Advertisement:

Author Topic: 2.1 was hacked?  (Read 2902 times)

Offline Shkic

  • Semi-Newbie
  • *
  • Posts: 44
2.1 was hacked?
« on: April 15, 2017, 02:32:47 PM »
So I'm using 2.1 on production site. Yes, I'm using it with my own risk.

Recently I saw that in my settings DB table somehow was inserted new columnd called "tld_regex"

with this info:

Code: [Select]
(?>சிங்கப்பூர்|پاکستان|فلسطين|ファッション|همراه|संगठन|বাংলা|భారత్|дети|تونس|شبكة|भारत|ভারত|ਭਾਰਤ|ભારત|ලංකා|クラウド|グーグル|ポイント|组织机构|電訊盈科|укр|қаз|հայ|קום|قطر|कॉम|नेट|คอม|ไทย|みんな|ストア|セール|天主教|我爱你|淡马锡|诺基亚|飞利浦|ελ|ею|سو(?>دان|رية)|გე|コム|世界|企业|佛山|信息|健康|八卦|嘉里(?>大酒店|)|在线|娱乐|家電|工行|广东|微博|慈善|时尚|書籍|机构|游戏|澳門|点看|珠宝|移动|联通|谷歌|购物|通販|集团|食品|餐厅|삼성|한국|a(?>vianca|kdn|a(?>rp|a)|b(?>udhabi|ogado|arth|le|b(?>ott|vie|)|c)|c(?>ademy|c(?>ountant(?>s|)|enture)|o|t(?>ive|or)|)|d(?>ult|ac|s|)|e(?>tna|ro|g|)|f(?>amilycompany|rica|l|)|g(?>akhan|ency|)|i(?>g(?>o|)|r(?>force|bus|tel)|)|l(?>faromeo|i(?>baba|pay)|l(?>finanz|state|y)|s(?>ace|tom)|)|m(?>sterdam|fam|ica|e(?>rican(?>express|family)|x)|)|n(?>alytics|droid|quan|z)|o(?>l|)|p(?>artments|p(?>le|))|q(?>uarelle|)|r(?>amco|chi|my|pa|t(?>e|)|)|s(?>sociates|da|ia|)|t(?>torney|hleta|)|u(?>ction|spost|di(?>ble|o|)|t(?>hor|o(?>s|))|)|w(?>s|)|x(?>a|)|z(?>ure|))|b(?>a(?>uhaus|yern|idu|by|n(?>a(?>narepublic|mex)|d|k)|r(?>efoot|gains|c(?>elona|lay(?>card|s))|)|s(?>ketball|eball)|)|b(?>va|c|t|)|c(?>g|n)|d|e(?>ntley|rlin|er|st(?>buy|)|a(?>uty|ts)|t|)|f|g|h(?>arti|)|i(?>ble|ke|ng(?>o|)|d|o|z|)|j|l(?>ue|a(?>nco|ck(?>friday|))|o(?>ckbuster|omberg|g))|m(?>s|w|)|n(?>pparibas|l|)|o(?>ehringer|utique|ats|fa|nd|m|o(?>ts|k(?>ing|)|)|s(?>ch|t(?>ik|on))|t|x|)|r(?>idgestone|adesco|ussels|o(?>adway|ther|ker)|)|s|t|u(?>dapest|siness|gatti|ild(?>ers|)|zz|y)|v|w|y|z(?>h|))|c(?>sc|a(?>fe|b|l(?>vinklein|l|)|m(?>era|p|)|n(?>cerresearch|on)|p(?>etown|ital(?>one|))|r(?>avan|tier|ds|e(?>er(?>s|)|)|s|)|s(?>ino|a|e(?>ih|)|h)|t(?>ering|holic|)|)|b(?>re|a|n|s)|c|d|e(?>nter|rn|b|o)|f(?>a|d|)|g|h(?>intai|urch|eap|loe|a(?>se|n(?>nel|el)|t)|r(?>istmas|ysler|ome)|)|i(?>priani|rcle|sco|t(?>adel|i(?>c|)|y(?>eats|))|)|k|l(?>eaning|aims|ub(?>med|)|i(?>ck|ni(?>que|c))|o(?>thing|ud)|)|m|n|o(?>rsica|ffee|ach|des|l(?>lege|ogne)|m(?>cast|sec|m(?>unity|bank)|p(?>uter|a(?>ny|re))|)|n(?>dos|s(?>truction|ulting)|t(?>ractors|act))|o(?>king(?>channel|)|l|p)|u(?>ntry|rses|pon(?>s|))|)|r(?>icket|edit(?>union|card|)|uise(?>s|)|own|s|)|u(?>isinella|)|v|w|x|y(?>mru|ou|)|z)|d(?>rive|clk|ds|hl|np|tv|a(?>bur|nce|d|t(?>ing|sun|a|e)|y)|e(?>mocrat|gree|al(?>er|s|)|nt(?>ist|al)|si(?>gn|)|l(?>ivery|oitte|ta|l)|v|)|i(?>amonds|gital|rect(?>ory|)|et|s(?>co(?>unt|ver)|h)|y)|j|k|m|o(?>wnload|mains|dge|ha|c(?>tor|s)|g|t|)|u(?>pont|rban|bai|ck|n(?>lop|s))|v(?>ag|r)|z)|e(?>quipment|ve(?>rbank|nts)|a(?>rth|t)|c(?>o|)|d(?>eka|u(?>cation|))|e|g|m(?>erck|ail)|n(?>terprises|gineer(?>ing|)|ergy)|p(?>ost|son)|r(?>icsson|ni|)|s(?>urance|tate|q|)|t|u(?>rovision|s|)|x(?>traspace|change|p(?>osed|ress|ert)))|f(?>tr|yi|a(?>mily|ge|rm(?>ers|)|i(?>rwinds|th|l)|n(?>s|)|s(?>hion|t))|e(?>edback|dex|rr(?>ari|ero))|i(?>at|lm|na(?>nc(?>ial|e)|l)|sh(?>ing|)|d(?>elity|o)|r(?>mdale|e(?>stone|))|t(?>ness|)|)|j|k|l(?>i(?>ghts|ckr|r)|o(?>rist|wers)|y)|m|o(?>undation|o(?>tball|d(?>network|)|)|r(?>sale|ex|um|d)|x|)|r(?>e(?>senius|e)|l|o(?>gans|nt(?>door|ier))|)|u(?>rniture|tbol|ji(?>xerox|tsu)|n(?>d|)))|g(?>a(?>rden|me(?>s|)|l(?>l(?>ery|up|o)|)|p|)|b(?>iz|)|d(?>n|)|e(?>orge|nt(?>ing|)|a|)|f|g(?>ee|)|h|i(?>ft(?>s|)|v(?>ing|es)|)|l(?>ob(?>al|o)|a(?>de|ss)|e|)|m(?>ail|bh|o|x|)|n|o(?>daddy|l(?>d(?>point|)|f)|o(?>d(?>hands|year)|g(?>le|)|)|p|t|v)|p|q|r(?>een|ipe|oup|a(?>inger|phics|tis)|)|s|t|u(?>ardian|cci|ge|ru|i(?>tars|de)|)|w|y)|h(?>dfc(?>bank|)|gtv|sbc|bo|a(?>mburg|ngout|ir|us)|e(?>alth(?>care|)|l(?>sinki|p)|r(?>mes|e))|i(?>samitsu|tachi|phop|v)|k(?>t|)|m|n|o(?>ckey|rse|use|me(?>depot|goods|s(?>ense|))|l(?>dings|iday)|n(?>eywell|da)|s(?>pital|t(?>ing|))|t(?>mail|el(?>es|s)|)|w)|r|t(?>c|)|u(?>ghes|)|y(?>undai|att))|i(?>piranga|kano|veco|bm|fm|wc|c(?>bc|e|u)|d|e(?>ee|)|l|m(?>amat|db|mo(?>bilien|)|)|n(?>vestments|dustries|f(?>initi|o)|g|k|s(?>titute|ur(?>ance|e))|t(?>uit|e(?>rnational|l)|)|)|o|q|r(?>ish|)|s(?>elect|maili|t(?>anbul|)|)|t(?>au|v|))|j(?>io|nj|a(?>guar|va)|c(?>b|p)|e(?>welry|tzt|ep|)|l(?>c|l)|m(?>p|)|o(?>b(?>urg|s)|t|y|)|p(?>morgan|rs|)|u(?>niper|egos))|k(?>uokgroup|aufen|ddi|fh|e(?>rry(?>properties|logistics|hotels)|)|g|h|i(?>tchen|nd(?>er|le)|wi|a|m|)|m|n|o(?>matsu|sher|eln)|p(?>mg|n|)|r(?>ed|d|)|w|y(?>oto|)|z)|l(?>gbt|ds|pl(?>financial|)|a(?>dbrokes|caixa|salle|m(?>borghini|er)|n(?>xess|c(?>aster|ome|ia)|d(?>rover|))|t(?>robe|ino|)|w(?>yer|)|)|b|c|e(?>clerc|frak|ase|xus|g(?>al|o))|i(?>ghting|aison|lly|psy|xil|dl|fe(?>insurance|style|)|ke|m(?>ited|o)|n(?>coln|de|k)|v(?>ing|e)|)|k|o(?>ndon|an(?>s|)|ft|tt(?>e|o)|ve|c(?>ker|us)|l)|r|s|t(?>d(?>a|)|)|u(?>ndbeck|pin|x(?>ury|e)|)|v|y)|m(?>ba|a(?>serati|drid|keup|ttel|cys|i(?>son|f)|n(?>agement|go|)|r(?>shalls|riott|ket(?>ing|s|))|)|c(?>kinsey|d(?>onalds|)|)|d|e(?>lbourne|tlife|et|d(?>ia|)|m(?>orial|e)|n(?>u|)|o|)|g|h|i(?>crosoft|ami|l|n(?>i|t)|t(?>subishi|))|k|l(?>b|s|)|m(?>a|)|n|o(?>scow|par|bi(?>l(?>e|y)|)|da|to(?>rcycles|)|e|i|m|n(?>tblanc|ster|ash|ey)|r(?>tgage|mon)|v(?>i(?>star|e)|)|)|p|q|r|s(?>d|)|t(?>pc|n|r|)|u(?>seum|tual|)|v|w|x|y|z)|n(?>ba|hk|tt|yc|a(?>goya|dex|me|vy|b|t(?>ionwide|ura)|)|c|e(?>ustar|c|t(?>bank|flix|work|)|w(?>holland|s|)|x(?>us|t(?>direct|))|)|f(?>l|)|g(?>o|)|i(?>nja|ssa(?>n|y)|co|k(?>on|e)|)|l|o(?>kia|rt(?>hwesternmutual|on)|w(?>ruz|tv|)|)|p|r(?>a|w|)|u|z)|o(?>kinawa|saka|pen|ff(?>ice|)|oo|vh|b(?>server|i)|l(?>dnavy|ayan(?>group|)|lo)|m(?>ega|)|n(?>yourside|e|g|l(?>ine|))|r(?>a(?>cle|nge)|g(?>anic|)|i(?>entexpress|gins))|t(?>suka|t))|p(?>ccw|ub|a(?>mperedchef|ssagens|ge|n(?>asonic|erai)|r(?>is|s|t(?>ners|s|y))|y|)|e(?>t|)|f(?>izer|)|g|h(?>armacy|ilips|ysio|o(?>ne|to(?>graphy|s|))|)|i(?>oneer|aget|zza|c(?>s|t(?>ures|et))|d|n(?>g|k|))|k|l(?>a(?>ce|y(?>station|))|u(?>mbing|s)|)|m|n(?>c|)|o(?>litie|ker|hl|rn|st)|r(?>ess|ime|a(?>merica|xi)|o(?>gressive|tection|pert(?>ies|y)|mo|d(?>uctions|)|f|)|u(?>dential|)|)|s|t|w(?>c|)|y)|q(?>pon|ue(?>bec|st)|vc|a)|r(?>yukyu|mit|a(?>cing|dio|id)|e(?>liance|cipes|xroth|view(?>s|)|hab|st(?>aurant|)|a(?>d|l(?>estate|t(?>or|y)))|d(?>umbrella|stone|)|i(?>se(?>n|)|t)|n(?>t(?>als|)|)|p(?>ublican|air|ort)|)|i(?>ghtathome|c(?>oh|h(?>ardli|))|l|o|p)|o(?>gers|deo|om|c(?>her|ks)|)|s(?>vp|)|u(?>gby|hr|n|)|w(?>e|))|s(?>fr|a(?>arland|kura|fe(?>ty|)|ms(?>club|ung)|rl|ve|xo|l(?>on|e)|n(?>dvik(?>coromant|)|ofi)|p(?>o|)|s|)|b(?>i|s|)|c(?>johnson|ience|a|b|h(?>aeffler|midt|warz|ule|o(?>larships|ol))|o(?>r|t)|)|d|e(?>rvices|lect|cur(?>ity|e)|ner|ven|at|ek|s|w|x(?>y|)|)|g|h(?>riram|ell|a(?>ngrila|rp|w)|i(?>ksha|a)|o(?>uji|es|p(?>ping|)|w(?>time|))|)|i(?>lk|te|n(?>gles|a)|)|j|k(?>i(?>n|)|y(?>pe|)|)|l(?>ing|)|m(?>art|ile|)|n(?>cf|)|o(?>ft(?>bank|ware)|hu|c(?>cer|ial)|l(?>utions|ar)|n(?>g|y)|y|)|p(?>readbetting|iegel|ace|ot)|r(?>l|t|)|t(?>ream|yle|ud(?>io|y)|a(?>ples|da|r(?>hub|)|t(?>oil|e(?>bank|farm)))|c(?>group|)|o(?>ckholm|r(?>age|e))|)|u(?>zuki|cks|pp(?>ort|l(?>ies|y))|r(?>gery|f)|)|v|w(?>atch|i(?>ftcover|ss))|x|y(?>mantec|stems|dney|)|z)|t(?>a(?>ipei|obao|rget|lk|b|t(?>too|a(?>motors|r))|x(?>i|))|c(?>i|)|d(?>k|)|e(?>masek|nnis|am|ch(?>nology|)|va|l(?>e(?>fonica|city)|))|f|g|h(?>eat(?>er|re)|d|)|i(?>ckets|ffany|enda|aa|ps|r(?>es|ol))|j(?>maxx|x|)|k(?>maxx|)|l|m(?>all|)|n|o(?>shiba|day|kyo|ols|ray|tal|urs|wn|p|y(?>ota|s)|)|r(?>ust|a(?>ining|vel(?>channel|ers(?>insurance|)|)|d(?>ing|e))|v|)|t|u(?>nes|shu|be|i)|v(?>s|)|w|z)|u(?>connect|ol|ps|a|b(?>ank|s)|g|k|n(?>i(?>versity|com)|o)|s|y|z)|v(?>laanderen|a(?>cations|n(?>guard|a)|)|c|e(?>ntures|gas|r(?>mögensberat(?>ung|er)|sicherung|isign)|t|)|g|i(?>ajes|king|llas|rgin|deo|g|n|p|s(?>ion|ta(?>print|)|a)|v(?>a|o)|)|n|o(?>yage|dka|l(?>kswagen|vo)|t(?>ing|e|o))|u(?>elos|))|w(?>hoswho|me|a(?>rman|tch(?>es|)|ng(?>gou|)|l(?>mart|ter|es))|e(?>ather(?>channel|)|b(?>site|cam|er)|d(?>ding|)|i(?>bo|r))|f|i(?>lliamhill|en|ki|n(?>dows|ners|e|))|o(?>lterskluwer|odside|r(?>ld|k(?>s|))|w)|s|t(?>c|f))|x(?>finity|peria|erox|box|xx|yz|i(?>huan|n))|y(?>un|a(?>maxun|chts|ndex|hoo)|e|o(?>dobashi|kohama|ga|u(?>tube|))|t)|z(?>uerich|ero|one|ip(?>po|)|a(?>ppos|ra|)|m|w)|б(?>ел|г)|к(?>атолик|ом)|м(?>кд|о(?>сква|н))|о(?>нлайн|рг)|р(?>ус|ф)|с(?>айт|рб)|ا(?>بوظبي|رامكو|مارات|یران|ل(?>سعودية|جزائر|عليان|اردن|مغرب))|ب(?>ازار|ھارت|يتك)|ع(?>راق|مان)|ك(?>اثوليك|وم)|م(?>ليسيا|صر|و(?>بايلي|قع))|இ(?>ந்தியா|லங்கை)|中(?>文网|信|国|國)|公(?>司|益)|台(?>湾|灣)|商(?>城|店|标)|大(?>众汽车|拿)|手(?>机|表)|政(?>务|府)|新(?>加坡|闻)|网(?>址|店|站|络)|香(?>格里拉|港)|닷(?>넷|컴))
I think it's not belong to SMF. I checked my local server DB, and there was no column like this.

EDIT:

Ooops, sorry. It has something with SPAM prevention. Maybe someone can explain how this works?
« Last Edit: April 15, 2017, 02:44:43 PM by Shkic »

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 67,545
    • Arantor on GitHub
Re: 2.1 was hacked?
« Reply #1 on: April 15, 2017, 03:33:31 PM »
It's nothing to do with spam prevention.

As part of the recent beta 3 changes, there is code to work out what are valid domains for use with link detection - so as new TLDs become available, SMF will update itself from reputable sources like IANA (who list what the domains are) to be able to match them for linking purposes.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Shkic

  • Semi-Newbie
  • *
  • Posts: 44
Re: 2.1 was hacked?
« Reply #2 on: April 15, 2017, 03:51:07 PM »
Thanks for answer :)

Offline Sesquipedalian

  • Developer
  • Jr. Member
  • *
  • Posts: 120
  • Gender: Male
  • It works! ... in theory.
    • Sesquipedalian on GitHub
Re: 2.1 was hacked?
« Reply #3 on: April 20, 2017, 05:34:17 PM »
If you are curious, you can get more info from the description here.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.