Friends of Ravenfall

[IRISH BULL]

Our old forum was hacked to a point where Sniper was unable to recover and rebuild it.

Hence, we are tasked with re-creating a brand new forum.

 

So with that being said, if you want to visit the Ravenfall forums, you will have to re-register. Same web address, http://www.ravenfall.net/forum/.

 

Our forums are a work in progress, so bare with us on the sterileness of them.

 

 

Thanks,

The Ravenfall Clan

[o-BacklasH-o]

That sucks guys. I know from experience what it feels like to go to your home and suddenly it's not there. One of the more gut-wrenching feelings in the world. I hope you all find the person(s) responsible and are able to bring them to justice. Good luck with the rebuild, I know it is not an easy process.

[shane]

I will get with Sniper and see if it was the same issue that happened to a few others

[Crusty_Demons]

Wow I don't understand why someone would do something like this.

[xPUDDYTATx]

the skull and bones site was also hacked just recently. they didtn get the main site, but the forusm were down for a few days and we couldnt fix it. had to go to an old backup file.

[shane]

The issue with Raven Fall acutally matched what happened to another clan's forum from Urgent Fury and several SMF forum users accross the net... look at the top of your php files and look for a line of code that says:

 

<?php /**/eval(base64_decode('lots of junk')); ?>

 

I replaced the letters, numbers, etc with lots of junk to protect the info of the forums that were affected... but after decoding the junk it will tell you where the affected file is and all you have to do is delete it.

 

It is extremely important that you set your files with a minimum security setting of 755 or better. This will make your files unwritable by the average Joe... and you will be less likely to be hacked.

 

This concludes your web security training courtesy of www.urgentfury.net

[IRISH BULL]

Thanks everyone. This is all foreign to me though.

[shane]

Yah Irish, I talked with Sniper today... my post above was more for the community as a whole since many are using SMF

[Pillorian]

I highly recommend using what my clan recently switched to: Wordpress + Buddypress Plugin . Hopefully everyone can protect themselves. Be sure to do backups often!

[xPUDDYTATx]

hey shane. that code is exactly what happened to us, and if you havent found a culprit, i may be able to help. id like to know anyone on theurgent furyboads that had this same problem. there could be a common link and i could possibly know what it is.

[shane]

Nope it is not Urgent Fury Specific... it happened net wide there is a robot out there looking for folders and files that are not secure. But believe it for not, it is a 5 minute fix and your forums are back up...

 

At least we know that now.

[[-VR-] Tool_Minion]

The issue with Raven Fall acutally matched what happened to another clan's forum from Urgent Fury and several SMF forum users accross the net... look at the top of your php files and look for a line of code that says:

 

<?php /**/eval(base64_decode('lots of junk')); ?>

 

I replaced the letters, numbers, etc with lots of junk to protect the info of the forums that were affected... but after decoding the junk it will tell you where the affected file is and all you have to do is delete it.

 

It is extremely important that you set your files with a minimum security setting of 755 or better. This will make your files unwritable by the average Joe... and you will be less likely to be hacked.

 

This concludes your web security training courtesy of www.urgentfury.net

 

Thanks for posting this Shane. I went in and CTRL F and entered that...it didn't find the beginning of that string anywhere in there.

[inadub]

This happened to me about 2 weeks ago. Shane and i dug through files trying to find something... and then i found info regarding the code string.. i was like what is this.. and bam he was like im looking at that right now on a few of your files. I deleted the path it was rooted to and my forums worked great after being down and "unfixable" according to the host and an SMF moderator... So yea.. Thanks Shane!

[mikejaxon]

Is this same situation possible that have Urgent Fury Hosting?

[inadub]

Any folder on ANY server is vulnerable. Its a matter of having a .php file on any directory writable. This is how it happened to me. A Joomla site i had installed to test about 3 years ago that hadnt been touched in years was infected and from their it spread to other areas. So yes as far as i know ANY host could have this problem, just make sure all file permissions are set to 755 or lower and you should be fine. If you need help Shane or myself could provide more info and Shane could also 100% verify IF i know what im talking about.. lol

[shane]

Fyi no Sites on the UF server have been affected, but as Dub stated it is not a host issue, it is a folder security issue by the site owner.

[o-BacklasH-o]

When the VR site was hacked, we were not on UF's servers yet.