yesterday's board downtime

I visited the board right before it was taken down yesterday, and my Firefox went nuts, getting cookie requests from places I'd never heard of and so forth.

The attacker has inserted IFRAMEs at the top that caused a cascade of other things to load, yet strangely, nothing ever appeared on my screen. The evil images and such were still part of the page, and thus showed up in the list of AdBlock-able elements. I have no idea why it happened this way, but I added another 50+ rules to AdBlock to cover it. The next time I stumble on a hacked web page that's playing the same game, I'll hopefully not even notice it!

I saved the hacked page, which resulted in Firefox saving 650+ files (jpegs, gifs and html).

Based on the feedback on the UBBThreads site, this seems to have been the intent. They would exploit one board, and then get a script into the system that could add the iframe to every php and html file found on the server. While the exploit didn't happen on the empeg board, it was affected alongside many other files on the server. Thankfully Vito caught this really quick and had Apache turned off in less then 15 minutes.

I'd also like to thank Vito for the cleanup script he wrote. With a quick bit of python, he had every file on the server cleaned up pretty quickly.