Statement concerning the attacks on SpywareInfo

Discussion in 'privacy general' started by Mike_Healan, Feb 15, 2004.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Ahmad,

    Please check your PM inbox over here ;)

    regards.

    paul
     
  2. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    Just did Paul. Pm coming back to you in a second.

    I truly appreciate everyone's kind words of support. Thank you

    For those having the desire to help and were looking for a paypal donation location here it is.
    http://www.emfc.com/nisupport.html

    And believe me Grummy I have no intention of firing NI back up until I know I'm able to handle whatever it will take to keep it that way. I'm looking at some alternatives now too. I've been somewhat disabled because I've been without email now for over a day. My cable ISP did maintenance and screwed it up..go figure.. But it is working again as of about 10 minutes ago and I should be able to get things rolling a little more quickly now.
     
  3. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    I received an SQL error when trying to get to SpywareInfo.







    - Removed the screen shot as the MySQL error listed is not actually significant to resolving the issue. LWM
     
  4. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    Some adjustments are being made to proxy servers...he'll be back soon
     
  5. RJ100

    RJ100 Registered Member

    Joined:
    May 22, 2003
    Posts:
    111
    Location:
    Alberta, Canada
    Is this important, or is it way off base?

    http://www.securitytracker.com/alerts/2004/Feb/1009257.html

    Take care
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,195
    Location:
    New England
    Well, yes that item is important in terms of it being an exploit that needs to be addressed, but it is not related to what's going on with SWI overall or the SQL error that was noted above. (Basically, the error removed above was simply that the database wasn't accessible, which I could cause to happen here if I simply triggered a restart of the MySQL server processes.)

    Most of us running forums use publicly available bulletin board software, either free or commercial packages, for which various exploits get discovered and then patched. Just a few days ago there was one for YaBB SE (what we use here) that was extremely similar - an uncheck parameter that could allow SQL commands to be executed... The fix was readily available and we applied it. (SOP - Standard Operating Procedure) :)
     
  7. RJ100

    RJ100 Registered Member

    Joined:
    May 22, 2003
    Posts:
    111
    Location:
    Alberta, Canada
    Well stated as per usual LWM. Thanks for the clarification ;)
    Chocolate-chip cookie headin' your way to go with that coffee.

    Take care
     
  8. P.T.

    P.T. Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    121
    Location:
    In another world
    Eagle1

    Here's a message left for you at cexx forum
     
  9. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Question and Comment:

    The suggestion was given to add

    216.40.225.12 merijn.org
    216.40.225.12 www.merijn.org

    To our hosts file. I do know how to do this the question is why? I am not intentionally being dense, however, what is happening differently than if we simply type www.merjin.org. Specifically, is it that our search engine might not be up to date, or is it that there is something intentionally trying to reroute us from the correct address, and this insures that that will not happen. (By the way, ironically, this is the first address other than 127.0.0.1 that my host file has ever seen! Even more ironic, I have never even considered using it this way...sign of the times I guess).

    Comment to the user that is weighing whether to expend the effort to figure out this host file thing. It is actually pretty simple. Attend:

    the "hosts" file location in XP is in this folder

    C:\Windows\sytem32\drivers\ect

    hosts has no extension but if you add .txt you can edit it as you would any text file (only when you are finished rename it again to hosts without the .txt).

    if it is read only, then of course you will need to right click and uncheck the read only box.

    if you use spybot search and destroy, or similar products you will see a long list of unsavory sights preceded by 127.0.0.1 That is the local host (that is you) it tells your browser not to go to those unsavory sites, but to stay put if you try to link to them. Follow the pattern and add any sites you are sick of seeing.

    Or in this case just add the lines

    216.40.225.12 merijn.org
    216.40.225.12 www.merijn.org

    to make you go the the correct address whenever your browser is looking for www.merijn.org

    By the way, everything following a # on a line is reguarded as a comment and is ignored by the system when it is using the file to attempt to find addresses to link with site names. This allows you to add little notes that are used to help people remember or make catagories like say

    # My additions of sites featuring Barney

    I know that most of you reading this already know verywell everything I said, and that it is probably said better by following the link that was provided. This is just in case it helps someone get to www.merijn.org and because it might benefit people like myself who might assume that stuff is more complicated than it is...or they would already know it!!!

    - HandsOff
     
  10. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    don't worry, u CAN and you WILL soon stop this nasty attack, don't give up and keep trying. ;)
    There is still hope even in your darkest hour.
     
  11. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    www.net-integration.net is being reactivated and should return very shortly for everyone. It is in the process of resolving DNS internally. Mail has started working again so the site should not be far behind.

    The filtering in place may need some tweaking and the potential is there we will go offline a few times again for short periods as we adjust. Its hoped this is not the case but I don't know for certain.

    This is not the permanent arrangment for this site. Over the course of the next several days I'm going to be implementing changes which I hope will prevent this from happening again and in a permanent location.

    In any event it should not be much longer and NI will be live again.
     
  12. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Good News Eagle1 :cool:
     
  13. srfox

    srfox Registered Member

    Joined:
    Jul 25, 2003
    Posts:
    86
    Location:
    Los Angeles
    Glad to hear it :)
     
  14. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    Its working again :)
     
  15. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Looking good. Congrats. :)
     
  16. little eagle

    little eagle Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    100
    Location:
    Texas
    guess you need to tweek it a little more got there but the board ate my post :eek: http://www.emotipad.com/newemoticons/Big-Thumbs-Up.gif glad your back up again!!!!
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,195
    Location:
    New England
    Yeah, it looks like they're just making adjustments... An odd flurry of SQL errors and such, but they are there. It's probably only a matter of a few server side tweaks at this point.
     
  18. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    This is a mysql issue and nothing to do with the attack. Seem to havea couple of rouge tables that don't like to play nice. :)
     
  19. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    Looks like I may have a few corrupted files. Seems there was too many post attempts in the same topic at the same time.

    Friendly fire took out the forum db. LOL

    I'm working on trying to repair it now.
     
  20. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    Everything is working good now.

    The ddos is under control at the moment and the forum database is fixed.
     
  21. Wiskonst

    Wiskonst Registered Member

    Joined:
    Feb 14, 2004
    Posts:
    8
    Location:
    Hengelo, the Netherlands
    Congratulations!

    _______
    Wiskonst
     
  22. ChrisRLG

    ChrisRLG Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    80
    Location:
    Essex, UK
    Weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

    Lets go get em...........
     
  23. Grummy

    Grummy Registered Member

    Joined:
    May 8, 2002
    Posts:
    46
    Location:
    Ohio, USA
    Super News, just posted at NI and all is working good. Congrats !
     
  24. ChrisRLG

    ChrisRLG Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    80
    Location:
    Essex, UK
    And tomcoyote is back up too

    www.tomcoyote.com
     
  25. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    This is great news! :cool:

    Congratulations on getting it back online again. :D



    snowbound
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.