this site was hacked
#3
Join Date: Dec 2005
Location: FLL
Programs: AA PLT 2.7 MM, DL GLD, UA Prem, BW Diamond, PC PLT, HH Diamond
Posts: 1,285
The "hack" looked like a simple redirect to me, not an actual breakin.
#4
Join Date: Apr 2001
Location: Phoenix, AZ
Programs: WN CP
Posts: 6,360
This thread is off-topic for the Southwest forum, so I am moving it to the Technical Issues forum.
IB-Dick has posted the following explanation:
IB-Dick has posted the following explanation:
We believe that the attackers found a vulnerably in a piece of software on the site. We became aware of the exploit last week and patched the software accordingly. Our security scan of the site did not uncover any additional problems, however someone had left a back door onto the server. We have located and removed the malicious scripts.
We are very sorry for the inconvenience today.
We are very sorry for the inconvenience today.
#5
FlyerTalk Evangelist
Join Date: Mar 2008
Location: ACT/GRK/DAL/ABI/MIA/FLL
Programs: OMNIArchist, OMNIArchy!, OMNIIDGAS
Posts: 23,478
if someone left a backdoor, it means they had access to file that could access other parts of the server/site...even if web based backdoor and not actual server side backdoor.
IB would be good to expire all passwords and require a force change.
IB would be good to expire all passwords and require a force change.
#6
Join Date: Mar 2008
Location: MDW
Programs: SWA EMP (the ultimate program)
Posts: 713
In my experience as an administrator of various internet message board software, user account passwords are hex encrypted and are not even accessible to back end administrators. A password can never be recovered. You may have experienced a scenario where you've forgotten your log in, and had to go through the "forgot password" process. In which case you are asked to create a NEW password. This is a pretty well maintained and high end version of VB. I would not be worried.