m1keread Bored of Captions

Sep 07, 2007 at 6:41 AM

Looks like the Yet Another Forum.NET forum has been hacked.

Cant find any info as yet on this, I guess it has happened recently.

http://forum.yetanotherforum.net/yaf_forum.aspx

You can get to the support forums if you click quickly!!

Anyone know anything more about this ?

Mike
W3bbo Work hard; increase production; prevent accidents, and be happy.

Sep 07, 2007 at 7:01 AM

I concurr, I've been getting a bunch of spams from YAF's email address by some group involving NetDevilz.org (some script-kiddie website).

It looks like they just found a vulnerabiltiy in YAF.com's installation (which might be on other people's too) and started hijacking sessions. So to be safe, don't login to YAF's website until Jaben gives it the all clear.
JonLumb

Sep 07, 2007 at 7:14 AM

W3bbo wrote:

I concurr, I've been getting a bunch of spams from YAF's email address by some group involving NetDevilz.org (some script-kiddie website).

It looks like they just found a vulnerabiltiy in YAF.com's installation (which might be on other people's too) and started hijacking sessions. So to be safe, don't login to YAF's website until Jaben gives it the all clear.

Just went on there and everything seemed fine to me, although I didn't login, so that may be a factor

m1keread Bored of Captions

JonLumb wrote:

W3bbo wrote:
I concurr, I've been getting a bunch of spams from YAF's email address by some group involving NetDevilz.org (some script-kiddie website).

It looks like they just found a vulnerabiltiy in YAF.com's installation (which might be on other people's too) and started hijacking sessions. So to be safe, don't login to YAF's website until Jaben gives it the all clear.

Just went on there and everything seemed fine to me, although I didn't login, so that may be a factor

It was fine for a while, its been done again though. One comment in forum reckons that the main admin password may heve gone.

You dont need to login, just visit the tope level of the forum and a redirect puts you to the NetDevilz.org site.

Jaben

Feb 12, 2010 at 5:35 PM

I'm the lead developer for Yet Another Forum.NET. Since this thread is still very high on Google, I thought I would update it.

Back in 2007 there was hack of the main support forum. It was a cookie stealing attack due to HTML not being encoded properly.

Since then, we've focused on security issues and are proud to say no security flaw have been reported since 2008 for the Yet Another Forum.NET Product. If anyone finds any issues with YAF immediately report it to me and a fix will be available.

Jaben

Lead Developers

YAF.NET

Thread Closed

This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

Yet Another Forum - Hacked

Thread Closed