Site Attacks

newtoallthis · March 01, 2011, 09:36:06 AM

XP SP3, SMF 2 RC5. SP 2.3.3

Not sure whether this is the right place for this?

First, the context.

Since I opened my forum, I have received a large amount of hassle from a site owner with who I am now in competition.

The owner himself registered on my site and started to indiscriminately delete all photographic images from my gallery. Of the 2000 or so images, I admit to not having copyright to 52 of them but this was an oversight. The remainder either belong to site admin or we have permission to show.

Other members of his site joined mine at the same time as he did and posted threatening obscenities.

He has approached my web host to claim that we have stolen his intellectual property (we both have SMF 2 and Simple Portal 2.3.3 in default theme) and that we have accessed his site to steal content. Absolutely everything on my site to my knowledge has been uploaded from two PC's the owners of which have had the content on their computers for months or years. In fact, I'm guessing that 50% of all image content is made up of photographs taken by me personally.

During the start of the dispute, my host found that malicious code had been placed on the server causing site redirects. We don't know who did this.

Today, I have had a complaint from one prospective member that her PC has been infected when she tried to register at my site. Again, I don't know whether my site caused this and if so, who placed the code.

Any observations or suggestions would be very welcome.

Clara Listensprechen · March 01, 2011, 01:10:40 PM

Yow. I'd change hosts yesterday, just for starters. I'd suspect the host being the spreader of the infections, too.

newtoallthis · March 01, 2011, 03:17:58 PM

Thing is, my site comes up as clean on both AVG and Virus Total URL scanners.

Illori · March 01, 2011, 03:23:54 PM

did you check all the files manually to make sure no code was added?

newtoallthis · March 01, 2011, 03:30:31 PM

Quote from: Illori on March 01, 2011, 03:23:54 PM
did you check all the files manually to make sure no code was added?

I didn't, but wouldn't know how to do it anyway.

Illori · March 01, 2011, 04:05:42 PM

just doing a virus scan will not detect if files have been modified. search the forum for base_64 i believe is the name of one type of attach and there is a file that can be run to detect that script edit. best to do if you are not sure is to upload the files from the large upgrade archive to your server and reinstall your mods afterwards.

newtoallthis · March 01, 2011, 05:14:59 PM

So far today, only one person has reported an attack and she cannot be completely certain it was from my site.

I'll watch what happens over the nest few days.

Perhaps I'm being a bit overcautious, but when a competitor cries foul following my default install of SMF with a default mod by Simple Portal, and in the light of his on site vandalism, I think I do need to take a bit of care.

Danny S. · March 02, 2011, 09:31:18 AM

So this person is saying you copied his site just because you installed SMF and SP? Are your sites similar?

If not, wouldn't that mean we all just copied SM.org? *This is sarcasm... FYI*

newtoallthis · March 02, 2011, 02:55:28 PM

Quote from: Danny S. on March 02, 2011, 09:31:18 AM
So this person is saying you copied his site just because you installed SMF and SP? Are your sites similar?

If not, wouldn't that mean we all just copied SM.org? *This is sarcasm... FYI*

The sites are similar and we are in direct competition each providing a forum for occupants of the same town. However, the OP has objected to my default install of SMF and my default install of Simple Portal. As with the other site, I've added an image gallery (Aeva in my case) and a wiki (Dokuwiki). All software used is clearly free of charge and default installed, but he insists that there's an issue of intellectual property theft!

Danny S. · March 02, 2011, 03:50:53 PM

That's crazy... are your domain names similar?

newtoallthis · March 02, 2011, 03:52:28 PM

Quote from: Danny S. on March 02, 2011, 03:50:53 PM
That's crazy... are your domain names similar?

They both contain the town name as you'd probably expect.

newtoallthis · March 10, 2011, 04:05:23 AM

I had a phone call from one of our members today to say that, when clicking on recent posts in the Simple Portal block, he has been redirected to the home page of the site which we believe has been responsible for various attacks on ours.

Any suggestions as to what I need to do to prevent this would be very welcome.

floridaflatlander · March 10, 2011, 06:07:16 AM

Quote from: newtoallthis on March 10, 2011, 04:05:23 AM
I had a phone call from one of our members today to say that, when clicking on recent posts in the Simple Portal block, he has been redirected to the home page of the site which we believe has been responsible for various attacks on ours.

What do you mean when clicking on recent posts? Post titles, links in post? Does this happen to you?

Xarkurai · March 10, 2011, 10:26:18 AM

Something is really, really messed up there.
Either it is someone assaulting your website or your host can't be trusted.
If I may ask, who or what is your host?

There exist multiple scripts and tools to prevent things like this for happening.
For example you could use this: http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php .

Danny S. · March 10, 2011, 04:00:53 PM

You don't happen to have a shoutbox do you? I've heard of malicious code being entered into the shoutboxes to redirect the site...

News:

Site Attacks