Cockpit

* User Profile

Welcome, Guest. Please login or register.

Login with username, password and session length

Who's Online

  • *Users: 0
  • *Guests: 51
  • *Total: 51

Our Discord

Author Topic: Malicious Attack on website  (Read 4375 times)

Offline Bob Reed

  • Administrator
  • I am chained to this website!
  • *
  • Posts: 2,378
  • Bob the Builder!
  • First Name: Bob
  • Home Location: Holley, New York
Malicious Attack on website
« on: April 05, 2011, 02:22:08 PM »
Thanks to the script kiddies we had our work cut out for us today, but all is well again.
« Last Edit: April 06, 2011, 08:03:59 AM by Trevor Hale »

Offline fordgt40

  • I may as well be Staff!
  • *
  • Posts: 568
  • Aviation Enthusiast
  • First Name: David John Bullock
  • Home Location: Chelmsford UK
Re: Virus On Site
« Reply #1 on: April 05, 2011, 03:10:02 PM »
Well done and thanks for getting the "warning message" up - at least we knew it wasn`t us and something was in hand

Regards

David

Offline phil744

  • Forum GURU
  • *
  • Posts: 365
  • Panel Monkey
  • First Name: Philip Lambert
Re: Virus On Site
« Reply #2 on: April 05, 2011, 03:19:20 PM »
Nice one Bob, and Jack also for the email :)
---------------------------------------------------------------------
757-200, P3D, LD767,Arduino, panels by some british moron, pile of dead airplane parts and a hammer!

Yeah i got one of these facebook things too http://www.facebook.com/Simvionics

Offline blueskydriver

  • I am chained to this website!
  • *
  • Posts: 1,891
  • FSX/FS9 PM, PMDG737-700, FDSMIP/Overhead.etc
  • First Name: John
  • Home Location: WI
Re: Virus On Site
« Reply #3 on: April 05, 2011, 03:43:01 PM »
Did this propogate to CockpitBuilders' members? Each time of trying to log-in, it locked up the IE browser, and after terminating it, there were attempts to make changes to (using) Acrobat Reader.exe.

Normally, Acrobat Reader is not a part of CockpitBuilders as an requirement to use the site. After checking the Task Manager there were at least three-four instances of this exe file present. Terminated them all and that was it, but it still leaves the idea that something could happen and that it's related to this event.

Suggest everyone runs a full scan with Anti-Virus tonight, just in case...

BSD
« Last Edit: April 05, 2011, 03:44:33 PM by blueskydriver »
| FSX | FDS-MIP OVRHD SYS CARDS FC1| PM | PMDG 737-700 | UTX | GEX | UT7 | ASE | REX2 | AES | TSR | IS | TOPCAT | AvilaSoft EFB | OC CARDS & OVRHD GAUGES| SIMKITS | SW 3D Lights | FS2CREW2010 | FSXPassengers | Flight1 AE | MATROX TH2GO-D | NTHUSIM | 3-Mits EW230Ust Proj |

Offline Bob Reed

  • Administrator
  • I am chained to this website!
  • *
  • Posts: 2,378
  • Bob the Builder!
  • First Name: Bob
  • Home Location: Holley, New York
Re: Virus On Site
« Reply #4 on: April 05, 2011, 03:45:12 PM »
Did this propogate to CockpitBuilders' members? Each time of trying to log-in, it locked up the IE browser, and after terminating it, there were attempts to make changes to (using) Acrobat Reader.exe.

Normally, this Acrobat Reader is not a part of CockpitBuilders as an requirement to use the site. After checking the Task Manager there were at least three-four instances of this exe file present. Terminated them all and that was it, but it still leaves the idea that something is could happen and that it is related to this.

Suggest everyone runs a full scan with Anti-Virus tonight, just in case...

BSD

No it did not. It was not that kind of attack. All your systems are safe. I have shutdown the Cockpitbuilders mail server for the time being as the server is still under attack I am on it.
« Last Edit: April 05, 2011, 03:45:31 PM by Bob Reed »

Offline blueskydriver

  • I am chained to this website!
  • *
  • Posts: 1,891
  • FSX/FS9 PM, PMDG737-700, FDSMIP/Overhead.etc
  • First Name: John
  • Home Location: WI
Re: Virus On Site
« Reply #5 on: April 05, 2011, 04:06:58 PM »
Thanks Bob for fixing all of this.
It was odd how the AcrobatReader.exe kept trying to change things right when the page (browser) locked up, but then again it's IE8. Probably just something to do with IE and AcrobatReader; maybe a cookie fault.
Anyway, thanks again.
| FSX | FDS-MIP OVRHD SYS CARDS FC1| PM | PMDG 737-700 | UTX | GEX | UT7 | ASE | REX2 | AES | TSR | IS | TOPCAT | AvilaSoft EFB | OC CARDS & OVRHD GAUGES| SIMKITS | SW 3D Lights | FS2CREW2010 | FSXPassengers | Flight1 AE | MATROX TH2GO-D | NTHUSIM | 3-Mits EW230Ust Proj |

Offline jackpilot

  • Moderator
  • I am chained to this website!
  • *
  • Posts: 4,131
  • 737-800 Sim-Avionics/Full Cockpit FDS + OEM P3D V4
  • First Name: Jack
  • Home Location: Montreal / Canada
Re: Virus On Site
« Reply #6 on: April 05, 2011, 05:21:25 PM »
I ran a complete scan and all is OK.


Jack

Offline Bob Reed

  • Administrator
  • I am chained to this website!
  • *
  • Posts: 2,378
  • Bob the Builder!
  • First Name: Bob
  • Home Location: Holley, New York
Re: Virus On Site
« Reply #7 on: April 05, 2011, 05:23:26 PM »
All seems to be as it should at this time. I have restarted the the mail server and will continue to monitor it for the next few hours. I have also contacted the owner of the IP address that was at the heart of this.

Offline Trevor Hale

  • Administrator
  • I am chained to this website!
  • *
  • Posts: 3,854
    • Cockpitbuilders.com
  • First Name: Trevor
  • Home Location: New Liskeard, Ontario
Re: Virus On Site
« Reply #8 on: April 05, 2011, 06:23:17 PM »
As Bob has stated, we had one of our First Major attacks on the site early this morning. 
 
I would like to thank you all for your patience.  We have a great team behind Cockpitbuilders.com and if it wasn't for all of us contributing and pulling together when the $hit hits the fan, we wouldn't have such a great site.
 
I can only assume the reason for this kind of attack is "Jealousy". It just goes to show you that because we are getting bigger and better someone needs to try to ruin that.  These individuals can not and will not ruin the good thing we have going here.  It is our personal mission to stop as much of this as possible.  If we can keep them out, then we are doing our jobs right, and if not we all just need to work at it harder.
 
Thank you all again for reporting posts, and helping to keep us informed.

Fortunatly in this case we have the offenders IP address/addresses from this attack, and will continue to follow up with our internal investigation in conjunction with the proper authorities.
 
Best regards to you all, and lets get the discussion back to building cockpits.
 
Trev
Trevor Hale

Owner
http://www.cockpitbuilders.com

Director of Operations
Worldflight Team USA
http://www.worldflightusa.com

VATSIM:

Offline Bob Reed

  • Administrator
  • I am chained to this website!
  • *
  • Posts: 2,378
  • Bob the Builder!
  • First Name: Bob
  • Home Location: Holley, New York
Re: Virus On Site
« Reply #9 on: April 05, 2011, 06:29:17 PM »
Let me explain a little further as to what happened. We DID NOT HAVE A VIRUS! What we had was an imbedded redirect to a site with reported mailware. The redirect is gone. So all are safe.

Offline jackpilot

  • Moderator
  • I am chained to this website!
  • *
  • Posts: 4,131
  • 737-800 Sim-Avionics/Full Cockpit FDS + OEM P3D V4
  • First Name: Jack
  • Home Location: Montreal / Canada
Re: Virus On Site
« Reply #10 on: April 05, 2011, 10:19:51 PM »

Great crew here!
Top "cockpit management"
Thanks guys!
 :D


Jack

Offline Sean

  • Forum GURU
  • *
  • Posts: 413
  • Making Progress...!
  • First Name: Sean
  • Home Location: Newcastle upon Tyne, UK
Re: Virus On Site
« Reply #11 on: April 06, 2011, 03:12:41 AM »
I don't know if it's a coicidence, but I got a warning about a rogue .exe file. It's the first I've had in I can't remember how long, so am thinking it might be related.

Sean

Offline Bob Reed

  • Administrator
  • I am chained to this website!
  • *
  • Posts: 2,378
  • Bob the Builder!
  • First Name: Bob
  • Home Location: Holley, New York
Re: Virus On Site
« Reply #12 on: April 06, 2011, 07:58:27 AM »
It's just a coincidence. Attacks are heavy from all sources, on anyone using the internet right now. I keep getting shipping notices from  DSL, UPS and USPS. I am not waiting for any packages! So what do we think that is? Oh yes and all of them have a file attached.

 

COUNTDOWN TO WF2019


WORLDFLIGHT TEAM USA

Will Depart in...

Recent Posts

Official WF 2019 Route
by dougsnow
[Today at 07:49:35 PM]
737-800 Front window post size
by kurt-olsson
[Today at 01:19:13 PM]
Worldflight 2019 Open for Business
by Trevor Hale
[Today at 08:28:13 AM]
More ?'s - annunciators?
by kattz
[Today at 05:44:21 AM]
Hi everyone!
by fsaviator
[August 20, 2019, 01:29:02 PM]
Looking for annunciators
by kattz
[August 19, 2019, 10:36:39 PM]
OK, So here we go!
by Caflyt
[August 19, 2019, 02:32:28 PM]
Flight Illusion Boeing Press Gauge for sale
by XOrionFE
[August 19, 2019, 08:40:35 AM]
Shell placement and yoke placement questions
by helloo
[August 18, 2019, 02:37:26 PM]
panel sismo oh
by gufau
[August 17, 2019, 04:17:00 AM]
My next sim?
by fsaviator
[August 16, 2019, 06:54:51 PM]
What have you done for your simulator today?
by blueskydriver
[August 14, 2019, 10:35:26 AM]
Shipping Woes
by Ed
[August 13, 2019, 11:55:37 AM]
Looking for gear lever from 747-400, 757
by navymustang
[August 13, 2019, 10:05:44 AM]
Quick way to attach low res/smaller file size pics in your posts...
by Vincent T.
[August 12, 2019, 09:58:46 PM]
Cant post attachments from my iphone
by Trevor Hale
[August 12, 2019, 09:26:08 AM]
For Sale: Engravity 737 Window Frames
by Caflyt
[August 11, 2019, 05:02:28 PM]
737-800 Arduino X-Plane Build
by kurt-olsson
[August 10, 2019, 01:43:57 PM]
Help identifying a connector
by kurt-olsson
[August 10, 2019, 10:59:31 AM]
items/oem from overhead
by gufau
[August 09, 2019, 12:06:59 PM]
For Sale GoFlight Jet Console, 2 Private Pilot Racks all with GoFlight Modules.
by blueskydriver
[August 08, 2019, 09:40:02 PM]
Flightdeck Solutions Works with X-Plane11
by Michael_B737_ATP
[August 07, 2019, 02:59:21 PM]
Boeing Dual Linked Yokes for sale
by tennyson
[August 07, 2019, 07:34:58 AM]
CPFLight Backlighting
by mickc
[August 05, 2019, 10:09:53 PM]
Three Projector 210 degree with P3D4
by Nat Crea
[August 03, 2019, 08:36:50 PM]
Looking for part numbers from the 737 NG IPC
by mickc
[August 02, 2019, 11:20:49 PM]
WF2019
by Sam Llorca
[August 02, 2019, 09:22:56 PM]
Teensy LC Fuel Panel A (top)
by bernard S
[August 02, 2019, 06:09:00 PM]
737 overhead
by nigel27
[July 28, 2019, 11:50:47 PM]