Hey all,
It looks like the TLG catalog was hacked today (December 6, 2010). The hacker uploaded a bunch of html to the website, though we don't know exactly what it was. Brian discovered it very early on and removed the files.
The attack occurred this morning sometime, or late last night (marked December 6). We've removed all the files associated with it and are combing the site for any back end crap this SOB left.
We have tech support online, through our provider. Everyone's CC info is safe (stored in paypal) as that is not stored in our data base, but please log on and change your passwords for your customer information.
Do not open any files from TLG offices...as I never email in the first place...but I never send information out via email, only through the Troll's Tusk.
I'll post more as I learn more.
Thanks,
Steve
_________________
The High Lord, Coburg the Undying
He who sits on the elephants back
Castle and Crusade Society
troll@trolllord.com
TLG Catalog and Hacking
-
Troll Lord
- Greater Lore Drake
- Posts: 3232
- Joined: Thu Mar 30, 2006 8:00 am
TLG Catalog and Hacking
_____________________________
He Who Sits on the Elephants Back
The Troll Lord
Steve Chenault, President & CEO of Chenault & Gray Publishing, Troll Lord Games
He Who Sits on the Elephants Back
The Troll Lord
Steve Chenault, President & CEO of Chenault & Gray Publishing, Troll Lord Games
Yes folks, Steve speaks the truth here.
The attack seemed to be more annoyance than anything malicious, but in today's digital world you can never be sure.
Around 6pm, I happened to notice something amiss when I was doing moderation in the catalog admin area. There were a number of unauthorized moderators in the admin section. Red flag #1.
There was also a great number of strange php files and temp folders in the main ftp area of the catalog directory. Red Flag #2.
In tech speak, the OSCommerce catalog area was exploited with a php uploader. Good news is that from what I can see here - this wasn't a SQL injection attack - but more of a prank to upload a temp folder that contained about 2,000 html files for fake real estate, viagra, diet pills, and a multitude of get rich scams.
All malicious, strange, and unauthorized files have been removed from the server (in all areas).
Permissions for the php areas of the catalog have been locked down to prevent any unauthorized uploading.
Various safeguard files have been added to prevent any modification or addition of any files by either Steve or Myself.
I am also in the process of banning IPs from the following countries:
Korea
China
India
Russia
Turkey
Viet Nam
Ukraine
Brazil
Venezuela
Pakistan
The attack itself originated from Turkey, but I want to make sure all bases are covered. If anyone experiences any trouble with the website catalog area, DO NOT HESITATE to contact either myself (aztecjade@yahoo.com) or Steve (troll@trolllord.com) immediately.
As Steve mentioned, security is very important for us and we want you to know that we take all of our customers personal data very seriously. We have been in touch with both Paypal and Hostek (our hosting company) to ensure the safeguard of all sensitive information: such as credit card information, social security numbers, etc.
Even though credit card information is NOT stored on our server or within the catalog admin and processed directly through Paypal, we urge all of you who have accounts in the catalog to log in and change your password information - just as an extra layer security.
We will continue to monitor this issue and will take appropriate actions as warranted.
Best,
Brian
The attack seemed to be more annoyance than anything malicious, but in today's digital world you can never be sure.
Around 6pm, I happened to notice something amiss when I was doing moderation in the catalog admin area. There were a number of unauthorized moderators in the admin section. Red flag #1.
There was also a great number of strange php files and temp folders in the main ftp area of the catalog directory. Red Flag #2.
In tech speak, the OSCommerce catalog area was exploited with a php uploader. Good news is that from what I can see here - this wasn't a SQL injection attack - but more of a prank to upload a temp folder that contained about 2,000 html files for fake real estate, viagra, diet pills, and a multitude of get rich scams.
All malicious, strange, and unauthorized files have been removed from the server (in all areas).
Permissions for the php areas of the catalog have been locked down to prevent any unauthorized uploading.
Various safeguard files have been added to prevent any modification or addition of any files by either Steve or Myself.
I am also in the process of banning IPs from the following countries:
Korea
China
India
Russia
Turkey
Viet Nam
Ukraine
Brazil
Venezuela
Pakistan
The attack itself originated from Turkey, but I want to make sure all bases are covered. If anyone experiences any trouble with the website catalog area, DO NOT HESITATE to contact either myself (aztecjade@yahoo.com) or Steve (troll@trolllord.com) immediately.
As Steve mentioned, security is very important for us and we want you to know that we take all of our customers personal data very seriously. We have been in touch with both Paypal and Hostek (our hosting company) to ensure the safeguard of all sensitive information: such as credit card information, social security numbers, etc.
Even though credit card information is NOT stored on our server or within the catalog admin and processed directly through Paypal, we urge all of you who have accounts in the catalog to log in and change your password information - just as an extra layer security.
We will continue to monitor this issue and will take appropriate actions as warranted.
Best,
Brian