Forum gets hacked every few months

Viewing 8 reply threads
  • Author
    Posts
    • #6546
      Joshsevo
      Participant

      So being a contributing member on here for the past yr or so I am hoping you can help me out with another hobby of mine.  I am a moderator on a local car website called ColoradoEvo.com.  My friend owns the site and we have about 400 members.  We all have the similar car Mitusbishi Evo’s (mine is a 750 HP and recently put into a magazine, toot me own horn).

      Every few months the site gets hacked by I think a previous member that was booted off the site.  He said he has hacked into it before and feel he still has a grudge.

      The site is using a version of VB that is not widly used as it has many problems and weak security built in.

      As a recently graduate with limited experience what can I provide by helping my friend not only protect the site from further attacks but find the problem and possibly the source. 

      Yes I know the person could be using a proxy therefore never being able to find him but is there anything else. Maybe the person got lazy this time and didn’t use a proxy.

      If we were to find the person could I get in contact with the FBI and have them look into it?

    • #40628
      lorddicranius
      Participant

      @Joshsevo wrote:

      The site is using a version of VB that is not widly used as it has many problems and weak security built in.

      Is upgrading or switching forum software out of the question?  You said he’s using a version that is not wildy used…what makes it “not wildy used?”  Old version of the software?  Buggy forum software (I’m not familiar with vBulletin)?

      If he’s just not wanting to upgrade because of the issues he may have upgrading, I think avoiding being hacked every few months is a good incentive.  If you know the forum software version, maybe finding a publicly available exploit would help entice him to upgrading/switching?

    • #40629
      Joshsevo
      Participant

      I do not think that switching back to a more secure version is avaliable.  I think it’s once it’s done, it’s done.  I will double check though.  Maybe I will have him join this site and post up.

      I think the reason it isn’t widely used is because of the flaws in it.  This is something that wasn’t checked before hand.  It’s like FTK 2, LOL.  All Forensics examiners stay away from FTK like it’s the plague.

    • #40630
      lorddicranius
      Participant

      Hmm… Aside from trying to remove the vulnerabilities, blocking on forums is difficult.  As you said, ‘he may usually use a proxy, but maybe he slipped up?’  Even if he did slip up, that doesn’t keep him from going back to a proxy.  As for reporting to law enforcement/FBI, I’m not sure how seriously they’d take it.  Just my own observation, but unless you’re a high-valued site with high money loss or something, they more than likely won’t take the case.

    • #40631
      Joshsevo
      Participant

      I first thought that the FBI concered with it but there is money on this stie as 4 companies advertise on the site as well as make money off the site and pay for the sites upkeep ( I know, not too good).

    • #40632
      lorddicranius
      Participant

      Hopefully somebody else can chime in with a view as to the involvement of law enforcement…I don’t know too much about that haha

    • #40633
      BillV
      Participant

      Why can’t you upgrade the board? Sounds like he’s using a known exploit to do whatever it is he is doing. If the software isn’t widely used, and is buggy, then there are likely upgrades/patches available to fix whatever hole he is using.

      Law enforcement is not likely to get involved. As far as I know, for the FBI to bother, the monetary damages have to be quite significant.

    • #40634
      WCNA
      Participant

      You re correct in that LE is unlikely to get involved.

      SMF appears to be one the most secure forum software out there and I would suggest moving to that.

      Here’s a link to it:
      http://www.simplemachines.org/

    • #40635
      Joshsevo
      Participant

      Servers are locked down I guess right now so I can;t get any answers until later today / tomorrow.

      Eh figured they wouldn’t want to be involved.

Viewing 8 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?