Heads up to frequenters. XSIbase has been hacked and it's pretty nasty. Be wary, and definitely don't accept/agree to any prompts from that site until there's some notification that it's all clear.

lame hackers...

Crap that's pretty bad.... O_O

I'm all worried about this site now...

It's the second time in such a short time...
I know nothing about hacking-things, but is there something wrong with xsibase security anyone could hack it easily?
(or maybe thats not easy at all...)

Crap that's pretty bad.... O_O

I'm all worried about this site now...

might be worth changing your admin passwords and keeping an eye out for forced password attempts for a few days.

Well that's a shame :(

From the discussion about the previous attack on XSIBase I gathered it had something to do with the kind of forum-software used... :wink:

yes, it was said about unlicensed copy of YaBB,
I'm convinced that software is not an issue right now and its still hacked...
The positive thing is that the site growing so popular someone likes to hack it :)

Why XSIbase?!

There are hundreds of (proper) companies around the world much more deserving of the attention of hackers.

Maybe its just easy prey.

Ok,

First of all, it's most likely XSIBase wasn't specifically attacked. Hackers find weaknesses in forum software on the web then script a program that searches the web (sometimes using google) to find sites using that software and automatically run the hacking script. I doubt someone was aiming at XSIBase itself.

Secondly, the forum software used by XSIBase is an old forum software. The company that once made this software has since moved on to create a different forum software entirely. Thus the XSIBase forum software is out-of-date and no longer supported by the company. It has nothing to do with unlicensed copy of the software.

With that said, it isn't a simple task to switch a forum from one software to another. I do think the admins are working on switching it over to a new software but may take a long time to do so. In the mean time we might see a few more of these hacks.

My 2 cents...

Eric T.

yes, it was said about unlicensed copy of YaBB,
I'm convinced that software is not an issue right now and its still hacked...
The positive thing is that the site growing so popular someone likes to hack it :)

i agree with eric here. our own board got hacked a year ago and its only frequented by the ppl we work with and for. its some nasty games. since then we use vBulletin as well and keep it up to date. thats i think is the best insurance.

ummm

i've just hit a refresh on xsibase and got a promptwindow asking for username and pass.
i was suspicious and didn't input anything then i just found this thread here when i was about to start a thread about this.
most hackers don't even know how write 2 lines of c/c+/c#/java/html/php/you name it and they pretend to be some kind of geniouses... i know one in person. pittyfull people!

ummm

i've just hit a refresh on xsibase and got a promptwindow asking for username and pass.
i was suspicious and didn't input anything then i just found this thread here when i was about to start a thread about this.
most hackers don't even know how write 2 lines of c/c+/c#/java/html/php/you name it and they pretend to be some kind of geniouses... i know one in person. pittyfull people!

Agreed, but it is actually scary how little programming knowledge you need to actually hack someting (I can barely proggam and I am able to do this). You don't need to be more than second rate programmer to do this (and plenty of par more complicated things as well). This lot probably just downloded a script from the internet (or copied it from a hacking book).

All the people i have met who thought they were brilliant for this kind of thing were also the kind of people who think that urinating on the seat in a public toilet is an intellectual statement. These kinds of people are pathetic but in many ways their mindset makes the extreemly dangerous becase they don't care about anything the consiqueses of there actions and believe they are justified.

simon

I also agree with this, its a shame...

Besides, people who are really brilliant don't hack for fame, in most cases those guys are giving some example how lose the security of a site currently is, they even give support via mail what caused the exploit..

Those mass defacements (hacking multiple site at once) is quite usual.. take a look at here http://www.zone-h.org/component/option,com_attacks/Itemid,43/page,1 (http://www.zone-h.org/component/option,com_frontpage/Itemid,1/)

Hope that the site will be back soon

yes a nasty hack.

we are working on an update and migration to newer technology. unfortunately we had a lot of custom code and when the product was discontinuted it left us a bit in limbo and recently vunerable to attacks.

we will soon have the new technology ready so it will be all secure again.

regards
raffael
XSI Base