As most of you know, both of our sister boards the Win32asm board and the Anticrack board have recently been wiped out by hackers. Their different fates are still unclear, and stuff is certainly going on to try to make their situations turn out for the best. But...

Until that happens, all users from these boards are very welcome to come hang around here, to help you all regroup and keep the connections with all your old friends from your boards.

We have set up two new temporary forums that will stay until further notice, one for the Win32asm board and one for the Anticrack board. Users from these boards (and any of our current users too of course) are very welcome to use these forums in whatever way they see fit, and also of course use our PM system for similar purposes.

Please spread the word to as many people you can about this, and again, welcome!


Here are direct links to the respective forums, which you can use when giving out links to people when spreading the word:


The Anticrack Mini Regrouping Board:
http://www.woodmann.com/forum/forumdisplay.php?f=31


The Win32asm Mini Regrouping Board:
http://www.woodmann.com/forum/forumdisplay.php?f=32


Enjoy!


/The RCE board crew

Ok, masmforum.com was just wiped too. We have set up a temp regroupment forum for them too, same thing goes as above:

http://www.woodmann.com/forum/forumdisplay.php?f=33

Sadly, all sites on anticrack are down.

The exploit is pretty darn effective, and there's a nice script kid file sitting out there too. So I guess it was only a matter of time.

Seriously, no one on the internet should use phpBB. Stick with Invision or VBulletin. Far less exploits.

-nt20

Protools is gone too, dude now I am pissed.

If it matters.......

We are here working 24/7 to make sure we are safe.

Woodmann

Protools is alive!!!!

Seems like you have a case of cache envy

Unless you have some secret link we dont know about.

Woodamnn

masmforum seems to be available now

---- edit ----
Oops, it is not correctly rebuild :/

nikolatesla20,
yeah, well, it's only the index file, i hope there is a backup for it.

Nope. It is not only the index.xxx replaced. There are some other things going on on the box :/

hm.. weird stuff..

Just for example:
ps -ax show weird processes, the command top is fucke up, some libs have problems...

I will reset the full server, since I am not sure what rootkit is installed additional

Anticrack will be back in 1 to 2 weeks
Let's take it as sportsman...

Yeah most probably.Hope all forums and sites up soon

LOL Stupid PHPBB Developers, had a whole chance to catch this one. But NOOOO.

If they just ignored the reports they deserve what they get.

lol I got this shot from SecurityFocus. I suppose they only listen to their own "elite"???



-nt20

What the hell is going on... I wonder why someone decided to target these community boards.

Anyway, for those who don't know, WayBack Machine has a relatively good (but out of date) archive of MasmForum:

http://web.archive.org/web/20040120201308/http://www.masmforum.com/

and of Win32AsmCommunity:

http://web.archive.org/web/20040127202112/http://board.win32asmcommunity.net/

It's out of date, but if you're looking for something it may help in the meantime. (Yes, the url suffixed by /http etc is correct, paste them as I typed them).

As mentioned by Zero on this board, Anticrack should be back in 1-2 weeks, and the other two boards are back running in a more or less restored state right now. They are still running vulnerable versions of the board software though, and might also be rootkitted like anticrack, so we will leave the temp forums here for a while just as a precaution, so feel free so use them if you want.

I have to mention again: the hackers used NOT php or phpBB exploits, they exploited the *machine* directly!
Sure, it looks like they just replaced the index files, but on my machine they worked with root account.

Yes, but are you completely sure that the phpBB exploit wasn't the initial attack vector in any case? You can do a lot of fun local privilege escalation with arbitrary php command execution... Or have you positively identified the initial vulnerability that was used? (since I guess that we can assume that the root password to the server was not public knowledge to begin with?)

Ok, the win32asm board and the masmforum board have both been running stable for a while now, and they are also both supposedly running patched versions of phpBB (there seems to be a "bug" in phpBB 2.0.11 that makes the version marker still say 2.0.10 ), so I'm removing the temporary support forums for them over here for now. The anticrack temp forum will stay up until Anticrack itself is back online though.

Let's hope they are studying their server security issues as well as bugs in their board software.

Regards,