Second Citizen Forums Hacked

Someone calling themselves the 'Arab Hackers Team' has defaced the Second Citizen forums with what appears to be anti-american propaganda and a horrific photograph of what I assume is a decapitated hostage. (I am not linking to the site for that reason.) The rest of the site is unaffected. They use the same forum software as Second Life, I believe...

Ugh.

Okay, so it's not just me. Why the hell would they pick a site like that to hack? Bizarre. I didn't stick around long enough to get a good look at the picture (thankfully). It also launched RealPlayer and attempted to download an update. Did that happen to you as well?

Nope but I am on a Mac... prob saved me from some..

/Tina

Different version, I believe. It's likely just a common exploit being run on alot of boards right now. I'm not going to read the message or look at that at work.

Well, Second Life does represent a system that allows people to do things that are just as "offensive" to them as what we do in real life.
Women are not "covered", people are allowed to speak their mind and express themsevles and their own beliefs in Second Life.
So if they will attack whatever they can, including sites related to SL.

http://forums.secondcitizen.com/forumdisplay.php?f=5 - to go direct to General. The 'index' view is hacked.

Thank you Burke, you crafty dog!

Also, I did a 'view source' in Firefox and found this in the HTML:

I got some kind of "Parse Error" where you instead got the RealPlayer stuff. I don't think I have RealPlayer installed... dunno if that had anything to do with it?

I've got hacked a few times by morons like these. Almost every time they do it, it seems to be anti-American and either "Turkish, Arabic, or Egyptian" hackers that are doing it. My guess it's more of the W-Hat style greifing of domestic nerds in their mom's basements with no life pretending to be mega terrorists.

That is extremely disturbing though, I'd get that down ASAP.

- Sam

Whoever, whatever, it's just sad. Wish I hadn't seen it.

I saw that. Someone IM/EMAIL/MAIM the board admin and let him know 'sup. I posted the version vuln I found in General.

Me too

Yep, without realplayer your browser wouldn't understand that part of the code. I don't intend to find out what it's trying to play.

Actually. It's common for hackers to run exploits by googling for common addresses (like index.php) and wreaking havoc by running exploits. I had it happen to a couple of site on occassion with day-one vulns. It's just your average asshat hackers, only this time they're trying to send the usual message that american's can't understand. Assholes.

This is why you should set your forums or other dynamically generated content to not be indexable via robots.txt. Especially if you are using a common forum software like vB or phpBB.

This is how a VERY nasty PhpBB exploit was spreading, by looking up other phpBB sites using Google.

Honestly, I've used both vB and phpBB and you HAVE to stay on top on them when it comes to patching them. And even that is no guarantee; If you have a high-profile site you might find yourself the subject of new hacking attempts.

It really sucks too, because if you take something like vB and then modify the crap out of its templates and whatnot so it's all nice and customized looking, you will end up having to redo most of that whenever some patch is released. (Not all patches are for the PHP code itself, some also are just for the HTML templates.)

I disabled profiles.php in mine after I had too many spam registrations on my board. I'm looking at overhauling the site, board, etc w/ new code this weekend.