WHO managed to take the WEB-Site down?

For other topics related to the FreeBASIC project or its community.
MrSwiss
Posts: 3259
Joined: Jun 02, 2013 9:27
Location: Switzerland

WHO managed to take the WEB-Site down?

Postby MrSwiss » Dec 29, 2015 17:34

Hi all,

today the whole FreeBASIC-WebSite was taken down ...
Does anybody have any Information on the Issue?

regards MrSwiss
dkl
Site Admin
Posts: 3209
Joined: Jul 28, 2005 14:45
Location: Germany

Re: WHO managed to take the WEB-Site down?

Postby dkl » Dec 29, 2015 18:42

Hi,

the freebasic.net frontpage (using Drupal) was infected with malware. Some malicious Javascript was embedded to the HTML pages generated by it. It looked like this:
https://blog.sucuri.net/2015/11/jquery- ... sites.html

It was reported by a user on IRC and also by coderJeff via email.

So I removed the Drupal stuff from the server for now. The forum and wiki are back again though as they were not affected; at least I didn't find the injected JS there.

The installed Drupal version was 7.22, i.e. outdated, which I guess is what allowed the infection. I've tried installing the latest 7.41 and 8.0.1 Drupal, but failed in both cases (8.x required a fresh database which I didn't want to do yet because it means remaking the website, although it's probably just a "few" hours of work to do that; and 7.41 caused the server to return binary "garbage" instead of HTML text, and I have no idea what's going on there).
srvaldez
Posts: 2108
Joined: Sep 25, 2005 21:54

Re: WHO managed to take the WEB-Site down?

Postby srvaldez » Dec 29, 2015 20:22

albert reported that FBedit that he downloaded from the sourceforge was infected by a virus viewtopic.php?f=3&t=24228
I have not confirmed that claim but the FBedit homepage is blank http://fbedit.freebasic.net
could someone look into this?
Imortis
Moderator
Posts: 1629
Joined: Jun 02, 2005 15:10
Location: USA
Contact:

Re: WHO managed to take the WEB-Site down?

Postby Imortis » Dec 30, 2015 1:27

srvaldez wrote:albert reported that FBedit that he downloaded from the sourceforge was infected by a virus viewtopic.php?f=3&t=24228
I have not confirmed that claim but the FBedit homepage is blank http://fbedit.freebasic.net
could someone look into this?


This is a false positive. Many Anti-viruses pick up FBC compiled code as viral for some strange reason. I can confirm that compiling FBEdit from source will get the same false positive.
srvaldez
Posts: 2108
Joined: Sep 25, 2005 21:54

Re: WHO managed to take the WEB-Site down?

Postby srvaldez » Dec 30, 2015 2:52

thank you Imortis :)
Tourist Trap
Posts: 2762
Joined: Jun 02, 2015 16:24

Re: WHO managed to take the WEB-Site down?

Postby Tourist Trap » Dec 30, 2015 10:46

Imortis wrote: Many Anti-viruses pick up FBC compiled code as viral for some strange reason.

Some antivirus like Norton love targetting free/opensource projects. It had been denounced many times in the past, in particular by SpyBot developper (say 10 years ago). Personnally if one has to pay, I would recommend kaspersky for its policy in this matter is better, and the tools dedicated to network are very sharp. Yet many free tools exist for packet survey but less user-friendly (kind of free stuff can be found if searched in relation with forensic domain).

dkl wrote:although it's probably just a "few" hours of work to do that

Hi dkl, few hours+ few hours + few hours, I think you desserve postponing this duty a little and enjoy some rest in those last days of the year. Even if it's really bad luck what's happening with the server.
St_W
Posts: 1476
Joined: Feb 11, 2009 14:24
Location: Austria
Contact:

Re: WHO managed to take the WEB-Site down?

Postby St_W » Jan 04, 2016 13:35

dkl wrote:The installed Drupal version was 7.22, i.e. outdated, which I guess is what allowed the infection. I've tried installing the latest 7.41 and 8.0.1 Drupal, but failed in both cases (8.x required a fresh database which I didn't want to do yet because it means remaking the website, although it's probably just a "few" hours of work to do that; and 7.41 caused the server to return binary "garbage" instead of HTML text, and I have no idea what's going on there).

Major Drupal Versions are incompatible. Drupal 8 was released just a few weeks ago and many modules haven't been ported to Drupal 8 yet. I recommend staying with Drupal 7 as of now.

When manually updating to a newer minor version (e.g. 7.22 to 7.41) be sure to run "update.php" to update the database. Also look for updates for the installed non-Drupal-Core-modules in the modules directory and themes in the themes directory.

For Drupal maintenance I highly recommend using drush. You can run "drush up" to update the drupal core and modules. See http://drushcommands.com/drush-7x/pm/pm-update/ for more information about this.
counting_pine
Site Admin
Posts: 6172
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: WHO managed to take the WEB-Site down?

Postby counting_pine » Jan 04, 2016 19:57

While Drupal is down, would it make sense to redirect freebasic.net/ to the forum? Not ideal, but it's probably where people go most of the time anyway.
fxm
Posts: 9177
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Postby fxm » Jan 04, 2016 20:02

Yes but from forum, there is no link to access wiki!
counting_pine
Site Admin
Posts: 6172
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: WHO managed to take the WEB-Site down?

Postby counting_pine » Jan 04, 2016 20:16

No official link, you mean. I imagine that's probably something that could be done as well though.
fxm
Posts: 9177
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Postby fxm » Jan 04, 2016 20:28

St_W
Posts: 1476
Joined: Feb 11, 2009 14:24
Location: Austria
Contact:

Re: WHO managed to take the WEB-Site down?

Postby St_W » Jan 04, 2016 21:07

Would it be that hard to put a static HTML page there with the FreeBasic logo and links to the sourceforge, the forum, the wiki, github and maybe some others I've missed?
counting_pine
Site Admin
Posts: 6172
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Re: WHO managed to take the WEB-Site down?

Postby counting_pine » Jan 08, 2016 18:58

It's probably easier to put links in the forum header than to create a reasonably professional looking static page.
dkl
Site Admin
Posts: 3209
Joined: Jul 28, 2005 14:45
Location: Germany

Re: WHO managed to take the WEB-Site down?

Postby dkl » Jan 08, 2016 19:07

By the way, I've put a static index.html there for now. That's the best I could do this week...
fxm
Posts: 9177
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: WHO managed to take the WEB-Site down?

Postby fxm » Jan 09, 2016 13:34

dkl wrote:By the way, I've put a static index.html there for now. That's the best I could do this week...

A hacker has added a link to a XXX picture with a link to ...:
The link http://www.freebasic.net/index.html is OK but not the link http://www.freebasic.net/ (or http://www.freebasic.net/index.php).

Return to “Community Discussion”

Who is online

Users browsing this forum: No registered users and 22 guests