shriekingviolet Report post Posted June 1, 2006 As most of you have already heard, we were hacked yesterday which lead to some nasty virus spreading among a chunk of our users. A hacker used a known security flaw in Invision Board v. 2.1.5 to gain access to the admin control panel where it inserted iframes (an html element that allows the content of another website or page be displayed seamlessly on another page) into several (though apparently not all) skins. The offsite page it integrated into the forum contained the actual virus, no files on our server had viruses directly embedded into them. Kate and I have gone through each of the different skins to removed the iframe insertions and checked the different upload folders for new files, so we're pretty confident that all malignant content has been removed. We've also upgraded the software so that the hacker could no longer take advantage of that flaw in the script (which is something I've been meaning to do, but hadn't found the time since the new version was release 3-4 weeks ago) and changed our passwords just to be safe. Hopefully this will prevent the hacker from reentering the admin center and reinserting any of his modifications. We apologize for any inconvenience this may have caused! For more information on any possible information compromises that occured because of our breakin, please read Kate's announcement on the issue. Share this post Link to post Share on other sites
