View Full Version : Hack attack at ZHPMafia.com - A Hybrid Affair
danewilson77
01-07-2017, 12:06 PM
Gents,
I just wanted to keep you filled in on recent developments. We have two things going on:
We currently have a hybrid hack going on. Normally they only occur either for mobile users OR for people from search engines. In our case, both have to occur to show symptoms. This breed is different. Yes. We have a new breed. None of the scanners out there know how to detect this and the usual places that these types of hacks hide are not applicable in our case. So whatever we have here is some new strain of malware.
New strains can take a while to track down but now that Unhack knows how to trigger it, they can find it.
Moving forward:
1. Tapatalk is down hard.
2. Website is fully functioning when NOT reaching it via Google. Just type in www.zhpmafia.com
Restoration:
1. Update VBulleting to latest version and patch (Latest version available: 4.2.3 Patch Level 2) > I am still looking for someone to do this.
2. Unhack is currently hunting down the issue with a fix soon, hopefully.
3. When 1 and 2 above are resolved, Tapatalk should work correctly.
Sorry for the inconvenience and thank you for being patient. As with all Family problems, we'll get through this stronger on the other side.
DW :mafia
Johnmadd
01-07-2017, 01:11 PM
Why would a forum be hacked? What would be valuable from this site to a hacker? I don't get it.
Is this why, in the last 24 hours or so, all forum pages are drawing wider than my screensize, requiring constant L<>R scrolling?
anandoc
01-07-2017, 03:24 PM
Why would a forum be hacked? What would be valuable from this site to a hacker? I don't get it.
Hackers could hold the domain for ransom...
danewilson77
01-07-2017, 03:40 PM
Why would a forum be hacked? What would be valuable from this site to a hacker? I don't get it.
It's mainly to redirect the user from Google to whatever they're pushing.
Johnmadd
01-07-2017, 03:52 PM
Ahhhh, understood.
Gents,
I just wanted to keep you filled in on recent developments. We have two things going on:
We currently have a hybrid hack going on. Normally they only occur either for mobile users OR for people from search engines. In our case, both have to occur to show symptoms. This breed is different. Yes. We have a new breed. None of the scanners out there know how to detect this and the usual places that these types of hacks hide are not applicable in our case. So whatever we have here is some new strain of malware.
New strains can take a while to track down but now that Unhack knows how to trigger it, they can find it.
Moving forward:
1. Tapatalk is down hard.
2. Website is fully functioning when NOT reaching it via Google. Just type in www.zhpmafia.com (http://www.zhpmafia.com)
Restoration:
1. Update VBulleting to latest version and patch (Latest version available: 4.2.3 Patch Level 2) > I am still looking for someone to do this.
2. Unhack is currently hunting down the issue with a fix soon, hopefully.
3. When 1 and 2 above are resolved, Tapatalk should work correctly.
Sorry for the inconvenience and thank you for being patient. As with all Family problems, we'll get through this stronger on the other side.
DW :mafia
Thanks for the info Dane!
WOLFN8TR
01-08-2017, 10:22 PM
Thanks for the update. Such BS you have to deal with this.
johnrando
01-09-2017, 07:56 AM
+1
330i Lover
01-09-2017, 07:04 PM
Thanks for the update Dane. Sounds like a PITA(Pain in the...)
danewilson77
01-09-2017, 08:04 PM
Thanks for the update Dane. Sounds like a PITA(Pain in the...)
Any time. Yes. PITA. I deleted all .ru accounts tonight. We had 7 bad Australian ip addresses going after the site as well as a Russian bot. All seems to be OK at the moment.
ELCID86
01-10-2017, 05:35 AM
I must be an honorary Ruskie or Austrian as I can only access the site from work... :-(
Thanks for trying to get me unblocked DW. And I hope we can get this whole mess sorted out soon so TaT is back online.
330i Lover
01-10-2017, 06:06 AM
Dane, are there exorbitant fees incurred because of these hacks that we need to donate a few bucks to help get tapatalk working again?
cakM3
01-10-2017, 06:21 AM
donations always help as we all benefit from using this site. :thumbsup
Also having members who "look out" for each other and are willing to give our moderators a heads up when accessing this site becomes difficult like it was yesterday will also help. We all have to watch out for each other :thumbsup
Prestovie
01-10-2017, 07:47 AM
Thanks for the update boss, keep us posted
ELCID86
01-10-2017, 09:35 AM
Dane, are there exorbitant fees incurred because of these hacks that we need to donate a few bucks to help get tapatalk working again?
Use the donate button--top center ^
330i Lover
01-10-2017, 09:37 AM
Thanks Shawn, i'm very familiar with the button. :)
nextelbuddy
01-10-2017, 09:52 AM
is your site hosted locally at your house? with a static IP or is it hosted with a company like Bluhost?
did you see this article on applying a patch?
https://www.vbulletin.com/docs/html/main/upgrade_patch_level
danewilson77
01-10-2017, 12:37 PM
Dane, are there exorbitant fees incurred because of these hacks that we need to donate a few bucks to help get tapatalk working again?
donations always help as we all benefit from using this site. :thumbsup
Also having members who "look out" for each other and are willing to give our moderators a heads up when accessing this site becomes difficult like it was yesterday will also help. We all have to watch out for each other :thumbsup
Use the donate button--top center ^
Thanks Shawn, i'm very familiar with the button. :)
Thanks guys. Donations are greatly appreciated. I am in the process of moving zhpmafia.com on to a server by itself. It currently shares a server with markhandyphotography.com and peerlessfineart.com (now defunct). It's important that I segregate the site to a server by itself no more so than ever. I do not want my recent issues to affect Mark's consumer sales, nor would I want a hack on his site to slow our site (not likely). The fee for this is $79.00.
Unhack was hired to deal with current hack (@ $250.00) and they are currently narrowing down the issue.
Once all of these issues are corrected, I begin to think about getting Tapatalk up and running again.
is your site hosted locally at your house? with a static IP or is it hosted with a company like Bluhost?
did you see this article on applying a patch?
https://www.vbulletin.com/docs/html/main/upgrade_patch_level
The site server is hosted by SERVINT. I will also be hiring VBulletin Professional services to perform the install to 4.2.3 Patch Level 2. We are currently running with 4.2.2 Patch Level 4, and I believe that is where our security vulnerability is stemmin from.
az3579
01-10-2017, 01:20 PM
I'll throw you some money soon...
Sockethead
01-10-2017, 03:37 PM
If the servers are running as virtual machines on the same box then they wont affect each other but I can understand your desire to get your server on its own box. Patching servers is a PITA but a necessary evil. I hated having to do that constantly at my last several jobs
danewilson77
01-10-2017, 04:57 PM
If the servers are running as virtual machines on the same box then they wont affect each other but I can understand your desire to get your server on its own box. Patching servers is a PITA but a necessary evil. I hated having to do that constantly at my last several jobs
It's on VPS but the slow downs are definitely affecting Mark's site, according to Mark.
Sockethead
01-10-2017, 05:09 PM
Yes DoS attacks will slow down that whole segment of the network for sure
danewilson77
01-10-2017, 05:18 PM
Yes DoS attacks will slow down that whole segment of the network for sure
10-4
derbo
01-12-2017, 02:08 PM
Thanks for being transparent with us.
I would love to help upgrading but I have no experience with vbulletin and not sure that level of responsibility is for me at this moment. :)
az3579
01-12-2017, 03:14 PM
Thanks for being transparent with us.
I would love to help upgrading but I have no experience with vbulletin and not sure that level of responsibility is for me at this moment. :)
I'm exactly in the same boat. Would love to help - no experience with vBulletin upgrades though.
danewilson77
01-12-2017, 09:13 PM
No problem guys. I appreciate the thoughts. We'll get through this stinger and better than before.
Sockethead
01-16-2017, 08:48 AM
Looks like we lost some posts on the latest database crash....?
nextelbuddy
01-16-2017, 11:24 AM
Looks like we lost some posts on the latest database crash....?
was about to say the same thing, posts are missing unfortunately.
danewilson77
01-16-2017, 12:21 PM
Looks like we lost some posts on the latest database crash....?
No. Servont was only able to back up (restore) from the 13th.
danewilson77
01-16-2017, 12:21 PM
was about to say the same thing, posts are missing unfortunately.
Prior to....?
ELCID86
01-16-2017, 12:27 PM
@1/12/17 thru present
---
"ZHP is a garbage option anyway- just some cosmetic upgrades with a different cam and diff to claw back some of the performance lost fitting those hideous and heavy wheels. Any 330 with a 3.46 diff will smoke a ZHP every time. The whole Mafia thing reeks of childish behavior." - anonymous E46 fanatic
Marcus-SanDiego
01-16-2017, 12:36 PM
Not surprising at all.
I imagine that some people were able to post, intermittently, over the past several days. The site has mostly been down, though, since late January 12, 2017. I imagine there were not that many posts from January 13-January 16, 2017.
Marcus-SanDiego
01-16-2017, 12:38 PM
Also, I imagine that there could be some more down time coming. Right now, I notice a redirect from zhpmafia.com that takes you to the activity page. That tells me someone is still in the middle of tweaking the site. Looks close to being resolved, though.
danewilson77
01-16-2017, 12:42 PM
I see posts from the 13th as well.
cakM3
01-16-2017, 01:35 PM
Nice to see this site back up :thumbsup
Johnmadd
01-16-2017, 04:39 PM
Hi Marc!
Sockethead
01-16-2017, 05:15 PM
There are at least a half dozen threads I responded in that are missing my posts now.... oh well, NBD, I'm just glad the site is back online :)
WOLFN8TR
01-16-2017, 05:22 PM
Welcome back Mafia! :applause
anandoc
01-16-2017, 05:30 PM
Some of my posts are missing as well - especially from the "BMW Driver's side airbag recall" thread.
Oh well, glad to have the site back up and running again!
330i Lover
01-16-2017, 06:57 PM
Thanks to everyone involved!
johnrando
01-16-2017, 07:13 PM
Welcome back. And Tapatalk is working!
Sent from my SM-G935V using Tapatalk
derbo
01-17-2017, 10:14 AM
Welcome back. And Tapatalk is working!
Sent from my SM-G935V using Tapatalk
Tapatalk is partially working. It's not listing zhpmafia when searching for the forum. I was able to access the chatroom then jump through a few hoops to get to the forum though.
Sockethead
01-17-2017, 10:22 AM
I'm having the same problem with TT
Sockethead
01-17-2017, 12:01 PM
This is how I fixed it.... http://www.zhpmafia.com/forums/showthread.php?14406-Tapatalk-Issues&p=514960#post514960
az3579
01-17-2017, 12:03 PM
Mine connected right into ZHPMafia.
derbo
01-17-2017, 02:01 PM
This is how I fixed it.... http://www.zhpmafia.com/forums/showthread.php?14406-Tapatalk-Issues&p=514960#post514960
Did it actually fix it? because I still don't see the forums when I click it. I have to manually get there from those steps.
UdubBadger
01-17-2017, 02:10 PM
Militia up, we're all heading to Russia for the 2017 Reunion :guns2:guns:gun1 :mafia
Was able to find zhpmafia on TaT! All good now...
Sent from my iPhone using Tapatalk
johnrando
01-17-2017, 07:07 PM
Mine connected right in with no problem.
Sent from my SM-G935V using Tapatalk
Powered by vBulletin® Version 4.2.2 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.