did feel lost without it.

Good lookin' out! Don't know what i'd do without my 6GC!

I glad that i was at work while this whole thing went down. Coomer, if in the future, we do have more trouble with hackers and other things of that nature, im still all up for an optional subsription based forum here, so that you can fund tools for the site like added security. Just a thought.

This post has been edited by hitcachi: Aug 28, 2006 - 10:24 AM

i bugged dan and dustin, then went surfing online.

I was so bored that I wound up subjecting myself to the Discovery Channel's re-run of their Giant Squid tracking show...

edit: oh yeah, and I finally got some homework done

This post has been edited by mzztoyota: Aug 28, 2006 - 10:27 AM

I guess I should feel lucky that I'm obsessed with 2 cars and 2 forums. Thanks for getting the site back up so quickly, my other forum takes DAYS. One of my friends is a "goon" I will yell at him for this.

yeah, the message said something along the lines of "g00ns.net F*cking owns you!" and under it, they had their mIRC server info.

server: irc.g00ns.net
channel: #g00ns

I went into their chat after I saw the message and saw the user LaD in there talking smack about our forums. I knew it was just some noob password request "hack". Those guys had to be hacker-wannabes. The guy was like "yea, give me 5 dollars and I'll bring the forum back up". I just mentioned that all of the users go on a secondary board as well just so that he stopped feeling so special.

Thanks for bringing the forum back up... I hate myspace!

Great work Coomer! I was so scared that we'd loose all this good information on here..

whew!

Wow... it's very nice for you to get this back up so quickly! Thanks coomer!

I went into shock when it happed. I was online when those freaks hacked us, I was lost. I registered on their site to see what the heck happened, and wow, kinda creepy people on there. Anyway great job Coomer, Thanks.

>


go back to that irc chat. look up the ip for this LaD kid, and give it to coomer. then coomer can give it to his isp, and they can block it or contract the cops on this kid.