1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Forum under attack (again)

Discussion in 'Support' started by rconn, Sep 14, 2016.

  1. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    10,026
    Likes Received:
    84
    For some inexplicable reason, the hackers are after the JP Software forums again (> 114,000 attempted admin logins since last night). They didn't manage to get in, but they did manage to get almost all of the CloudFlare access points blocked by the security module, so nobody else could get in either.

    I've unblocked everything, so there shouldn't be any issues for now. (Let me know if you see any problems.)

    I hate to resort to blocking entire countries. But this combined with another attack on the blog last week has the Chinese sorely testing my patience ...
     
  2. MaartenG

    Joined:
    Aug 3, 2016
    Messages:
    355
    Likes Received:
    8
    Don't know which version of Xenforo this site is running on, but this: [title] might be the reason why there is now an attack: I guess they are targeting the forums they think don't have the patch installed.
     
  3. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    10,026
    Likes Received:
    84
    These forums are already running XenForo 1.5.10.
     
  4. MaartenG

    Joined:
    Aug 3, 2016
    Messages:
    355
    Likes Received:
    8
    OK, just trying to help. I know how stressing this must have been ...
     
  5. Charles Dye

    Charles Dye Super Moderator
    Staff Member

    Joined:
    May 20, 2008
    Messages:
    3,353
    Likes Received:
    39
    I think it's because "JP Software" in Chinese sounds similar to "Falun Gong". Or maybe "Dalai Lama".
     
  6. MaartenG

    Joined:
    Aug 3, 2016
    Messages:
    355
    Likes Received:
    8
    Hahaha :-)

    Most of the times they try to hack websites/forums like these, is to put references in to some shady casino / blue pills / free girls websites. These references are "hidden", so the webmaster wil not notice.

    But these will be picked up by Google and other bots scanning te site. Which in return will put them up in the search results. And when you google for "jp software", these shady sites will be shown first in the results. Something like spam 2.0.

    In these cases you can almost predict that it will happen: there will be new, unusual account(s) on the forum to scan the site "from the inside", to identify where to attack.

    But they also attack entire "frameworks", like vBulletin (family of Xenforo) or Typo3, because they know it's not up-to-date or just know a weakness.

    Edit: made it a little easier to read (bad wording..)
     
    #6 MaartenG, Sep 15, 2016
    Last edited: Sep 15, 2016

Share This Page