Big Headache: Forum Down on Sep 17-18, 2010

[Ion Saliu]

I had a severe headache beginning September 17, around 7 PM. The forum went down on me while reposting important materials from the gamblinglottery message board.

I was angry, of course. I asked for technical support… it was kind of cryptic, given also the aggravation of my emotions!

In the end, the suspicion was hack-attack! My forum was hacked. There were some other factors involved here, perhaps the large size of my posts, the heavy traffic… I also noticed strange messages about Trojans.

The vBulletin support gave this final opinion:

“What is going on in your support ticket? If I were to guess, I'd almost think you were hacked. (I've seen other users get hacked where only some of their page will load, like on your site.) Did you talk to your webhost when your site went down? They are the ones who can help you figure out if you've been hacked.”

Also, they informed me:

“I looked up your webhost, there have been a series of base64 hacking attempts on sites hosted with GoDaddy. I'd suggest you contact your host and see if that is what is causing you issues.”

They were right. I had opened my config.php file on the server side. It did show the base64 in a very long and strange header. I deleted it and then re-uploaded the file on my PC. I already notified my webhost of hacking attempts on sites hosted with GoDaddy.

In any event, I fixed the problem on September 18, 2010, around 1:30 PM. Looks like the forum is okay now. Hopefully, it’ll stay that way. Although, I am always mindful that I do have foes. They will be rattled for as long as I am alive and kicking.

Thanks to all who helped or expressed their concerns.

Ion Saliu

[Ion Saliu]

The forum problems came back to life at the end of October 2010. The problems are related to updates of vBulletin. Last time the problems occurred, in mid September, I upgraded my installation of vBulletin (from 4.0.6 to 4.0.7). The problems hit a number of forum managers. vBulleting blamed my webhost, GoDaddy.com. Forums went down regardless of web hosting companies. GoDaddy was not the only host hit by infections of vBulletin. In fact, only the forum was affected in my case; no other parts of my Web site were infected or affected. Evidently, there is no fault of the webhost.

I remember PowerBasic, the makers of the Basic compiler I use, had a similar problem. They were wise not to update anymore. They stuck with vBulletin v3.8! I hate what vBulletin does. They play the blame game. They blame the webhosts or the administrators for the serious security flaws of their software. In fact, they unconsciously blame themselves badly. They shout “delete that file, or that file, immediately after upgrading!” But there is no such thing as immediately! They, vBulletin, absolutely give the criminals the tools to destroy a forum! They tell exactly what files are vulnerable. And then vBulleting publicizes their upgrades!

The criminals know that there is time, as short as it may be, between the upgrading and the deletion of certain installation and configuration files. As soon as vBulletin announced the upgrade from 4.0.7 to 4.0.8, I noticed a very large number of attempts to bring down my forum. The site stats tell the story clearly. I know also that the criminals use software to hide their IP addresses.

For the past two weeks, I was unable to access my forums a few times myself. Also, other members were unable to access or post in my forums. The criminals believed I would upgrade again. They’ve probably tried to bring down my forums every minute of the day, for a few days in a row now! At least, they have attempted to infect my forum with the base64 again. The criminals know that my forum becomes extremely vulnerable during an upgrade.

Still, vBulletin puts the blame on the webhost! No upgrade should become a severe security problem. I upgrade other pieces of software at my website. For example, the paid-membership software has never caused me a problem during or after an upgrade. I’ve never had to remove sensitive files immediately after upgrading. The vBulletin team must make sure they create well protected installation files. Immediately does not exist — except for the criminals! The criminals know immediately that I am in process of upgrading because I close down the forum. vBulletin must come with a well protected folder. vBulletin is a capable message board software. But the vBulletin team behaves like a bunch of cowardice kids…

Thank you for your understanding. Criminality will never disappear from the face of the Earth. Weren’t us all created in the image of some god, or so?!

Administrator