Thanks Thanks:  0
Likes Likes:  0
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Hack attempt

  1. #1

    Hack attempt

    The PsychLinks Forum was down today for about 31 minutes due to a hack attempt by a group identifying itself as a Muslim extremist hacker group based in Turkey.

    This amounted to a denial of service attack -- they used some sort of automated script to create numerous new memberships in a short period of time, seemingly approximately every second.

    In the case of PsychLinks Online, all new memberships must be activated by the Administrator so none of the attempted registrations were successful. However, it did bog down the server to the point where other members and visitors could not access the forums.

  2. #2

    Hack attempt

    They hit again 4.51 EST, attempting to create another 25 or so accounts.

  3. #3

    Hack attempt

    Nice. <rolling eyes>

  4. #4

    Hack attempt

    what a bunch of sad-o's

  5. #5

    Hack attempt

    Of course, if your host provides Cpanel, some setups of Cpanel will allow you to easily block an IP address by changing the root htaccess file for you:

    However, I don't remember my Cpanel offering this option.
    "What lies behind us and what lies before us are tiny matters compared to what lies within us." ~ Ralph Waldo Emerson

  6. #6

    Hack attempt

    I've done that, Daniel. Actually, I thought I did that yesterday but I may have done it incorrectly. The IP will also now be blocked at the server level -- I've notified my host that other sites on the server may be vulnerable.

    Thursday December 9:

    They hit again, twice more, once in the early morning and later about midday. This time, the attacks came from more than one location, generating several hundred bogus new member registrations each time and overwhelming the server. I took the forum off line temporarily to install a software upgrade.

  7. #7

    Hack attempt

    That's so maddening. I see this kind of hacking attack as being as serious as a break and enter. It trepasses and damages others property as well as intruding the well being of many people!

    I hope some hacker comes up with a way to catch the other hackers as an apology for previous hacking crimes. Community service should be mandatory punishment.

  8. #8

    Hack attempt

    Ish. I know what a frustration this kind of thing can be. So sorry it had to happen to this forum. :(

  9. #9

    Hack attempt

    Update: The situation is resolved.

    There were a series of "attacks" over a two day period. I want to emphasize to every member that at no time was there any risk to member privacy -- the database was not breached and no member information was exposed. This was more properly termed a DoS (Denial of Service) attack, in which some sort of script generated a series of new member registrations, as many as one per second, over a block of time, flooding the server to the point where other visitors and members could not access the site.

    One way to prevent such an attack is to block access to the IP address. In this case, each time I blocked one, the attacks were resumed from another, so it was clear that wasn't going to be a successful defense. Therefore, the remedy had to involve a prevention of all automatic or programmed registrations.

    To do this involved upgrading the forum software to a new version which requires a "visual confirmation" of registration: When a new member registers, the software generates a random set of letters and numbers as a graphic, visible to a human visitor but not to a script, which must then be copied manually into an input box. If the sequence doesn't match, the registration is denied.

    I would note that there were some additional advantages of the software upgrade, including enhanced security. I am gradually debugging and customizing the new version and it seems that all major features have now been returned to the board.

    You may notice that as one lingering result of the attacks, the server clock is now about an hour and a half fast. That will be fixed in time.

    If you notice any other bugs or missing features, I'd be grateful if you'd post it here or send me a private message.

    Thanks to all of you for your patience over the past few days.

  10. #10
    Join Date
    Oct 2004
    At home, most of the time.

    Hack attempt

    Why the heck would a Muslim extremist group be targeting psychlinks?

Page 1 of 2 12 LastLast



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Disclaimer: PsychLinks is not responsible for the content of posts or comments by forum members.

Additional Forum Web Design by PsychLinks
© All rights reserved.