ACDB  Log In Search
Random
Light/Dark Theme
Site Map
SMASH
or
PASS
Members, Please Change your Password As Soon As Possible Jan 28, 2022 | Rei
Please see this page for a list of accounts that were likely affected.

I woke up this morning to seeing usual SQL errors in my error log. A script that did not have the highest security was discovered by someone and they have been extracting account info.

I must ask everyone to change their password as soon as possible to be safe.

I'll update this as I continue my investigation.

As early as January 27th, an individual began attacking an SQL Injection vulnerable script. Their quires indicate knowledge of the Account Table, and attempts to extract user names, passwords and emails.

The script has been taken offline, the IP banned, and data preserved to examine.

I'll be replaying some of their hacks to confirm if they succeeded in extracting information.

~~~~

The attacks I've investigated from yesterday largely change the page title and returned no results.

The attacks today, they were modifying the SQL query in a way that crashed the page.

As of yet, I am unable to confirm any information was stolen.

It's possible they were stopped in time.

~~~~

Since I have logs of every request they made, I am currently replaying those to find out for sure if they were able to access our data. And if so, what data they were able to take. Will update again after examining 168384 requests.

~~~~

This appears to have been a "blind sql injection" attack. Using boolean questions, an attacker can extract the contents of a table bit by bit. Literally. They can then reassemble those bits into a copy of the tables contents. Such attacks are quite stealthy, and leave little trace of the data extracted since each request is equivalent to a binary response.

The attacker was first see [27/Jan/2022:15:39:24 +0000]

They extracted information on the database structure followed by a count of the number of members.

They then proceeded to extract the email address and hashed password from our user database.

Given the sequential nature of their attack, it was possible to identify the 442 accounts most likely to have been affected

The attacker was stopped [28/Jan/2022:11:07:46 +0000] and the affected script taken offline.

~~~~

Going forward, here is the plan:

Step 1
Do an audit of all scripts, looking for anything that is vulnerable to SQL Injection, and either take down or patch the script.

Step 2
Encrypt email addresses and apply encryption to password hashes to make the data as useless as possible should it be stolen.

Step 3
More eyes looking out for early warning signs that sql injection is taking place.

--
Rei

Go Top

Anime Characters Database Logo Links

Characters

Anime and Games

Etc

Contribute

Games

Character Info

Lists

This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use. Learn more [close]

Who Board | New Thread

01:16 am
 Anonymous
Who is this ?
Replies: 1

Buy Me a Coffee at ko-fi.com

Increase your fun by becoming a member today! Login | Register

Top Anime Girls

  1. Rias Gremory
  2. Marin Kitagawa
  3. Galko
  4. Nobara Kugisaki
  5. Reina Kurashiki

Top Anime Boys

  1. Katsuki Bakugo
  2. Shoto Todoroki
  3. Shinichi Kudo
  4. Satoru Gojou
  5. Megumi Fushiguro

Popular Anime Titles

  1. Demon Slayer: Kimetsu no Yaiba
  2. Chainsaw Man
  3. Spy x Family
  4. Solo Leveling
  5. Jujutsu Kaisen 2nd Season

10 fun things to do on ACDB

Advertise - Ko-fi - Share - Mascot - Contact - Discord - API - Wiki - Site Map - Change Log - アニキャラベー - The Nature DB - Twitter - Instagram - Privacy Policy - Rules
All images are copyright of their respective owners. Copyright © Goral Software

Rendered in 12.2 ms. R-6-W-3-M-2994.1 KB