Hacking attack

[Mark Thomas]

The site was hacked at around 16:00 British time on Sunday 12 September. The hacker copied files to another part of the web space but did not interfere with the Forum files in any way. No infection was introduced as the files copied were part of a phishing scam. Targets of the scam, not UC members, were sent emails purporting to come from VISA and were directed to a fake VISA site, which comprised the copied files hosted by UC. The scam was detected by an anti-phishing watchdog at around 11:00 British time on Monday 13 September, which contacted the company hosting unsungcomposers.com. They suspended the site and emailed me. Unfortunately I was away from the computer all day yesterday and so did not read the email until this morning. The problem was quickly resolved with the host company and the site was reactivated.

The password for accessing the site's files has been changed, all the files added by the hacker have been removed. The hacker also added a database to the site's set of MySQL databases. Obviously, this has also been removed, but that cleaning process reverted the databases to their pre-attack state. So, any posts made or new members who joined after about 16:00 on Sunday will have been lost. I'm very sorry about that but it was unavoidable.

[albion]

Mark, many thanks for the information regarding this unfortunate and despicable intrusion upon our web-space - I initially thought the account had been suspended because somebody had forgotten to put the fifty-pence in the meter.

[jerfilm]

Yes, thanks for the repairs.  I thought maybe I'd said something to offend someone and couldn't imagine what it might have been......I do occasionally get outspoken in my old age.....

[thalbergmad]

This is very strange, as about the same time my e mail account was hijacked and a link advertising "erection" pills was sent out in my name to everyone in my mailbox.

I could not access my own e mails and had to have a reactivation pass number sent to my mobile by google which i then used to change my password.

When i later tried to log in here, i saw "account suspended" and assumed that i have been banned as a few members here would have received the fake e mails.

Massive apologies to anyone who received this. It was not me.

Thal

[Peter1953]

I'm very happy to learn that you actually didn't want to sell me those strange tablets, Thal. 

More seriously, I'm very pleased, Mark, that my favourite website is repaired so soon!

[thalbergmad]

Yeh, I'm glad too.

I was sure i had been banned for spamming offences or liking Herz.

I have a reluctant admiration for people who can do things like this.

Apologies to Alistair Hinton, Gareth Vaughan and Mike Spring if this rubbish bypassed their spam filters.

Thal

[Mark Thomas]

Unfortunately, a "fast buck" is usually at someone else's expense. This time we were lucky and no harm was done to the site.

[JimL]

Yeah, but...didn't we have to move from the Raff Society to the current site for precisely this reason?  I'm kind of disappointed that even with the ostensibly improved security on our current server this still could have happened.  At least no irreparable damage was done, which may be the main benefit afforded by our current ISP.

[Mark Thomas]

Only last week I removed around 200 members who had registered and then not posted within 50 days of registering. Not to be complacent, but this seems to me pretty good evidence that the software's anti-spam routines are working. They may be able to register, but they're prevented from posting.

The problem this time was nothing to do with holes in the software's security. Somehow a hacker got access to the general web space and copied files there. It could be that they hacked into the host's database and found passwords which allowed ftp access. I don't know. I have strengthened the password to one more secure than that which the host provided, and am investigating if there is anything more which I can do, but frankly I doubt it. These things are one of the crosses which we have to bear. Heck, if even the US Military's own computers aren't secure from hacking, what chance have we?