WARNING OzBargain Possibly Hacked [NO, it's NOT]

Lchgs on 03/11/2014 - 18:28
Last edited 03/11/2014 - 18:29

Dear Administrator,

Has nobody mentioned this yet?

Ozbargain is running Drupal.

All Drupal sites that were not patched before Oct 15th, 11pm UTC (7 hours after the patch was released) have been hacked, hidden backdoors installed, and stealthily patched. Thousands of sites running Drupal have already confirmed to be hacked.

http://www.bbc.com/news/technology-29846539

https://www.drupal.org/PSA-2014-003

http://grahamcluley.com/2014/10/assume-unpatched-websites-ru…

If OzBargain has been compromised, it is very likely that attackers have installed attack code to infect your user's computers, especially given that OzBargain has so many viewers.

For the sake of your users, can you please confirm that you are aware of this potential hack and you have removed any backdoors. If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.

I look forward to hearing from you.

Site Discussion

Comments

  • PVA on 03/11/2014 - 18:33

    Sounds serious. I am on a tablet so would be safe.

    • blitz on 03/11/2014 - 22:19
      +7

      I agree. I am on Windows 95 and would also be safe.

    • Baysew on 04/11/2014 - 08:49
      +3

      Sounds serious, I am going to take a tablet so I feel safe.

      • pebee47 on 04/11/2014 - 09:18

        I've had the Big V snip and so I AM safe

        • Forfiet on 04/11/2014 - 14:31

          locked myself in a safe…..Everyone else is safe…..

  • grog on 03/11/2014 - 18:36
    +1

    Wow… graham clulely… he is/was a wizard from sophos anti virus in the UK and before that DR solomons anti virus from way back.

    If he is reporting on it it must be real.

  • No on 03/11/2014 - 18:37
    +1

    Its suspicious that this dude has signed up today just to post this.

    • PVA on 03/11/2014 - 18:39

      Hmm, it does doesnt it.

    • chgs on 03/11/2014 - 18:40
      +1

      Yes I have. I wanted to bring this to the attention of the administrator.

      One of our live websites at work has been compromised and we are having serious issues restoring it.

      Given that the attacks are automated, OzBargain has likely been compromised.

      You don't have to take my word for it.

      Please read the links.

  • retiredfeline on 03/11/2014 - 18:40

    Ozbargain is running Drupal.

    Proof?

  • Moderatorscotty on 03/11/2014 - 18:41

    It's affecting Drupal 7 only, which is not the version we were running. Our back-end is also heavily modified so only bare skeleton of drupal was retained.

    • PVA on 03/11/2014 - 18:43

      Excellent. All sorted, site is safe.

    • chgs on 03/11/2014 - 18:43

      Scotty,

      Have you installed the DBTNG module in the past?

      If so, OzBargain is still vulnerable and possibly hacked. You will have to follow the below steps to recover your website.

      http://drupal.geek.nz/blog/your-drupal-websites-backdoor

      Please kindly confirm.

      Thank you.

      • Moderatorscotty on 03/11/2014 - 18:51

        You seem to be quite determined that OzBargain is hacked from this PSA :) No, that module was never installed. All modules used on developed internally, not to mention a lot of core has been ripped out and replaced.

        • chgs on 03/11/2014 - 18:53
          -2

          Better safe than sorry :).

          Thank you for your prompt confirmation.

          Please feel free to close the topic.

  • Moderatorscotty on 03/11/2014 - 18:57

    There are a lot of other drupal sites to worry about though, i.e. Australian government has standardise on Drupal as CMS

    http://www.computerworld.com.au/article/546960/australian_go…

  • bxpressiv on 03/11/2014 - 22:24
    +1

    Won't somebody please think of the children!

    • pebee47 on 04/11/2014 - 09:22

      What about the workers?!

  • peterpeterpumpkin on 03/11/2014 - 23:18

    I like the split personality heading :)

    On a more serious note, I'm not surprised this serious bug on Drupal.org went unnoticed for so long. There are quite a few shortcomings in Drupal 7 core when you happen to use less popular features (e.g. postgreSQL index name length limits were ignored), let alone the plethora of contributed modules, and these bugs simply go unnoticed as developers rush to push out Drupal 8. While I never used Drupal 6 (D6) and earlier versions, I assume D6 was ignored leading up to D7 and a lot of the patches were back-ported with lower priority as an after-thought.

    Regarding contrib modules, it would appear on the surface that either few "serious" people use any of them, they don't contribute back regarding bugs, or they use them only superficially since I'd say most "stable" versions of popular modules I've used have had a bug that would make a site less than production ready. The dev versions often have fixes to these problems added in with new bugs.

    But Drupal is the most OzBargainesque for developers so it has my support (…not so OzBargainesque for clients).

    • pebee47 on 04/11/2014 - 09:23

      Peter, Peter, or Pumpkin: which one of you is writing?

Login or Join to leave a comment
Login Join