Jump to content

So what happened to Recreational Flying


Admin

Recommended Posts

Today (Sun 19/3) at approx 7.00 in the morning I did a full backup and download of the site and its databases. Then at approx 8.00am I was advised by a user that the site may have been hacked. I did a quick check on the site and saw that a core file had today's date on it which it shouldn't have. Looking in the file and comparing it to the file in the backup I saw that whilst they had exactly the same code, the correct code, the one on the server had line spaces in between the lines of code which didn't add up i.e. why was there extra line breaks in the file compared to the one that I had backed up plus the backup had the correct file date of late last year...something isn't right.

 

I did a complete scan of my own PC and it was clean so I closed the site whilst an extensive scan and analysis was done by the company that provides our own dedicated server, not just my server but all other servers. This took several hours to do and in the end it was decided to just delete the site, its server account, the server software, reinstall it all with new passwords, and then upload the backups I did first thing this morning which again took some time.

 

This however will mean that a few posts i.e. any posts made first thing this morning, will be gone but I believe that there were only a handful anyway.

 

I am very sorry for this.

 

We have extremely strict security here and looking at the logs the so and so was only on for a very very short time but was kicked out, not enough time to break through the site to database connection security and get any info from the database. Even if someone did all passwords are protected by 1 way encryption. This means that the database only stores jumbled up letters and numbers and can't be reconstructed. I can't even tell what a user's password is. If you are using the shop and paying by credit card you are transferred out of Recreational Flying into Westpac's own server so I or the site has no way of knowing what your credit card details are...again another security feature I use here unlike other stores that store your credit card details.

 

All in all, it has been a very long and hard day just to be on the safe side. In a couple of days I will be implementing Secured Socket Layers, an SSL certificate that encrypts the data between your PC and the site as well, adding an even extra layer of security however it requires a lot of work to the site to change from http to https.

 

Please be assured that all is ok and again please accept my apology for this happening.

 

 

  • Like 2
  • Agree 1
  • Helpful 4
Link to comment
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

I actually logged in today just before you took it offline and was greeted by a flash-screen stating "hacked by ............" followed by a message that all files on the site would be deleted.

 

It was only up for a couple of seconds (I couldn't screenshot it in time) and then had no access. I figured the site had either crashed entirely or been taken offline. Glad it's not too bad!

 

 

  • Informative 1
Link to comment
Share on other sites

They never got a chance to get anywhere but I got the server software reinstalled, changed all passwords and reinstalled the site and database just to be on the safe side

 

 

Link to comment
Share on other sites

The ability to add new attachments to posts has now been fixed

 

The Tutorials have now also been restored. As they are all html files that haven't changed recently I have uploaded the files from a backup done late last year so they should also be clean

 

I still have to do the shop but I am just to exhausted today so I will do that tomorrow morning besides I have to go through every single file, delete all caches and check every image

 

 

Link to comment
Share on other sites

For the tech savvy, the attached image shows the difference I picked up in one of the core files...you can see the code is exactly the same however it wasn't the same as the file that I had just previously backed up

 

1.jpg.4cedeced99976ff547c92356cec9c058.jpg

 

 

Link to comment
Share on other sites

Sound all like Chinese this savvy tech talk

 

Turn on computer and screen lights up

 

Well done Ian for having such in depth knowledge of computers and software, lost me at the first set of traffic lights lol

 

 

  • Like 2
  • Agree 2
Link to comment
Share on other sites

Why would anyone want to hack a site like this ? What would they be able to gain?

I wonder if it was just coincidence that it happened at such a close time to the opening of the what's up Australia site? Maybe a competitor fishing for stuff?

Anyway it's good to see Ian on it so quick.

 

 

Link to comment
Share on other sites

Today (Sun 19/3) at approx 7.00 in the morning I did a full backup and download of the site and its databases. Then at approx 8.00am I was advised by a user that the site may have been hacked. I did a quick check on the site and saw that a core file had today's date on it which it shouldn't have. Looking in the file and comparing it to the file in the backup I saw that whilst they had exactly the same code, the correct code, the one on the server had line spaces in between the lines of code which didn't add up i.e. why was there extra line breaks in the file compared to the one that I had backed up plus the backup had the correct file date of late last year...something isn't right.I did a complete scan of my own PC and it was clean so I closed the site whilst an extensive scan and analysis was done by the company that provides our own dedicated server, not just my server but all other servers. This took several hours to do and in the end it was decided to just delete the site, its server account, the server software, reinstall it all with new passwords, and then upload the backups I did first thing this morning which again took some time.

 

This however will mean that a few posts i.e. any posts made first thing this morning, will be gone but I believe that there were only a handful anyway.

 

I am very sorry for this.

 

We have extremely strict security here and looking at the logs the so and so was only on for a very very short time but was kicked out, not enough time to break through the site to database connection security and get any info from the database. Even if someone did all passwords are protected by 1 way encryption. This means that the database only stores jumbled up letters and numbers and can't be reconstructed. I can't even tell what a user's password is. If you are using the shop and paying by credit card you are transferred out of Recreational Flying into Westpac's own server so I or the site has no way of knowing what your credit card details are...again another security feature I use here unlike other stores that store your credit card details.

 

All in all, it has been a very long and hard day just to be on the safe side. In a couple of days I will be implementing Secured Socket Layers, an SSL certificate that encrypts the data between your PC and the site as well, adding an even extra layer of security however it requires a lot of work to the site to change from http to https.

 

Please be assured that all is ok and again please accept my apology for this happening.

no need for the apology: you did what you needed to do, and you're doing a great job, much appreciated.

 

 

  • Agree 2
Link to comment
Share on other sites

For the tech savvy, the attached image shows the difference I picked up in one of the core files...you can see the code is exactly the same however it wasn't the same as the file that I had just previously backed up[ATTACH=full]49403[/ATTACH]

Any chance that there is text in those lines you cannot see i.e. its white on white to prevent viewing? I've acquired and used similar techniques for other reasons in the past ;-)

 

 

Link to comment
Share on other sites

Any chance that there is text in those lines you cannot see i.e. its white on white to prevent viewing? I've acquired and used similar techniques for other reasons in the past ;-)

Good thought but no as it is just plain text

 

 

Link to comment
Share on other sites

The Recreational Flying/Clear Prop Pilot Supplies Shop has now reopened and working well. Please don't forget that any purchases made in our shop not only gives you far cheaper prices than elsewhere but also any proceeds go towards helping to keep this site alive and available to you...thanks

 

 

  • Like 1
Link to comment
Share on other sites

Why would anyone want to hack a site like this ? What would they be able to gain?

Bored teenager in a hacking group wanting a challenge.

There's absolutely nothing of any material value on the site as far I can tell. But remember, outside of the big boys in the professional international intelligence community, a lot of hackers do it for kicks. It's vandalism and it's the computer nerd equivalent of spray-painting a train, or kicking over someone's letterbox. They do it to get "respect" in their hacking group and show how cool they are.

 

 

Link to comment
Share on other sites

I have just done some maintenance on the site which was only to take about 5 to 8 mins however due to yesterday's issues I had locked down some 40,000 files far to tight which halted the maintenance in mid flight. After changing those files it ended up taking just over 20mins so sorry about the delay...I am very mindful that I do not cause any more downtime after yesterday and thus impacting the site's reputation.

 

 

Link to comment
Share on other sites

Don't worry, Ian. All sites go down, usually on Sundays, for routine maintenance. My wife tried to get onto a Federal Government site on Sunday and it was down. I bet the ratio of down:up time for this site is miniscule.

 

We just have to bitch about its being down. It's what we do. Especially on a Sunday when the weather for a lot of us is socked in.

 

OME

 

 

Link to comment
Share on other sites

Hi Ian!

 

When I go to log in, Firefox gives me this warning message.

 

Clipboard01.jpg.5cf4e4e22dcc282d9cc9c2f92feaa2d2.jpg

 

Been this way for a few days now.

 

Any explanation for this please?

 

 

Link to comment
Share on other sites

Yes I know, this is new with the latest Firefox and being pushed by Google for all web sites to use an SSL Certificate i.e. use https. I will be implementing that soon however it requires a lot of work including searching and replacing links in every single site post plus a lot more. Please if you can just bare with it till I can get this done. In fact as you posted I was on the phone talking to my server provider about this very subject...ears burning 001_smile.gif.2cb759f06c4678ed4757932a99c02fa0.gif

 

 

Link to comment
Share on other sites

This is a terrific site, and a wonderful resource. I'm sure the entire membership appreciate the benefits it brings, and accept the occasional outage as part of the gitalong, just as it is for the interweb in general.

 

Regarding the Firefox warning msg, I have that too, probably at about half the sites I visit here, and I'm sure nobody expects an instant fix on that either!

 

 

  • Agree 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...