Quick Links: Download Gideros Studio | Gideros Documentation | Gideros community chat | DONATE
Thread about site being hacked? — Gideros Forum

Thread about site being hacked?

moopfmoopf Guru
edited October 2012 in General questions
Yesterday there was a post about the main giderosmobile.com page redirecting to a porn site on which @atillim stated that somebody had changed a htaccess file but was not sure why. I notice this thread appears to have been removed today without any follow up. If somebody has managed to get access to alter a htaccess file then I think Gideros need to follow this up to explain what happened and what measures have been taken to stop it happening again in the future.

I'm a little concerned that the thread appears to have been removed as that could be understood as hiding what happened. Are everybody's passwords safe, has any other information on the server been compromised?

Likes: phongtt, talis

+1 -1 (+2 / -0 )Share on Facebook

Comments

  • MellsMells Guru
    edited October 2012
    Mmmm I didn't know that the site had been redirected.

    Updating the .htaccess might be a quick fix but not a solution.
    I would also like to know if this is investigated, what happened, how far it went and what has been done to prevent it to happen anymore.

    Also what, in the worst case, can happen? Passwords are stolen and the pair username/password is tested on thousands of websites right?
    Are any other sensitive informations stored in the database?
    twitter@TheWindApps Artful applications : The Wind Forest. #art #japan #apps
  • Actually the problem was that somebody had got in and managed to change the htaccess (at least that was my understanding from @atillim yesterday). Thing is, to be able to do that, could mean that the access the person got was quite wide.
  • atilimatilim Maintainer
    edited October 2012
    We're using wordpress and wordpress stores the passwords not plain but as SHA1 hashes. I've already updated the wordpress and all the plugins to the latest version.

  • atilimatilim Maintainer
    edited October 2012
    Also I've changed nearly all files to read-only with root owner and we started to use http://www.websitedefender.com/
  • That doesn't really answer the question at all @atillim - whilst passwords may be stored with SHA1 there are plenty of decryption facilities available on the net for SHA1. You shouldn't keep this kind of thing quiet, you should give your users notice and follow best practice in advising them to update their passwords, especially if they use the same password on multiple sites. I'm a little concerned that you don't seem overly concerned about the security of your users' information.

    Also, do you know exactly how this was achieved? Have you checked that no backdoor has been uploaded to allow further access without going through the original route? Have you changed your server passwords and all other passwords to access parts of your system. Are you absolutely certain that access is now restricted?

    This is all pretty basic stuff.
  • atilimatilim Maintainer
    edited October 2012
    Yes, we're absolutely certain that access is now restricted. And we don't think SHA1 hashes are stolen, only .htaccess file was changed in an automatic manner.

    @all if you feel about your user info/SHA1 hash is not safe, please change your password.
  • atilimatilim Maintainer
    edited October 2012
    To sum up,

    1. After our investigation, we understand that only .htaccess file is changed.
    2. We've already updated and cleaned up the system and changed all the server passwords.
    3. Wordpress uses "salted" SHA1 hashes therefore the decryption facilities you've mentioned doesn't work on them (except bruteforce).
    4. If you feel about your user info/salted SHA1 hash is not safe, please change your password.
  • moopfmoopf Guru
    edited October 2012
    Regarding your comment about salting - yes that does complicate things and makes it more difficult to use rainbow tables, absolutely. Things are different, however, depending on the access a hacker gets to the box - there comes a point where it no longer matters as they can intercept the messages anyway, leading to the possibility of leaked plain text passwords (when a user submits it to login for instance).

    Anyway, thank you for your update. Why did you delete the original thread?

    Likes: phongtt

    +1 -1 (+1 / -0 )Share on Facebook
  • atilimatilim Maintainer
    edited October 2012 Accepted Answer
    Why did you delete the original thread?
    Mostly because of my inexperience. I wish I hadn't deleted it.

    Likes: phongtt, talis

    +1 -1 (+2 / -0 )Share on Facebook
  • Hi @atillim, thank you for confirming everything. Hopefully you have everything locked down sufficiently now.
  • Darn, I started that thread. That's too bad it got deleted. That was my one and only big contribution to gideros ;-)

    Likes: talis

    +1 -1 (+1 / -0 )Share on Facebook
  • @ondesic now you will have to make another one ;) :)

    Likes: talis

    +1 -1 (+1 / -0 )Share on Facebook
Sign In or Register to comment.