Rallystuff.net temporarily offline

[Curt]

As some of you may know, the rallystuff site was hacked a few weeks back. I managed to remove most of the hack code put in place, however the site has once again been hacked and has stopped members from being able to login.

Once again Ive decided to rely on the old proboards forum which I fix the hacks and put code in place to prevent another hack.

I'll report more soon

Thanks for your patience.

[Hurricane]

Wise decision to put the website temporarily offline. It's a shame that there can be such cruel people out there who like to make other's life miserable.

I've done some more research on this ngg.js hack script. It is also known as fgg.js, b.js and k.js, named ASPROX. This script attacks websites programmed in ASP(.Net) and backed up by a Microsoft SQL Server database to make them spread the script further. There are already no less than 20000 bots launching attacks!

The websites that launch the attack ensure the script only attacks countries outside Russia, Ukraine, some other ex-Soviet countries, China and Korea.

I think these links can be of help, Curt:
support.microsoft.com/kb/954476
www.contexteditor.org/asprox.html (script launch websites further down)

I also recommend visitors of RallyStuff.net to scan their computer extensively with a virus scanner, as it is possible that the script installs the Danmec virus, a password-stealing trojan, on your system.

[darrentoogood]

and if it has, someone is in big trouble

[Vivski]

Jul 28, 2008 21:51:47 GMT darrentoogood said:

and if it has, someone is in big trouble

Lol, if you're infected, that someone would probably be you.


@bart: Anything in particular we should be looking for? Rogue process names, etc?


@curt: Thanks for taking this action Hopefully it's not too long before we're back in business. And maybe a good learning experience for your professional web development as well.

[Curt]

Jul 29, 2008 0:07:59 GMT Vivski said:

@curt: Thanks for taking this action Hopefully it's not too long before we're back in business. And maybe a good learning experience for your professional web development as well.

Thanks

Yeah I have learnt a lot from these attacks so in some ways it hasn't been a total loss. Plus I'm pretty sure I know how to prevent the attacks again, Ive just gotta find the time to do it.. which I don't seem to have much of

Thanks for everyones understanding with this. Hopefully Rallystuff will be live again very soon!

Oh, and thanks for the links and information Bart. I'll take a good read

[Hurricane]

Jul 29, 2008 0:07:59 GMT Vivski said:

@bart: Anything in particular we should be looking for? Rogue process names, etc?

I found this yesterday, but I don't know if it's still active. You should get rid of it if it's on your system though

As of yesterday, we observed the Asprox botnet pushing an update to the infected systems, a binary with the filename msscntr32.exe. The executable is installed as a system service with the name "Microsoft Security Center Extension", but in reality it is a SQL-injection attack tool.

Source: msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx

[crutts]

While were on the subject of anti-virus and the like, can anyone recommend a good FREE downloadable one please, s mine is about to run out and I am not 100% happy with it so wont be continuing my subscription.

Joe

[Roo]

Free Anti-Virus software?

AVG from Grisoft is the one I use, and I couldn't be happier with it.

[nikkiy9]

what happened to some accounts??? i've just had to re-register so i could post lost all my post counts and been a mashal

[nikkiy9]

Jul 29, 2008 19:07:41 GMT crutts said:

While were on the subject of anti-virus and the like, can anyone recommend a good FREE downloadable one please, s mine is about to run out and I am not 100% happy with it so wont be continuing my subscription.

Joe

i use AVG 8, brilliant anti virus, not a problem with it at all, WILL NOT use nortons or anything else, when i was in prison, i made sure that avg was installed on the network i was helping build!

[Roo]

Jul 30, 2008 8:09:31 GMT nikkiy9 said:

when i was in prison, i made sure that avg was installed on the network i was helping build!

There you go Joe. If AVG 8 is good enough for a prison, it should be good enough for you too! ;D

free.avg.com/ww.download-avg-anti-virus-free-edition

[darrentoogood]

I personally use the paid version of AVG 7.5 - Never had a problem.


Also computers...internet in PRISON?

[Curt]

Jul 30, 2008 8:05:41 GMT nikkiy9 said:

what happened to some accounts??? i've just had to re-register so i could post lost all my post counts and been a mashal

Sorry nikki,

This site runs off a completely different database, so all user accounts, threads, posts etc, are going to be different.

However you have not lost all your posts from Rallystuff.net. The site is just offline while repairs are made. When the site is back online your old post count will be restored.

[Curt]

Oh and I also use the free version of AVG.

[Roo]

Jul 30, 2008 10:14:59 GMT darrentoogood said:

Also computers...internet in PRISON?

Yeah, for the prison staff ... not the prisoners! ;D