Coffeehouse Thread

5 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Yet Another Forum - Hacked

Back to Forum: Coffeehouse
  • User profile image
    m1keread

    Looks like the Yet Another Forum.NET forum has been hacked.

    Cant find any info as yet on this, I guess it has happened recently.

    http://forum.yetanotherforum.net/yaf_forum.aspx

    You can get to the support forums if you click quickly!!

    Anyone know anything more about this ?

    Mike

  • User profile image
    W3bbo

    I concurr, I've been getting a bunch of spams from YAF's email address by some group involving NetDevilz.org (some script-kiddie website).

    It looks like they just found a vulnerabiltiy in YAF.com's installation (which might be on other people's too) and started hijacking sessions. So to be safe, don't login to YAF's website until Jaben gives it the all clear.

  • User profile image
    JonLumb

    W3bbo wrote:
    I concurr, I've been getting a bunch of spams from YAF's email address by some group involving NetDevilz.org (some script-kiddie website).

    It looks like they just found a vulnerabiltiy in YAF.com's installation (which might be on other people's too) and started hijacking sessions. So to be safe, don't login to YAF's website until Jaben gives it the all clear.


    Just went on there and everything seemed fine to me, although I didn't login, so that may be a factor

  • User profile image
    m1keread

    JonLumb wrote:
    
    W3bbo wrote:
    I concurr, I've been getting a bunch of spams from YAF's email address by some group involving NetDevilz.org (some script-kiddie website).

    It looks like they just found a vulnerabiltiy in YAF.com's installation (which might be on other people's too) and started hijacking sessions. So to be safe, don't login to YAF's website until Jaben gives it the all clear.


    Just went on there and everything seemed fine to me, although I didn't login, so that may be a factor


    It was fine for a while, its been done again though.  One comment in forum reckons that the main admin password may heve gone.

    You dont need to login, just visit the tope level of the forum and a redirect puts you to the NetDevilz.org site.

  • User profile image
    Jaben

    I'm the lead developer for Yet Another Forum.NET. Since this thread is still very high on Google, I thought I would update it.

     

    Back in 2007 there was hack of the main support forum. It was a cookie stealing attack due to HTML not being encoded properly.

     

    Since then, we've focused on security issues and are proud to say no security flaw have been reported since 2008 for the Yet Another Forum.NET Product. If anyone finds any issues with YAF immediately report it to me and a fix will be available.

     

    Jaben

    Lead Developers

    YAF.NET

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.