Errors this morning

[Rich Stern]

Hi all. We had a SQL injection attack sometime this morning. It's a sophisticated hacking attack that injects javascript code into the web site database, trying to redirect the site's visitors to some lame site.



We suffered a rash of these several months ago, and I wrote a comprehensive filter to stop these attacks. The filter has since prevented thounands of such hacking attempts, but whoever did this one found a hole and managed to get through. I'll have to investigate why and fix it.



In removing the malicious code from the database, I accidently wiped out the member profile "About Me" field. When I finish cleaning up from the attack, I will attempt to restore those.



Sorry for the inconvenience.



Rich

 

[Scott Hammer TOXIC]

No problem Rich, when I saw it was trying to download crap, I just let it rest for a while!!



TOXIC

 

[TOMMY RICH]

I first thought, "OH NO ANOTHER ONE BLOCKED"!:lol:

 

[Marty Klein]

I hope that it didn't try to hack into my computer, as our system uses return ISPs as targeting information to a return cruise missile.

 

[Texas Transplant]

No problem. I did get hit with an alert from my local (on my laptop) virus software this morning, after I attempted to get to Nitro. However, it got sent to the quarantee area - and no further problems. Don't know if it was related or not, but thought I'd let you know.



Tex

 

[Larry Harp]

You know I didn't think about it until just now but I had a shutdown and I had to hard boot to get back up.:unsure:

 

[Tim Koepp]

to quote a line from the movie "Johnny Dangerously": fargin' ice holes

 

[William H. (Bill) Barham]

Heck, when I looked at the "about me" part in my member profile I just thought you'd already brought mine up to date on your own?:lol:



Uncle Billy

 

[Berry Lindley]

Yep this was identified as a trojan. My McAfee AV software did catch this and removed it. I have been away for a few days to let this get cleaned up. Bass turds like that out to be locked up.