elephant in the room

**saustin** · 01-13-2024, 09:12 AM

Originally Posted by Lovinglifeinaustin

Sorry. I don't understand.
Vbulletin announced an upgrade just last month. But I?ve also seen chatter on the interwebz that the program is dead.

The footer on each OH2 says "Hide Hack By vFCoders." I infer they provided customization for Hide tags, ROS, other features. That customization would need to be reapplied to any new Vbulletin version. Clicking the link to VFCoders.com took me to StripChat. That custom code is likely a distant memory. I expect something similar led to the demise of ASPD.

**AlexandraSand** · 01-13-2024, 01:59 PM

I would pay too.
Thank you moderators.

Now, let's all go to the social party and get connected in-real-life and say thank you to CK in-person.

**whatever7777** · 01-14-2024, 06:33 PM

the js looks corrupted

**SexySammy** · 01-14-2024, 06:53 PM

Originally Posted by whatever7777

the js looks corrupted

If it was LE they would just shut it down. It's some pissed off client who probably got banned.

**petiteplsr** · 01-30-2024, 12:46 AM

I would gladly pay a small monthly fee.. whatever it takes to keep this site free from any future harm & gladly contribute so it’s fixed.
Thank you moderators. & ck .. for making this the safest site I know … and a community that we all most certainly love. I know I do !

**Morgan Baby** · 01-31-2024, 11:22 AM

I would pay a monthly fee as well.. This is my go-to site.. I love oh2?

Is that something that is up for discussion?

I adore the Oh2 admin.. It?s the best site ever.. We just need it back up and running smoothy.

**GeorgeDRII** · 01-31-2024, 01:10 PM

Kind gestures of offers of pay. But that's not what's needed. The most important thing that's needed from everyone is simply everyone's strong will of patience.

**Tx-gentleman** · 02-01-2024, 10:14 PM

Hello, I've been doing front end and back end development for 20 years. Reach out if you need advice/assistance.
Have y'all conducted any forensics to determine if user credentials and related info have been compromised?

Originally Posted by ck1942

Truth(s) be told:

-- Hackers and ddos interruptors continuously attacking the site and the host. The data bases are intact but not always easily accessible. We have backups elsewhere, fwiw.

-- our vBulletin software is at end of life and cannot be upgraded. Migrating to a new OS has been investigated but nothing successful nor solid have been found as yet.

-- starting a new website is easy to imagine, not that easy to build much less to properly host, and properly protect, but it is our next action.

Meanwhile, restoration and repair efforts continue and your patience is appreciated.

**corona** · 02-02-2024, 12:02 AM

DDOS attacks are the hosts problem. If they can't mitigate or protect from it, find another host. But, what the fuck do I know...

**mathguy** · 02-12-2024, 12:23 PM

Originally Posted by corona

DDOS attacks are the hosts problem. If they can't mitigate or protect from it, find another host. But, what the fuck do I know...

No you're exactly correct there. Actually I find it quite odd that someone is able to affect any sort of performance penalty on the site using a DDOS vector. The host is absolutely at fault there and they need to look at moving to a more robust and secure provider.

**saustin** · 02-13-2024, 08:21 AM

"A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination." https://www.cloudflare.com/learning/...rnet%20traffic.

That doesn't explain the broken buttons, (https://home.ourhome2.net/showthread...karound-thread) or the sudden 403 Forbidden response to threads with special characters in the title.

**AlexandraSand** · 02-13-2024, 09:14 AM

OMG!

Mathguy, good seen you again!

**mathguy** · 02-14-2024, 10:29 AM

Originally Posted by AlexandraSand

OMG!

Mathguy, good seen you again!

Thanks Alexandra!

Originally Posted by saustin

"A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination." https://www.cloudflare.com/learning/...rnet%20traffic.

Basically, yes, this is correct.

Originally Posted by saustin

That doesn't explain the broken buttons, (https://home.ourhome2.net/showthread...karound-thread) or the sudden 403 Forbidden response to threads with special characters in the title.

Also very correct. However the other hacks are likely injection attacks to the db, or cross site scripting, code injecting, plugin vulnerability attack, or simply phishing/social engineering... which ended up causing these other unusual site behaviors.

The general behavior of a successful denial of service attack is simply for the site to not be able to respond and cause various timeouts, unloaded pages, slow loading pages, forbidden or not found requests, etc....

My guess is that the site provider has relatively weak router perimeter security (in general) and little to no DDoS mitigation plan or services in place (which allowed for an easy DDoS attack). They also likely phished for data to get admin logins, or found a plugin vulnerability, or a security hole allowing for code or db injection.

**SexySammy** · 02-14-2024, 06:10 PM

Originally Posted by mathguy

Thanks Alexandra!

Basically, yes, this is correct.

Also very correct. However the other hacks are likely injection attacks to the db, or cross site scripting, code injecting, plugin vulnerability attack, or simply phishing/social engineering... which ended up causing these other unusual site behaviors.

The general behavior of a successful denial of service attack is simply for the site to not be able to respond and cause various timeouts, unloaded pages, slow loading pages, forbidden or not found requests, etc....

My guess is that the site provider has relatively weak router perimeter security (in general) and little to no DDoS mitigation plan or services in place (which allowed for an easy DDoS attack). They also likely phished for data to get admin logins, or found a plugin vulnerability, or a security hole allowing for code or db injection.

One thing is for sure, it seems personal and highly unlikely to be LE (as they would just shut it down, not fiddle-fuck with the coding in layman's terms lol)

Thread: elephant in the room

Thread Tools

Display

Posting Permissions