A description of the malicious attack on the discuz! part of the site

Source: Internet
Author: User
Keywords Domain name attacking

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest stationmaster buy cloud host technology Hall

        Users and webmaster:

        2009 year January 8 11 o'clock 38 points, we received some of the webmaster reflects their own forum suddenly inaccessible, and the page shows "hacked by ring04h, ethically for fun!" Words。 For the majority of users, we immediately organize technical personnel to the Forum procedures for security screening, and all the results show that the program has no problems. At the same time, we noticed that the site customer.discuz.net domain name was hijacked, pointing to an unknown server (203.86.236.236).
   
       Customer site is discuz! An emergency interface for sending forum patches and security patch notifications. Hackers first took advantage of the discuz.net of the domain Name Service provider's vulnerability, landed and modified the customer's domain name address, and wrote a section of the attack code in advance stored on a server. In this period, if the webmaster login to enter the forum back home, because the forum notify the server's domain name was hijacked to the new server, so that the attack code to achieve the operation and imitate the identity of the webmaster, submitted and modified the forum's SEO settings. So that the forum can not be normal access, the formation of a domain name hijacking can not be accessed phenomenon.
   
        In this connection, we quickly contacted the domain Name service provider, the domain name address was amended as soon as possible. At 12:15 Noon, we released a contingency correction solution to avoid the proliferation of domain name hijacking events on a larger scale.

        for forums that use discuz!, if a webmaster accesses the background within that time period (about one hours), it will likely cause a domain name hijacking to be modified by an attacker, and results in an inaccessible and illegal attack on the page, however, the attack is currently determined to not involve data affecting the forum.

        Currently, the affected site can choose to directly access the background management program admincp.php, and then modify the forum's SEO settings. At the same time, the official forum has released the solution package Http://www.discuz.Net/thread-1183991-1-1.html.
   &NBSP
       manually modify the method. discuz! Background related SEO settings were inserted into <script>function init () {document.write (' hacked by ring04h, ethically for fun! '); Window.onload = Init;</script>

Domain name is Internet Basic Service, this security problem is caused by domain name hijacking, discuz! Each version of the software code in the security is not a problem, so discuz! There are no new patches released by the authorities other than the release of recovery methods and recovery tools.

For this incident, we consider it a serious, malicious and aggressive act that has gone beyond the moral and professional integrity of a person engaged in security technology. In this respect, we reserve all the information which may become the proof of crime, and transfer to the judicial Department for processing!

Sing

January 8, 2009


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.