Matthew and his crew from Blend Swap had a bad weekend as they found out their site was hacked.
Matthew writes:
So over the weekend we received notice from our host and Google that our site had been compromised. After further investigation we found that spammers where cloaking off our website. Upon finding this out we immediately took the site offline and started trying to fix the issue, this involved resetting admin passwords, resetting database usernames and passwords, a complete wordpress reinstall and turning off the sites more advance features including AJAX dependent features, like the downloads serving scripts that became broken for a reason still unknown to us.
If you're good with WordPress/PHP/MySQL security, they could use YOUR help! Read the full article for more information.
Link
19 Comments
Ouch... this is sad
I hope Matthew and the gang will fix it up soon
Keep up the good work guys
Those hackers are paid by Autodesk for sure ... :D
To hack commercial or government sites may give to somebody weird satisfaction (??? does it really ???). But free and OS software or community site? That's absolutely stupid!
The first thing I would do in my opinion, is to get away from WordPress towards something custom or something like Drupal.
+1 for Drupal. Everything, and I mean EVERYTHING, is then in your hands. We all know what FOSS's like anyway :)
Hey guys,
Thanks for the support we are working on this as fast as we can. Hopefully we will find out what is causing our issues soon. But there are a lot of lines of code to go through, if anyone is an expert in this area your help would be greatly appreciated. We are far beyond the simple stuff though, into going through code line by line looking for vulnerabilities. Again thanks for all the support it means a lot when your faced with issues like this. Rest assured Blend Swap is not going anywhere.
matthew/mofx
Harsh, but I am sure you can overcome.
I fail to see what 'something custom' or 'drupal' will bring.
Sony's recent and much publicized 80mil user hack was against 'something custom'
Drupal is just another CVS.
WordPress has a great community and many users who don't have these issues, so it is hardly fair to blame the software.
I would suggest running a good penetration test on your site to see where the holes are, rather than trying to find the holes by looking at your code. Do your logs give you any forensics?
Harsh, but I am sure you can overcome.
I fail to see what 'something custom' or 'drupal' will bring.
Sony's recent and much publicized 80mil user hack was against 'something custom'
Drupal is just another CVS.
WordPress has a great community and many users who don't have these issues, so it is hardly fair to blame the software.
I would suggest running a good penetration test on your site to see where the holes are, rather than trying to find the holes by looking at your code. Do your logs give you any forensics?
Good luck with fixing the site.
This is like egging the house of the old women who gives out the best candy on beggars night. What gives?
I prefer using the term "crackers" or "attackers" instead of "hackers". Honestly, I didn't understand the title of this post at first because the whole FOSS community is built on hacking (in the "coding" sense).
i am shocked and concerned about that...
maybe it is only a test... to test, how to get access to the source code, to manipulate it without control/remark or to infect the builds of blender programs. because blender is a quite popular program - so blender is getting more and more a popular target for such attacs...
hopefully that will never happen to
http://www.blender.org, http://www.graphicall.org, and all the other blender sites in the future.
... am i an alamist... :/
+1 Majid
This is really unfortunate, but hopefully they will learn and grow from the event.
Also, Blender Cookie did an interview with them not too long ago for those interested. http://www.blendercookie.com/2011/06/07/interview-blendswap-com/
Sorry to say, but if they're sending spam, they have penetrated harder than just PHP/MySQL. You need to format, and reinstall your OS. That's the ONLY way to know for sure you're cleaned up for good.
Learned this in Linux System Administration. Hackers can hide in all sorts of clever ways, you REALLY do need to format, reinstall.
Is it just me, or can I now edit ANYONE'S comments? Was I randomly turned into an admin or something?
@Majid +1
Ya, I prefer Crack over Hack, Blame Matthew for that word lol
@Tynach, We don't own the server, so we can't just reinstall the whole thing, We did, however, clean up the whole site's root and pretty much started over with WP from zero (except for rebuilding the entire database, of course.).
I'm a features coder and not a security expert myself so any help from any of you guys is very welcome, I have made my code as secure as possible, but you never know.
Any Hacker interested in helping us out is more than welcome.
Thanks for your support, people, today's been a very busy day for us and for the server too, just today, because of this article and the Blender Cookie feature we broke downloads records. That's what keep us going :)
Hey Bart,
I think I could help. I work with PHP and WordPress and I've dealt with cleaning up hacked sites before. I'm also very useful at MySQL.
Also, I'd advise not moving to Drupal. I inherited a drupal site in work and I have to manage/maintain it and it's a nightmare. It also is not secure at all. You'd be better off putting in the effort to secure the WordPress site once it's repaired, which I could also help with.
Kevpatts
I've been coding HTML since 1995.
Drupal is not a nightmare as Kevpatts suggests. It's a php framework and so if you hack away at it, like if you hack away at any program, it will suck. Don't hack it, learn the right way to customize it and then tap into the community of thousands and thousands of developers. The Drupal community is like the Blender community, and that says a f!#@in' hell of a lot.
Anyway, with that said, you can pay $100 a year to Drupalgarden.com and you'll never have to worry about any of this bulls@#$. You get an online site builder that is the craziest easiest web editor I've ever used in 16 years of web design. They put you on a cloud with automatic throttling. They do all the server work and they do all security updates. Adding external or uploading your own videos, audio, and images is all taken care of through hella easy and fast point and click interface. All comments and forum posts are protected from spam automatically by Mollom. If someone finds a bug, you just report it to Drupalgardens and they deal with it while you drink coffee and create beautiful Blender art.
The list goes on and on. I don't get paid for writing this. I'm just telling everyone about my other favorite open-source project. I love Blender. I love Drupal. I love GIMP. I love Inkscape. I love Linux. I love you.
Peace!
It sounds like somebody who might just be offended by your free products! I am very sorry this has happened to you guys and I hope you get back up and running. As for all the comments about, what you can do to stop this from ever happening again, I think we all know there is nothing you can do to stop hackers. If it is on the net it can be hacked. If the motive is there it will be done, which makes me believe this was supported by somebody that feels threatened by your service.
If you need any help with anything let us know how we can help. I have used your service and appreciated it many times and would be more than willing to help out when I can.
"I think we all know there is nothing you can do to stop hackers." -MMortal
I would like to point out that the way to stop some hackers is report the attacks at:http://www.ic3.gov/
"IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime."
A lot of hackers are really dumb and they aren't that hard to catch.