but if I just type http://paste-and-cut.com.au/ into the address bar on either firefox or chrome I get a white page with NOT FOUND and a link to DELETED.
-
Domain Change - We have moved to https://paste-and-cut.com as our new domain.
If you are using shortcuts or bookmarks for the old paste-and-cut.com.au domain, you need to update these or they will cease working from the 25th January, 2025. Please check the notice post for more details on this change to the forum.
Not sure if you know about this Razormonsta
- Thread starter eggbert
- Start date
- Status
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
I have now removed all malicious files on the site.... some pages may be broken. I have a copy of the files and will be investigating them to see what impact it may have on security.
I will try to replace the scripts from a clean install shortly.
I will try to replace the scripts from a clean install shortly.
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
I've actually looked at what they uploaded.....
It looks like they were able to get files onto the server via a buffer overload attack. Checking the logs they were able to run one script which tried to install a spam mailer, but were unsuccessful due to good security practice. The webserver user runs completely without any execute rights so it didn't install properly.
I have also looked at the rest, there was an attempt to grab passwords which was again unsuccessful. I copied the VM to a test network, and ran the scripts as the webserver user. Each attempt failed.
I have pulled down all the files modified after mid-october, and then removed them from the server.
Should be good now guys. There is a security update that vBulletin posted a while back, may have been the attack vector. Will patch things asap.
It looks like they were able to get files onto the server via a buffer overload attack. Checking the logs they were able to run one script which tried to install a spam mailer, but were unsuccessful due to good security practice. The webserver user runs completely without any execute rights so it didn't install properly.
I have also looked at the rest, there was an attempt to grab passwords which was again unsuccessful. I copied the VM to a test network, and ran the scripts as the webserver user. Each attempt failed.
I have pulled down all the files modified after mid-october, and then removed them from the server.
Should be good now guys. There is a security update that vBulletin posted a while back, may have been the attack vector. Will patch things asap.
Ouch, glad I reported it then.
It was showing up like this a couple of days ago, but I put it down to the fact that I was having to use my phones data connection as my home modem got fried in a lightning strike on Friday night.
I presumed it was a problem but not that the site had been attacked.
/edit Thanks for deleting the link in my original post as it was malicious
It was showing up like this a couple of days ago, but I put it down to the fact that I was having to use my phones data connection as my home modem got fried in a lightning strike on Friday night.
I presumed it was a problem but not that the site had been attacked.
/edit Thanks for deleting the link in my original post as it was malicious
Monsta_AU
...can I interest you in some vintage blades?
Staff member
Forum Administrator
Grand Society
Yeah, not exactly great..... but we are okay. I have DB copies and backups if we need to restore.
The upgrade to 4.2.2 has broken the theme, and it looks like the place I bought it from is not updating anymore. Only found that out after I had paid my renewal. Paypal dispute lodged. Looks like we will go to a new theme in the next little while..... no ETA on that.
I didn't have access to the administrative back end there for a while either, had to edit a number of files to get it back and running.
The upgrade to 4.2.2 has broken the theme, and it looks like the place I bought it from is not updating anymore. Only found that out after I had paid my renewal. Paypal dispute lodged. Looks like we will go to a new theme in the next little while..... no ETA on that.
I didn't have access to the administrative back end there for a while either, had to edit a number of files to get it back and running.
- Status