• PCF is an Amazon Associate and an eBay Partner. If you make a purchase through one of our links, we may earn a commission at no extra cost to you. Thank you for your support!

CPC's Chip Tool Site Hacked (resolved) (1 Viewer)

Status
Not open for further replies.
Tommy

Tommy

Royal Flush
Admin
Moderator
Supporter
Joined
Mar 23, 2013
Messages
17,990
Reaction score
43,102
Location
Delaware
CCA#
R-8577
Last edited:
What?! We need some site fortification by adding https to the design tool, and CloudFlare DDOS check. I know because I'm a computer science graduate.
 
andy699669 said:
What?! We need some site fortification by adding https to the design tool, and CloudFlare DDOS check. I know because I'm a computer science graduate.
Click to expand...

https is good but server brute force protection is very important which is most likely the culprit.
 
Tommy said:
The CPC chip tool site has been hacked. I have already contacted David about it. I am not exactly sure how the user registration/password data is stored. Until we hear from David, if you use the same login info for other sites, you should change your passwords just to be safe.
Click to expand...

Bastards. Don't they know I have very important chip design to do while I'm at work...On a serious note. This sucks. Hope this can be remedied without serious harm to anyone's assets/info.
 
Tommy said:
https is good but server brute force protection is very important which is most likely the culprit.
Click to expand...
Exactly. So, these will be needed after the site is back to normal:
1. HTTPS (due to logins)
2. DDoS Checking (to prevent DoS/DDoS)
3. Brute force protection
4. More secure hosting
5. Regular data backups
 
Might want to disable the link in the top menu bar until it's cleared up in case the hacker loaded some drive by malware on the page.
 
Maybe this is a stupid question, but where was the a login/password for the CPC design tool? I don't recall ever logging into it, just clicking in the link on the PCF toolbar and going directly into the tool.
 
Got a few PMs about this. Just FYI: The CPC chip tool is not hosted on PCF servers. PCF is not effected by this.


bentax1978 said:
Maybe this is a stupid question, but where was the a login/password for the CPC design tool? I don't recall ever logging into it, just clicking in the link on the PCF toolbar and going directly into the tool.
Click to expand...

In order to save your designs, you had the option of creating a login.

2018-05-02_10-25-30.jpg


Unless you cleared your browser cache (or logged out), it would auto log you in if you created a log in.

TheBigTater said:
Might want to disable the link in the top menu bar until it's cleared up in case the hacker loaded some drive by malware on the page.
Click to expand...

Working on that now. Thx.
 
Just tried to open the chip design tool and got this trojan message from Avast:

JS: Defacement-H [Trj]
 
IIRC, the CPC chip tool login system used the Google Sign-In API. If that is the case then its probably OK. The data would be stored on Google's servers. Its good practice to never use the same password on more than one site anyway so if you do (on any sites) change it.
 
Tommy said:
IIRC, the CPC chip tool login system used the Google Sign-In API. If that is the case then its probably OK. The data would be stored on Google's servers. Its good practice to never use the same password on more than one site anyway so if you do (on any sites) change it.
Click to expand...
Just a second while a memorize 100 new passwords.
 
I just checked out the page code with a sandbox system.
There are a few javascripts referenced - which however can't even load because the creator of the HTML code was too dumb to format the URLs correctly. The only external stuff being loaded from a questionable domain is the group logo and the background music. The photo slideshow stuff is all hotlinked from various news websites.

Apart from the link referencing fails, there are a ton of HTML coding errors. Apparently the creator has zero clue of HTML and just copypasted some shit together and prayed that modern browsers' compatibility modes would still display it in a halfway acceptable way.

"We are Hakers [sic] Algeria"

I call script kiddies that don't know more than how to use some pentesting software scraping the web for servers vulnerable to recent exploits to deface them. Probably safe to visit, but login data could still have been compromised.
 
User data is stored in a completely different location to the tool scripts and everything is encrypted.
I don't see any evidence of a hack and can't find anything not working??
 
Nex said:
Wipe your browser's cache and refresh.
Click to expand...

Done all that. No issues.
I've just created a new set and saved it no problem. Opened it and viewed the set on my phone no problem.
 
The site looks fine now. @David Spragg If you didn't do anything maybe the host detected it and restored a backup?

Everyone was getting this...

2018-05-02_12-22-35.jpg
 
  • Like
Reactions: Nex
Status
Not open for further replies.

Similar threads

Tommy
  • Locked
HOW TO: Two-step verification (2FA) Setup & Help
Replies
7
Views
1K
Tommy
Tommy
PocketAces
Regency Cruises (1984-1995): a brief history of ships and chips
Replies
19
Views
4K
GamingOre
GamingOre
dennis63
New Key West blue $1 chips are coming for a buck
Replies
1
Views
3K
ski_ex5
ski_ex5
Back
Top Bottom
Cart

Cart

Total -