Return to our Home Page Latest Ski News - Resorts, Events, Equipment, World Cup and more Latest Snow Conditions from Around the World Ski Resort Feature Articles Ski and Snowboard Equipment Feature Articles Our Liftlines user forums A Ski Resort Map Covering All of North America User Downloads Search Our Site Free Ski News Subscriptions via RSS Our huge database of other ski and snowboard websites around the world Contact Us


Liftlines hacked

Here you'll find helpful tips regarding the operation of the Discussion Boards at First Tracks!! Online, as well as general announcements for our users.

Liftlines hacked

Postby Admin » Wed Dec 22, 2004 5:11 pm

Well, by now many of you have seen firsthand the frustration that we've experienced today.

Liftlines was hacked today, not once, but twice. We spent the majority of today trying to fix things around here. Two exploits have been floating around the Internet this week, one attacking a security hole in PHP, and one attacking a hole in phpBB, the software that runs Liftlines. Many, many Internet websites depend on phpBB to manage their user forums, and many have been hit this week by hackers. We were unfortunately not immune.

We believe that we've fixed the security vulnerabilities, and we've restored the forum data from backup. About the only thing that we've been unable to rectify, as far as we can tell right now, is the user "country flag" selection, but that's certainly trivial. The initial attack happened shortly before our backup was performed during the early morning hours of today, Dec. 22, so we were forced to utilize the backup performed during the early morning hours of Dec. 21. Thus, any forum activity after approximately 2am EST on Dec. 21 -- postings, new user registrations, etc. -- has been lost. We apologize for any inconvenience that this may have caused.

We also apologize for the email that the hackers sent through the Liftlines system to all of our users. One positive outcome of that email is that it has allowed us to identify the hacker through his IP address, and we will pursue this individual via all means available. Special thanks to our user Chromer for astutely identifying the hacker.

We thank our users for their concern about the hacked Liftlines forums, for we received many, many emails today regarding our plight.
Image

Image
User avatar
Admin
Site Admin
 
Posts: 8932
Joined: Wed Sep 22, 2004 8:32 am
Location: Salt Lake City, Utah

re: Liftlines hacked

Postby Admin » Wed Dec 22, 2004 5:25 pm

FYI, for those interested, here is a story about the Santy worm that indicates that 40,000 web sites have been affected.
Image

Image
User avatar
Admin
Site Admin
 
Posts: 8932
Joined: Wed Sep 22, 2004 8:32 am
Location: Salt Lake City, Utah

re: Liftlines hacked

Postby skiadikt » Wed Dec 22, 2004 8:28 pm

what a pain! glad you guys are still here. but was there any danger to those of us who did open that email thinking it was from you?
skiadikt
 
Posts: 65
Joined: Fri Oct 22, 2004 9:52 am

re: Liftlines hacked

Postby pnoom » Wed Dec 22, 2004 8:41 pm

I wouldn't worry about the email they sent. The only way (virtually all of the time) you can get a virus from an email is if you opened an attachment that was infected.

Otherwise, pure text emails are fine. Just don't open any attachments unless you virus scan them first and are completely sure that they are coming from a reliable source who you would be expecting an attachment from.
User avatar
pnoom
 
Posts: 26
Joined: Thu Nov 04, 2004 4:35 pm
Location: Glen-bank, CA

re: Liftlines hacked

Postby woodi7259 » Wed Dec 22, 2004 10:11 pm

We suffered a similar attack over at ttips a few weeks ago using the same type of exploit. This site definetly faired alot better than that one. Good thing you have all those backups to work from. Tons of data was lost there and the site was down for a few days. Props to you for getting everything up and running very quickly.
User avatar
woodi7259
 
Posts: 89
Joined: Thu Sep 23, 2004 5:41 pm
Location: Potsdam, NY

Re: re: Liftlines hacked

Postby Admin » Wed Dec 22, 2004 10:19 pm

skiadikt wrote:was there any danger to those of us who did open that email thinking it was from you?


None at all.

woodi7259 wrote:Good thing you have all those backups to work from.


We learned our lesson over the summer.
Image

Image
User avatar
Admin
Site Admin
 
Posts: 8932
Joined: Wed Sep 22, 2004 8:32 am
Location: Salt Lake City, Utah

re: Liftlines hacked

Postby Jonny D » Thu Dec 23, 2004 8:59 am

I've got to hand it to you, that was a very fast response: getting the liftlines back up, more secure, and restoring from the previous backup.

I bet a lot of forums didn't fare as well as FTO did.

Kudos.
User avatar
Jonny D
 
Posts: 309
Joined: Fri Sep 24, 2004 10:04 am
Location: Toronto, ON - Avatar: Goin' for broke in Whistler

re: Liftlines hacked

Postby Patrick » Thu Dec 23, 2004 9:52 am

ONCE AGAIN, GREAT JOB!!! =D>

YOU DESERVE A FEW POWDER DAYS FOR YOUR HARD JOB MARC, if only Powderfreak could convinced Mother Nature :!: :!: :!: [-o<

Kudos, also to Chromer for tracking down the &(%&?%*%

Zoneski was also attack late afternoon on Monday(?), but they were able to identify the problem and hacker quicky.
User avatar
Patrick
 
Posts: 4614
Joined: Thu Sep 23, 2004 5:19 am
Location: The Great Trip 2006
Location: Ottawa, Ontario

Re: re: Liftlines hacked

Postby Admin » Thu Dec 23, 2004 9:54 am

Patrick wrote:Zoneski was also attack late afternoon on Monday(?), but they were able to identify the problem and hacker quicky.


Yeah, I got a morally-supportive email from Christophe during the height of yesterday's fiasco. Apparently they had a 24-hour outage, but managed to have the proper backups in place as well.
Image

Image
User avatar
Admin
Site Admin
 
Posts: 8932
Joined: Wed Sep 22, 2004 8:32 am
Location: Salt Lake City, Utah

re: Liftlines hacked

Postby Lftgly » Thu Dec 23, 2004 3:35 pm

My sympathies, Marc. We were temporarily deprived of our favorite diversion at work yesterday!

Good work restoring the NBS so quickly!
Lftgly
 
Posts: 349
Joined: Mon Oct 04, 2004 2:18 pm
Location: NH

re: Liftlines hacked

Postby Admin » Sun Dec 26, 2004 11:35 am

The fun continues. :x Did anyone else notice the ridiculous number of guest users hitting the forums over the past couple of days? Like, 200-something at one time? That was a product of the Santy worm on infected phpBB boards hitting ours to see if ours could be compromised as well. In effect, this functioned like a DDOS attack.

We've implemented a solution that denies attempts by the worm to log into our boards as a guest, so the guest count is now accurate. This may not work with future versions of the worm which may be propogated, for all the malicious code writers need to do is modify the worm to work around our solution, but for now this will reduce the strain on our processor, reduce the bandwidth used by the worm, and reflect an accurate guest count.

What a PITA! Why can't the little geeks find something better to do?
Image

Image
User avatar
Admin
Site Admin
 
Posts: 8932
Joined: Wed Sep 22, 2004 8:32 am
Location: Salt Lake City, Utah

re: Liftlines hacked

Postby NHpowderhound » Sun Dec 26, 2004 1:54 pm

Yeah, I knew something was up when I saw 221 users. Those little geeks will get thiers someday.
((*
*))NHPH
User avatar
NHpowderhound
 
Posts: 434
Joined: Thu Sep 23, 2004 4:56 am
Location: Cow Hampsha' -Avatar: Jay Peak Face


Return to F.Y.I.

Who is online

Users browsing this forum: No registered users and 1 guest

cron