Hacking at Wild: More Info (PLEASE RE... Log Out | Topics | Search
Moderators | Register | Edit Profile

Wild Poetry Forum » ~NATUROPATHY~ (Library Forum) » WPF Administration / System Topics » Hacking at Wild: More Info (PLEASE READ) « Previous Next »

Author Message
steve williams
Board Administrator
Username: twobyfour

Post Number: 1442
Registered: 05-2005
Posted on Wednesday, April 04, 2007 - 8:41 am:   Edit Post Delete Post View Post/Check IP Print Post

ok folks

what is happening is unauthorized emails are getting written directly to the board overwriting files at random. the one from this a.m. is below, yesterday's was all in english this one is ? prob arabic.

that's why the damage is limited each time and doesn't spread. also, it doesn't show up as a user and it comes through the host so i don't have an i.p. to ban.

so, we're calling the host 'bluehost' today and saying 'whats up' :-).

here's what it looks like
Return-path: Envelope-to: lifeccus@box160.bluehost.com Delivery-date: Wed, 04 Apr 2007 01:45:04 -0600 Received: from lifeccus by box160.bluehost.com with local (Exim 4.63) (envelope-from ) id 1HZ0Av-00007c-Lv for lifeccus@box160.bluehost.com; Wed, 04 Apr 2007 01:45:02 -0600 From: root@box160.bluehost.com (Cron Daemon) To: lifeccus@box160.bluehost.com Subject: Cron /index.php X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: Message-Id: Date: Wed, 04 Apr 2007 01:45:01 -0600 /bin/sh: /index.php: No such file or directory

the rest is in arabic and discus doesn't recognize those characters so can't put it here.

s
Gary Blankenship
New member
Username: garydawg

Post Number: 8
Registered: 07-2001
Posted on Wednesday, April 04, 2007 - 8:48 am:   Edit Post Delete Post View Post/Check IP Print Post

If don't fix, move on?

Smiles.

Gary
steve williams
Board Administrator
Username: twobyfour

Post Number: 1443
Registered: 05-2005
Posted on Wednesday, April 04, 2007 - 9:23 am:   Edit Post Delete Post View Post/Check IP Print Post

part 2

ok so now i have banned this i.p. address 86.137.158.91 as the originator of the spambot. i encourage you to write to this email address in the UK abuse@btbroadband.com and let them know your displeasure. i sent them a note this morning but more letters couldn't hurt :-).

s
~M~
Board Administrator
Username: mjm

Post Number: 10112
Registered: 11-1998
Posted on Wednesday, April 04, 2007 - 10:00 am:   Edit Post Delete Post View Post/Check IP Print Post

Dearest All -- to further expand on the details, the hacking is not being targeted at Wild directly. The spambot is hitting another site on the server and we are getting hit with the schrapnel. So, this is not someone with a beef against Wild specifically.

We've finally identified the IP address which steve listed: 86.137.158.91. This IP address originates in the UK. The internet provider for that particular # is btbroadband.com. So, it's somebody on that internet provider. Please do write to the address steve listed as the more complaints that come flooding in, the harder it will be for this internet provider to ignore. They need to identify this particular person or persons and shut them down.

Of course, we've banned that IP address at our server end, but it's a bit complicated so we still may be at risk. Don't be surprised if things still go wonky. The pattern is for this e-mail to hit between 1:00 and 2:00 am. (PST).

You really don't have to write us notifying us that Wild is down or funky looking. We are well aware of that. If Wild is scrambled, don't even try posting anything as it definitely will not work. And the system will tell you that your profile/membership is unauthorized or missing. Please realize that steve is busy restoring things when this happens.

However, if after we've restored Wild and it is looking relatively normal, you still have trouble accessing the site, i.e., your profile is missing or disabled, please do notify us about that. We'll get right to work on fixing your individual membership.

We are very sorry for these repeated interruptions to our service and to all the inconveniences you are being made to suffer through. Thanks for hanging with us through all of this. You guys are great!

Know that we are closer to a resolution and we will keep you updated as we can.

Love,
M & s
LJ Cohen
Moderator
Username: ljc

Post Number: 6557
Registered: 07-2002
Posted on Wednesday, April 04, 2007 - 10:04 am:   Edit Post Delete Post View Post/Check IP Print Post

Email fired off to Btbroadband.

Thanks for keeping us afloat.

xo
ljc
Once in a Blue Muse Blog
LJCohen
Fred Longworth
Advanced Member
Username: sandiegopoet

Post Number: 1218
Registered: 05-2006
Posted on Wednesday, April 04, 2007 - 10:25 am:   Edit Post Delete Post View Post/Check IP Print Post

Welcome to CSI Wild.

Being a private defective, I can only admire Steve's sleuthwork.

Fred
Kathy Paupore
Moderator
Username: kathy

Post Number: 881
Registered: 12-2003
Posted on Wednesday, April 04, 2007 - 10:47 am:   Edit Post Delete Post View Post/Check IP Print Post

Will send an email off tomorrow. Have to work tonight.

:-) K
You're invited to:

Wild Flowers

"A poem is made up of words and the spaces between them." WCWilliams
~M~
Moderator
Username: mjm

Post Number: 66
Registered: 11-1998
Posted on Wednesday, April 04, 2007 - 11:05 am:   Edit Post Delete Post View Post/Check IP Print Post

Dearest All -- just updating you on admin responsibilities.

We are working on all the things that need doing (Weekly Creativity Challenge announcement from last week, POtW announcement, etc.). You should begin seeing these regular things that have been delayed appearing shortly.

Also, please know that we are receiving your e-mails. However, every time we must stop to answer one, that takes us away from the tasks at hand (repairing Wild and investigating the spambot / speaking with our host server being top priorities at the moment). So, if you do not receive a response in a timely manner, that doesn't mean we haven't read your mail.

The best way to keep updated about this situation is to check ESSENTIAL OILS often. As with this thread, we are trying to keep everyone updated in this central clearinghouse as it is easier and speedier than responding to individual e-mails. Please check here first before writing us if at all possible.

Again, thanks for your patience. Please know that we are repairing / investigating / researching / rebuilding / typing as fast as our fingers will go!

Love,
M & s