You are not logged in. [Log In] HRMS Aces - The Online HRMS Community » Forums » Important Messages » News » So we got hacked then....
Register User    Forum List        Calendar     Active Topics     FAQ
Who's Online
0 registered (), 3 Guests and 5 Spiders online.
Key: Admin, Global Mod, Mod
Recent Posts
Update EIT in SSHR
by Sahir
03:45 PM
End of Year Legislation Patch for 11i
by delboy
01:35 PM
Interfacing iRec and external sites
by DanC
11:42 PM
Capturing, Storing, & Paying Banked Overtime
by Paul
08:51 PM
Time and Labour & Oracle Projects
by Paul
07:34 PM
Search Engine Optimizers
by delboy
01:30 PM
Abseces in oracle hrms, super user: how to do I:
by JayTee
07:26 AM
Function for getting retropay-maintained balances
by CT
08/02/12 12:21 PM
Grade End Date
by Chris
03/02/12 10:46 AM
OLM Mandatory Enrolments
by bcooper
01/02/12 12:23 PM
Top Posters (30 Days)
CT 26
delboy 25
bcooper 15
Sahir 5
Gus 5
tovia123 4
Tim Bailey 3
christm 3
SBi 3
Simon_Mc 3
(Views)Popular Topics
Family Pack K issues thread 18216
CREATE_GRADE api returns:PLS-00306: wrong number o 13757
Still trying to locate... 12193
Creating hr jobs ORA-20001: HR_289477_JOB_GROUP_ID 10646
Viewing Output of another user 9131
HR_PF.K RUP4 8841
Review of my Release 12 laptop 8494
Adding a taskflow button to a form 7855
Enhanced Retro & Release 12 7679
Family Pack K 7116
Topic Options
Rate This Topic
#2087 - 24/05/06 05:25 PM So we got hacked then....
Administrator Offline
It's all my fault

Registered: 20/08/05
Posts: 110
Loc: Omnipresent
Firstly my thanks for Clive for the early alert to the hacking incident.

It would appear that someone managed to upload a replacement default page onto the host that catches the hrmsaces.co.uk and hrmsaces.com redirects.<img src="/ubbthreads/images/graemlins/sekret.gif" alt="" />

First concerns were that the password for the secure shell had been compromised, but htis does not appear to be the case.

It would seem that whomever did this has exploited a security hole in the technology stack used by this site (Apache/PHP/mySQL).

Hey ho, life goes on.
We will endeavour to plug the holes whilst awaiting the proposed bulletin board framework upgrade, which is due to take place sometime in august.

apologies for the incident, and thank you for staying with us.
<img src="/ubbthreads/images/graemlins/jump.gif" alt="" />
_________________________
I'm only trying to help

Top
#2088 - 26/05/06 08:46 AM Re: So we got hacked then.... [Re: Administrator]
bcooper Offline

Guru
*****

Registered: 11/03/05
Posts: 1095
Loc: Earth, Europe, England, here
As an update to this incident, it would seem that in excess of 21,000 websites were hacked in the same incident, by a well known band of Turkish hackers!

For those that are of a curious nature, details can be found here...
Mass hacking incident

In the mean time, I am planning to upgrade the forum software to an interim release that fixes many of the security 'flaws' that are present. This will then provide a step-stone to a full revamp scheduled in the summer.


Edited by bcooper (26/05/06 08:48 AM)
_________________________
HCM Aces is for sale! Please contact me if you are interested.
Also my random musings courtesy of Twitter

Top



Moderator:  Administrator 
Forum Stats
756 Members
48 Forums
1517 Topics
7286 Posts

Max Online: 63 @ 24/11/10 07:21 AM
Today's Birthdays
No Birthdays
Recent vacancies
Tea boy available 4 basic chores & some! services
by Simon_Mc
19/01/12 03:59 PM
Top Posters
bcooper 1095
CT 1080
delboy 500
Geoff Dixon 369
SBi 344
vkumar 223
kp_rapolu 213
cbrookes 197
Gavin Harris 160
Gus 132
February
Su M Tu W Th F Sa
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29
Privacy statement · Board Rules · Mark all read
Contact Us · HRMS Aces - The Online HRMS Community · Top