MGP/MGP+ 2018 - Starts 18th Nov - Admissions Open.
Admissions for MGP/MGP+ 2018 are now open. Course begins from 18th Nov, 2018. Read Complete details here. To subscribe visit http://instamojo.com/ForumIAS

[Forum Hacked] Delete your browser cookies and cache memories

edited August 2016 in Tools & Technology
Guys, as you know forum was hacked yesterday using javascript. Some script collects your cookie information which can become risky...just for safety, kindly delete your cookies for past one month or week. You can do that via history tab on your browser. Do this on all devices through which you are accessing your accounts. Avoid quoting comments which are troll in nature. This is for your cyber safety. If possible, run a virus scan in your machines. There is no need to panic but safety first always. Thanks
Do the best you can until you know better. Then when you know better, do better.
«13

Comments

  • deleting history of one month will do?
    तदबीर से बिगड़ी हुई तक़दीर बना ले, अपने पे भरोसा है तो एक दाँव लगा ले।
  • deleting history of one month will do?

    Can not guarantee but should be sufficient.
    Do the best you can until you know better. Then when you know better, do better.
  • Some tips will be shared by @pizza soon
    Do the best you can until you know better. Then when you know better, do better.
  • Okay here's what u need to do. For all those who have visited the pages on which there are comments by "panjwan" "Sweetdream" and " imandarchor".

    1. Clear everything from your browser.
    2. Logout from forum. It will expire the php session id.
    3. Close and reopen your browser and then login in.

    Clear all sensitive information from your inbox.
    If possible, make a standby profile and use it till forum assures that they have full control over their website.
    Good Bye. See you Later.
  • For safety change all passwords of mails and social media accoutns. Log out from them too.
    Do the best you can until you know better. Then when you know better, do better.
  • edited August 2016
    in short, time to log out for a few days, and visit in incognito
    तदबीर से बिगड़ी हुई तक़दीर बना ले, अपने पे भरोसा है तो एक दाँव लगा ले।
  • ^good one
    Do the best you can until you know better. Then when you know better, do better.
  • pizza said:

    Okay here's what u need to do. For all those who have visited the pages on which there are comments by "panjwan" "Sweetdream" and " imandarchor".

    1. Clear everything from your browser.
    2. Logout from forum. It will expire the php session id.
    3. Close and reopen your browser and then login in.

    Clear all sensitive information from your inbox.
    If possible, make a standby profile and use it till forum assures that they have full control over their website.

    so root don't have control on forum now?
    last night i saw root profile deleted and neywan was banned .
  • pizza said:

    Okay here's what u need to do. For all those who have visited the pages on which there are comments by "panjwan" "Sweetdream" and " imandarchor".

    1. Clear everything from your browser.
    2. Logout from forum. It will expire the php session id.
    3. Close and reopen your browser and then login in.

    Clear all sensitive information from your inbox.
    If possible, make a standby profile and use it till forum assures that they have full control over their website.

    so root don't have control on forum now?
    last night i saw root profile deleted and neywan was banned .
    pata nahi, they have 2 confirm.
  • edited August 2016
    You can restart your server, that will reset all stolen PHPSESSID probably.
  • dapu said:

    You can restart your server, that will reset all stolen PHPSESSID probably.

    CS engineer? if yes, need help.
  • pizza said:

    Okay here's what u need to do. For all those who have visited the pages on which there are comments by "panjwan" "Sweetdream" and " imandarchor".

    1. Clear everything from your browser.
    2. Logout from forum. It will expire the php session id.
    3. Close and reopen your browser and then login in.

    Clear all sensitive information from your inbox.
    If possible, make a standby profile and use it till forum assures that they have full control over their website.

    I m a troll but feeling like an audience of @pizza sir
  • @chameli_aunty namaste
    Do the best you can until you know better. Then when you know better, do better.
  • pizza said:

    Okay here's what u need to do. For all those who have visited the pages on which there are comments by "panjwan" "Sweetdream" and " imandarchor".

    1. Clear everything from your browser.
    2. Logout from forum. It will expire the php session id.
    3. Close and reopen your browser and then login in.

    Clear all sensitive information from your inbox.
    If possible, make a standby profile and use it till forum assures that they have full control over their website.

    so root don't have control on forum now?
    last night i saw root profile deleted and neywan was banned .
    no they have and they are working hard to enhance security architecutre but some fucktards have ran various javascripts which can be dangerous.
    Do the best you can until you know better. Then when you know better, do better.
  • Can they steal google account details from android if we are running forum on cellphone?
  • Burger said:

    pizza said:

    Okay here's what u need to do. For all those who have visited the pages on which there are comments by "panjwan" "Sweetdream" and " imandarchor".

    1. Clear everything from your browser.
    2. Logout from forum. It will expire the php session id.
    3. Close and reopen your browser and then login in.

    Clear all sensitive information from your inbox.
    If possible, make a standby profile and use it till forum assures that they have full control over their website.

    so root don't have control on forum now?
    last night i saw root profile deleted and neywan was banned .
    no they have and they are working hard to enhance security architecutre but some fucktards have ran various javascripts which can be dangerous.
    my profile pic changed automatically just now i need to worry or its universal phenomena ?
  • BANE_007 said:

    Can they steal google account details from android if we are running forum on cellphone?

    na bhai itna aukat na hai inki ki google account ko hack kar lein
    Do the best you can until you know better. Then when you know better, do better.
  • edited August 2016
    So we can deduce that @pizza is @chameli_aunty & other way around
    Fut I don't thank to that
    BTW what's the means of
    PS. I know nothing
  • edited August 2016

    So we can deduce that @pizza is @chameli_aunty & other way around
    Fut I don't thank to that
    BTW what's the means of
    PS. I know nothing

    I want to remind you that I have been equipped with extraordinary powers in one secret ID, dont troll if you want to get delivered tomorrow
    Do the best you can until you know better. Then when you know better, do better.
  • edited August 2016
    Burger said:

    So we can deduce that @pizza is @chameli_aunty & other way around
    Fut I don't thank to that
    BTW what's the means of
    PS. I know nothing

    I want to remind you that I have been equipped with extraordinary powers in one secret ID, dont troll if you want to get delivered tomorrow
    Mod note
    Any action without proper notice lends u in the court of wadia nation


    Pps. Last comment
  • Burger said:

    So we can deduce that @pizza is @chameli_aunty & other way around
    Fut I don't thank to that
    BTW what's the means of
    PS. I know nothing

    I want to remind you that I have been equipped with extraordinary powers in one secret ID, dont troll if you want to get delivered tomorrow
    If you have some secret powers then please revive the imp ;)
  • Burger said:

    So we can deduce that @pizza is @chameli_aunty & other way around
    Fut I don't thank to that
    BTW what's the means of
    PS. I know nothing

    I want to remind you that I have been equipped with extraordinary powers in one secret ID, dont troll if you want to get delivered tomorrow
    If you have some secret powers then please revive the imp ;)
    let me try, inbox me that profile
    Do the best you can until you know better. Then when you know better, do better.
  • edited August 2016
    May I cut in ?? There is something about these techno threads and discussions which is simply irresistible for me.

    A website is never hacked using javascript per se. Javascript snippets are used to modify behaviors of webpages and their components in certain ways. It used to happen a lot in the early days of Orkut (before 2007) where profiles were disfigured using scripts. But not anymore.

    A website is essentially a computer program written in HTML or some other language (php, xml, python etc.) which is stored on a server. To hack a website you have to hack a server which means gaining access to the some or all of admin rights on a server computer. And then to do some damage you have to modify that program for the worse. So if Forum was indeed hacked (which I highly doubt), some guys gained access to the server and changed some functionalities. Like changing profile thumbnails of many users to a blue power-off button!!

    I don't think users of Forum need to do anything on their end. A website cannot install an unauthorized program on user PC. Chrome, Mozilla, Opera, IE etc. have enough features to stop these. There is even no need to run virus scans etc. Viruses are dinosaurs in this era of ransomware and malware. No one writes them anymore.

    There is only a minor threat to those who login with their Google or Facebook accounts. Their login information is shared with Forum's servers and this information might be stolen and misused for trolling or spamming.
    -----------------------------------------------
    If anything, this is a wake up call for Forum. It should upgrade its servers. I mean literally. The forum server looks awfully outdated. It couldn't handle the bulk traffic after the prelims and slowed down. Time for a change...
    "When life ends up breathtakingly fucked, you can generally trace it back to ONE BIG BAD DECISION. The one which sent you down the road to Shitsberg". -Deadpool
  • edited August 2016
    Why I doubt Forum was hacked? (As in "hacked" hacked :wink: )

    1. If I'm a professional or even a high level ameteur hacker, I would never bother hacking Forum. I mean, what would I gain from it ??? Bunch of guys b/w 25 and 35, discussing stuff which world doesn't care about; no money, no hot girls - someone must be fucking retard to hack such dull stuff. I think it's handiwork of some engineering college students, somewhere in India only, looking for some cheap fun.

    2. I didn't use forum yesterday but now you guys say it, I believe that there was some problem. It might have been a denial-of-service attack probably. Sites which invite user content (comments, uploads, feeds) are sweet targets of DoS attacks. And it is technically the easiest attack to carry out. Any good C/C++ programmer can write a decent DoS program.
    "When life ends up breathtakingly fucked, you can generally trace it back to ONE BIG BAD DECISION. The one which sent you down the road to Shitsberg". -Deadpool
  • Why I doubt Forum was hacked? (As in "hacked" hacked :wink: )

    1. If I'm a professional or even a high level ameteur hacker, I would never bother hacking Forum. I mean, what would I gain from it ??? Bunch of guys b/w 25 and 35, discussing stuff which world doesn't care about; no money, no hot girls - someone must be fucking retard to hack such dull stuff. I think it's handiwork of some engineering college students, somewhere in India only, looking for some cheap fun.

    2. I didn't use forum yesterday but now you guys say it, I believe that there was some problem. It might have been a denial-of-service attack probably. Sites which invite user content (comments, uploads, feeds) are sweet targets of DoS attacks. And it is technically the easiest attack to carry out. Any good C/C++ programmer can write a decent DoS program.

    Bro, recognize me? I am captain...supermods were deleted, me and dr king were first then root was deleted, then forumias, then neyawn was banned and then all major threads were deleted.... I was not able to login and when ever I was able to, logout was not in my control... forum titles on main discussion page were leading to sufi website.
    Do the best you can until you know better. Then when you know better, do better.
  • @Root @ForumIAS @Neyawn : Any updates regarding this hack? @Root @ForumIAS profiles seem to have been deleted. Call your security guy for the next forum meet. We'll love to hear him speak too. :angry:
    Prelims : 2/5; Mains : 0/2; Interview : 0; Remainder : 1+1 (Tired but not; Retired) / Medical Science / Kolkata / Nihilist extraordinaire | Thanks a lot...
  • edited August 2016
    @jack_dawson thank god, finally someone like you from CS background is here.

    So this is what happened,
    A guy posted this alert document cookies and document location wala script on few threads.

    So the fear is that, has se stolen php session ids of all those people who have visited that particular page which has that script comment? :)
    If yes, what are the measures that we as members without any privilege can take to update our session ids?
  • @chameli_aunty I'm a mechanical engineer by training. Most of the good ones in world of computers are from non-CS/IT background. It's strange but true. Even Yashwant Kanitkar, of 'Let us C' fame, is a mechanical engineer!! But thanks a lot for asking. I won't brag but I've coded some stuff and won recognition in various college fests during graduation.

    I agree that there must have been some unauthorized intrusion in Forum's servers. From what u explained, I can draw following probable conclusions:
    >> Hackers targeted the hosting server of Forum. They entered from some sort of backdoor (eg. SQL injection or XSS method; I forgot its details) to hosting provider Forum uses e.g. unsecured port, weak web server security management, etc. They got access to main server, elevated their privilege (to root, mod, admin etc.) and changed files stored directly in the hosting server.

    >> Sometimes uploaded files, however innocent they may look, could contain a script that when executed on your server completely opens up your website. JPEG files can be big web security risk, even if it’s simply to change their avatar. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

    >> The said script on the page might have been served from another URL (e.g. the coaching ads Forum hosts) which gets compromised. It doesn't matter how good Forum's site security is if you link it to insecure JavaScript from a third party.

    >> Admin username/password or an authenticated cookie of some admin/modmight have been sniffed over an insecure WiFi network. This was used to gain access.

    NOTE: I don't know enough to elaborate on the various different ways of implementing the above attacks. I just want to give you a heads up.
    "When life ends up breathtakingly fucked, you can generally trace it back to ONE BIG BAD DECISION. The one which sent you down the road to Shitsberg". -Deadpool
  • Dawson bhai, what is failure of bolt in double shear :trollface:
  • I can suggest the following:

    ## Security 101: Grab your web hosting server provider. Ask for the security control and measurement taken by your hosting provider. Outsource your hosting to a reliable provider who provides professional web security and has a good track record.

    ## Get a good web firewall service. Web firewall filters out most malicious traffic, so Forum would be kept safe against most SQL injections, DDoS attacks and XSS attacks. If u guys r using using Windows Server OS, switch over to Red Hat server OS. It's free and gives better protection.

    ## Buy more bandwidth than you you need. It will ward off chillar DoS attacks and also be a big relief to users. The forum bandwidth looks awfully less. It couldn't handle the bulk traffic of a couple of thousand users after the prelims. Put that coaching ad and test-series money to good use.

    ## Do penetration testing for Forum. There are many free products to assist you with this. They work on a similar basis to scripts hackers use.

    ## @ All mods, roots etc : Just change your passwords etc. at regular intervals. A tip: Keep core of password same, just change the suffixes every month with say name of month etc.

    I reiterate, it's handiwork of some engineering college students/ naive amateurs, somewhere in India only, looking for some cheap fun. They hold a grudge against the civil services perhaps. They won't be able to sell or misuse any of this info they tempered with. Stupid fuckers, what a waste of time.

    Finally, there are literally hundreds of things that you need to check to ensure that a website is safe. And no website can be 100% safe. No software was written perfect and there will be always new exploits that needs to be patched.
    "When life ends up breathtakingly fucked, you can generally trace it back to ONE BIG BAD DECISION. The one which sent you down the road to Shitsberg". -Deadpool
This discussion has been closed.

Courses by ForumIAS for CSE
ForumIAS is trusted by over 10,000+ students for their Prelims, Mains and Interview Preparation and we currently run several assistance programs to help students from Civil Services prelims preparation to rank upgradation to IAS. You can enroll for these programs by visiting http://blog.forumias.com/courses

Welcome!

We are a secret self-moderated community for Civil Services preparation. Feel free to join, start a discussion, answer a question or just to say Thank you.

Just dont spread the word ;)

Sign in or join with Facebook or Google

Subscribe to ForumIAS Blog