You are not logged in. [Log In] HRMS Aces - The Online HRMS Community » Forums » Important Messages » News » So we got hacked then....
Register User    Forum List        Calendar     Active Topics     FAQ
Who's Online
0 registered (), 2 Guests and 5 Spiders online.
Key: Admin, Global Mod, Mod
Recent Posts
In which table is external learning data stored
by DMC
Yesterday at 03:43 PM
Pension Auto Enrolment
by CT
Yesterday at 09:46 AM
Vehicle Mileage Setup
by Shyam
Yesterday at 06:45 AM
11.5.10 "Extended Support" extended til..... when?
by Vigneswar Battu
17/05/12 10:59 AM
Hacking element definitions
by CT
15/05/12 08:42 AM
GB EOY reports
by Vigneswar Battu
09/05/12 02:07 PM
Oracle Payroll and Cash Management
by Vigneswar Battu
08/05/12 03:08 PM
BG setup/changes - brain dump
by Ryan
05/05/12 07:20 PM
Fusion Collateral
by CT
04/05/12 11:09 AM
BEE - ordering Batch lines
by Vigneswar Battu
03/05/12 04:22 PM
Top Posters (30 Days)
delboy 37
CT 35
Vigneswar Battu 15
pat.woodall 9
bcooper 4
Mani 3
7Giri 3
Gus 3
Ryan 3
SBi 2
(Views)Popular Topics
Family Pack K issues thread 20107
CREATE_GRADE api returns:PLS-00306: wrong number o 15174
Still trying to locate... 13817
Creating hr jobs ORA-20001: HR_289477_JOB_GROUP_ID 11848
Viewing Output of another user 10266
HR_PF.K RUP4 10240
Review of my Release 12 laptop 9703
Enhanced Retro & Release 12 9375
Adding a taskflow button to a form 9111
Family Pack K 7882
Topic Options
Rate This Topic
#2087 - 24/05/06 06:25 PM So we got hacked then....
Administrator Offline
It's all my fault

Registered: 20/08/05
Posts: 111
Loc: Omnipresent
Firstly my thanks for Clive for the early alert to the hacking incident.

It would appear that someone managed to upload a replacement default page onto the host that catches the hrmsaces.co.uk and hrmsaces.com redirects.<img src="/ubbthreads/images/graemlins/sekret.gif" alt="" />

First concerns were that the password for the secure shell had been compromised, but htis does not appear to be the case.

It would seem that whomever did this has exploited a security hole in the technology stack used by this site (Apache/PHP/mySQL).

Hey ho, life goes on.
We will endeavour to plug the holes whilst awaiting the proposed bulletin board framework upgrade, which is due to take place sometime in august.

apologies for the incident, and thank you for staying with us.
<img src="/ubbthreads/images/graemlins/jump.gif" alt="" />
_________________________
I'm only trying to help

Top
#2088 - 26/05/06 09:46 AM Re: So we got hacked then.... [Re: Administrator]
bcooper Offline

Guru
*****

Registered: 11/03/05
Posts: 1112
Loc: Earth, Europe, England, here
As an update to this incident, it would seem that in excess of 21,000 websites were hacked in the same incident, by a well known band of Turkish hackers!

For those that are of a curious nature, details can be found here...
Mass hacking incident

In the mean time, I am planning to upgrade the forum software to an interim release that fixes many of the security 'flaws' that are present. This will then provide a step-stone to a full revamp scheduled in the summer.


Edited by bcooper (26/05/06 09:48 AM)
_________________________
HCM Aces is for sale! Please contact me if you are interested.
Also my random musings courtesy of Twitter

Top



Moderator:  Administrator 
Forum Stats
790 Members
48 Forums
1580 Topics
7641 Posts

Max Online: 67 @ 14/04/12 05:38 PM
Today's Birthdays
No Birthdays
Recent vacancies
Top Posters
CT 1182
bcooper 1112
delboy 594
Geoff Dixon 369
SBi 356
vkumar 223
kp_rapolu 213
cbrookes 197
Gavin Harris 163
Gus 145
May
Su M Tu W Th F Sa
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Privacy statement · Board Rules · Mark all read
Contact Us · HRMS Aces - The Online HRMS Community · Top