Old Invision forums hacked again
I’ve got an old Invision forum. The latest free version. And yes, I know, it’s a bad idea. But it’s been the only solution for having a decent featured pre-moderated forum for a while, unless you want to pay for the software.
So, it’s gotten hacked a few times. And this last time it was embarassing:
They posted AS ME!
The topic title was “please help”, and the content was one link:
blueice77.com/server.exe
I haven’t checked out the program. I’ll leave that to the security geeks. My forum wasn’t the only one that got hacked like that. They always post as one of the admins, and there’s nothing more than the link in the post.
IP used: 195.22.229.24
It’s an open proxy, so doesn’t help much. And the user agent is the latest English language Firefox version.
The website with the exe file on it appears to have been hacked. The file existed on the server when I tested it, though I don’t know what it contains. Since it’s been hacked, I won’t post the whois here, and I’ll contact the owner.
And on the topic of pre-moderation (I only checked for php software): vBulletin and Invision has pre-moderation. But they’re both commercial software (except for the old version of Invision, that’s got more security holes than a sieve), so not an option for all. Simple Machines and phpBB have promised pre-moderation in the next major version. phpBB has a release candidate with pre-moderation currently available. miniBB has pre-moderation currently, but the new posts will show - you just can’t see the content until approved.