Titan Network: Need some assistance

Sucks about the site, but you guys are having better luck with it (from the sounds of it) than me and my laptop issue. I was Going to suggest a race to see who's up fully first, but I'm quite sure you're going to win. >.<

While i don't use the titan network all that much, I still want to say thank you for the effort you put in to fix it

Thanks for the hard work and for keeping us informed !!

add to my voice among those who thank you and appreciate your work.

Here's how these hacks work: You see at the bottom of the page here where it says "Powered by vBulletin"? Every time one of this board's pages turn up in Google search, that text is visible.

These bots similar to search engines look for pages like that, and they look for things like file attachment forms, avatar upload forms, pretty much anything that will store a file on the server - and attempts to upload a Perl (.pl) or PHP (.php) script. If it's successful, it calls that script from its URL (same as if you view a picture that's attached to a post).

If that fails, it tries guessing admin passwords for both the message board and for FTP, also with the same goal of uploading and then calling a script.

The script that's called checks for writable PHP and Perl files in the server's web space and alters them. Then you're infected.

FYI, this is the biggest reason why the CoH message boards don't allow any file attachments and require you to host your avatar elsewhere.

Additionally, a *lot* of sites don't keep their software up to date, especially forums, *especially* phpBB for some reason (Wordpress is pretty bad too) and as a result they're vulnerable to exploits that have been found and subsequently patched by the developers. Some of these are as simple as sending a malformed URL allowing you to execute code on the hosting server, others are more convoluted but can easily be automated.

Just adding my thanks also to Tony and the Titan team for their concern and hard work

"You got to dig it to dig it, you dig?"
Thelonious Monk

Everyone...and I mean everyone...who runs a website, game, or any other shared service can learn from the way Tony V and the rest of the CoHTitan crew have handled this: immediate response upon being informed of the problem, frequent detailed updates, explanations that everyone can understand. You guys do it right.

To TonyV and the rest of the Titan Network:

Thanks so much for all you do. Your dedication and work ethic is appreciated.

Thank you for this info. I was wondering why the Paragonwiki site seemed to be acting up and running so slowly yesterday.

I'm going to guess that the highest risk was to those that actually log into the Titan Network sister sites? My password and login for the Titan pass thing seems to no longer work, so I haven't logged into any of the sites for several years.

I run NoScript with FF and Ad-block Plus, but I always give Paragonwiki full script access each time I visit.

I ran a couple of scans and found nothing on my computer, so that's a relief.

Thank you for your prompt action on this issue. AVG says my system is clean.

In addition to antivirus and everything else i have on my system, I also use SandBoxIE. (Just a fast plug...)

www.sandboxie.com

Tony, I want to add my voice to the chorus of appreciation for all your hard work (and the hard work of everyone else) to get Titan Network back up and running. I'm really dependent on Paragon Wiki and Red Tomax in particular, and I can't thank you all enough for all you have done in making these great resources available and safe for us to use.

(Seriously jonesing for the power quantification info in City of Data, btw! )

To TonyV and any other Wiki Wonder Workers:

Thank you very much for all of your efforts in maintaining and improving your site. I've used it almost daily for years. It truly is one of the best CoH support sites out there. I enjoy almost all of the rest of the Titan Network as well.

Thanks again for providing a safe, clean and efficient site!

Just adding another "Thank You!" to the chorus.

First of all, I have to say a HUGE "Thank you!" to everyone expressing support. As I've said before, it really does mean a lot. These things are very NOT fun to deal with, and I appreciate everyone bearing with us and sending good vibes our way as we not only restore service, but actually make things better. Some folks have even been sending donations, which I really appreciate, since we're double-dipping on a second VPS this month to have the ability to move audited stuff over as it gets cleaned and verified instead of trying to move everything at once and clean-as-we-go. I've also been getting some PMs from folks, and I will reply, I promise, as soon as the sites are back up and I can take some time to do it right.

Second of all, as posted in the update in the OP, we got the Titan Forums updated and restored. There are still some login/password issues so you might not have full access just yet, but when we get the main site back up (expected sometime tomorrow night Eastern time), you'll be able to reset your Titan Key to sync everything up and regain access. I'll post more details as I get them.

Quote:

Originally Posted by SaintNicster Yeah, I'm guessing that it was probably something with the copy of SMF. Last I saw, it was running 1.1.10, though there may have been more components that were up-to-date.

I'm almost certain this is what bit us. I'm not 100% sure, and I'm still looking for the "smoking gun" on the server to definitively say, "Yup, that's it!" (Which will really have to wait at least another day or two until I get everything moved over, configured, and up and running.) But of what research I've been able to do, this is by far the most likely candidate vector of attack. It's also why I put such heavy emphasis on getting the old forums upgraded first, even at the expense of losing some of the customization.

We love you, Tony!

Quote:

Originally Posted by Dispari I don't know why Dink thinks she's not as sexy as Jay was. In 5 posts she's already upstaged his entire career.

Just out of curiosity. While the site(s) are down, is there a mirror to the latest version of Mids anywhere out there?

I'd love to see people who get PAID to do this sort of thing do a better job than TonyV has. Keep up the good work Tony!