Provide Feedback About This Website

Author	31/12/14 Chockstone spam-hack-attack
ajfclark 12-Jan-2015 7:11:12 AM	Looks like one of Steve's ads is broken again? Also the gallery picture has weird code in it again? Have people been playing funny buggers with the site again?
IdratherbeclimbingM9 12-Jan-2015 10:04:11 AM	On 12/01/2015 ajfclark wrote: >Looks like one of Steve's ads is broken again? > >Also the gallery picture has weird code in it again? > >Have people been playing funny buggers with the site again? Gallery pic is blank for me, and when I go into the sub folder gallery/more the first page is incorrectly formatted & pics don't come up for the remainders. I will send Mike a text message to see if he is aware of it.
IdratherbeclimbingM9 12-Jan-2015 11:04:56 AM	The hack has definitely reoccurred as paydayloan crapscript is within title of PM replies and also at tail of the PM message body. Mike has not yet acknowledged the text I sent him ... I suspect Chocky will go offline while being fixed and a backup restore may be required, in which case we may lose todays posts...
IdratherbeclimbingM9 12-Jan-2015 4:46:05 PM	Update. Mike thinks he has sorted the re-hack issues. He doesn't think they are targeting Chocky directly but rather are throwing their code out onto the net to exploit old system loopholes. He is not sure yet as to how they are getting through the fences* he has set up. (*That is my basic computer-speak, not his!), but his block list of codes is expanding. He tells me it isn't that hard to fix without having to backup, but is inconvenient as it requires manually doing. He has obtained a new phone, hence the delay in our communication on the issue, as I was using an obsolete number.
martym 12-Jan-2015 5:23:53 PM	Maybe he should swap fences for firey walls?
ajfclark 12-Jan-2015 7:24:41 PM	At a guess, a firewall wouldn't help as the attacks are coming over legitimate channels. Needs an IDS/IPS to weed out the SQL injections.
Eduardo Slabofvic 12-Jan-2015 8:53:51 PM	He might be better off with an EIEIO
ajfclark 13-Jan-2015 8:02:51 AM	So, - - without a space is now considered suspicious input.
ajfclark 14-Jan-2015 7:37:36 AM	On 13/01/2015 ajfclark wrote: >So, - - without a space is now considered suspicious input. But I can encode it as % 2D% 2D in a url? or & minus; & minus; in html? −− That doesn't seem right.
Jayford4321 14-Jan-2015 7:58:59 AM	On 12/01/2015 Eduardo Slabofvic wrote: >He might be better off with an EIEIO Without an SQL here, and an SQL there
martym 14-Jan-2015 2:00:01 PM	Those lines look longer - em dash?
martym 14-Jan-2015 3:13:18 PM	What is this thing? A trampoline inside a tent? For those who like to bounce around in the dark...
IdratherbeclimbingM9 22-Jan-2015 3:15:24 PM	Hmm, block-lists. Why is 'con-text' (when written as the normal one word version), considered suspicious input and not allowing the reply to go through? Wendy experienced it the other day ("the word 'c_rsory' is terribly upsetting to chockstone"), and made half a dozen posts to make a short point, likewise I received a half dozen PMs (original broken up into small portions), from one sender recently trying to isolate a single offending word before his 'PM' would go. ~> Blerrie good thing I had cleaned up my PM box prior, or there wouldn't have been space for those to get to me! (2nd Post edit: He has since informed me that the offending word was precurs_r.) Today while trying to send a PM to another, it keeps getting blocked due suspicious input, though my experimentation has not isolated the offending bit... (Post edit. I found the offender word. It was 'un-characteristic')! (3rd post edit: Chocky doesn't like tr_ncated either). (4th edit: Don't use fa ke either!) Is it possible to work around this inconvenience without publishing the offending words if you think the spam-hackster might read and use that info?
Mike 22-Jan-2015 3:51:35 PM	I've been adding to the blocked words list quite a bit of late in order to prevent the ongoing hacks. The word "c_rsor" (if correctly worded) is on the block list because it's a SQL statement used to iterate through record sets. The word "d_clare" (if correctly worded) is also blocked. I wanted to block "select" too but figured people might use it. It's possibly going to come down to how upset users are by not having certain words available to them, vs having the site down for a few days when a hack occurs. Their robot is still attacking us. Even as we speak the logs are being filled by hex encoded SQL script they are trying to inject into various page query strings. So far this week (touch wood), the block list and some extra validation code I added is repelling them. Just don't use those words.
ajfclark 22-Jan-2015 4:03:27 PM	I'd be looking more at what they are doing to escape the string the in first place. eg. If they're sending: http://chockstone/loadpage?action="somethinsomething‘; sqlquery here;" The problem isn't the sqlquery, it's that the ' isn't being escaped when thrown to the database.
salty crag 22-Jan-2015 8:55:04 PM	On 22/01/2015 ajfclark wrote: >I'd be looking more at what they are doing to escape the string the in >first place. > >eg. If they're sending: > >http://chockstone/loadpage?action="somethinsomething‘; sqlquery >here;" > >The problem isn't the sqlquery, it's that the ' isn't being escaped when >thrown to the database. Blerry Heck! I'm glad there's people thet understand this shite. Just wish robotsemthingwormthingy would leave chocky alone and pick on seething else! Wy the Fuq a tack sumthng hrmlss lyk chocky.
shortman 23-Jan-2015 8:21:29 AM	I work too much and always have a Chockstone tab open in Chrome. What I've noticed recently is that the page is always loading and causes issues, it never used to do this.
IdratherbeclimbingM9 8-Feb-2015 11:34:58 AM	I just sent a txt to Mike again. This time regarding the fact that 10 out of 20 thread topics on first page within Crag & Route Beta are coming up as blanks...
IdratherbeclimbingM9 9-Feb-2015 3:09:41 PM	Feedback from Mike earlier this morning... >Thanks. Try it now, should be working. >The hacks are still happening a couple of times a week, but my repair script is now checking every five minutes and auto running itself if it needs to. So, next time they attack it should recover by itself a few minutes later. >Not the best solution. Would be better to prevent the hacks entirely, but should buy us some time to work on it. Feedback from Mike re ajf's suggestions earlier in this thread... >Saw those. It's a more complex issue.
ajfclark 15-Feb-2015 7:14:46 PM

Home | Guide | Gallery | Tech Tips | Articles | Reviews | Dictionary | Forum | Links | About | Search
Chockstone Photography | Landscape Photography Australia | Australian Landscape Photography | Landscape Photos Australia

Please read the full disclaimer before using any information contained on these pages.

Australian Panoramic | Australian Coast | Australian Mountains | Australian Countryside | Australian Waterfalls | Australian Lakes | Australian Cities | Australian Macro | Australian Wildlife
Landscape Photo | Landscape Photography | Landscape Photography Australia | Fine Art Photography | Wilderness Photography | Nature Photo | Australian Landscape Photo | Stock Photography Australia | Landscape Photos | Panoramic Photos | Panoramic Photography Australia | Australian Landscape Photography | High Country Mountain Huts | Mothers Day Gifts | Gifts for Mothers Day | Mothers Day Gift Ideas | Ideas for Mothers Day | Wedding Gift Ideas | Christmas Gift Ideas | Fathers Day Gifts | Gifts for Fathers Day | Fathers Day Gift Ideas | Ideas for Fathers Day | Landscape Prints | Landscape Poster | Limited Edition Prints | Panoramic Photo | Buy Posters | Poster Prints