Question webr00t

Anyone else been hit by webr00t

The site I use has been completely taken over by this entity in the last few hours, changed all the admin accounts and user posts to the same ID

did you used old kunena version.
There is released a old 2 years security vul.

its a friends site, which i had admin rights to, but not the main database, its only been built in the last couple of months and from my limited knowledge it has all the current releases. I haven't had chance to speak with the owner yet, so i don't know if its a hosting attack or just this site

wish I knew more to be more specific

I searched on Google and there are no results that tie webr00t to Kunena (apart from this topic that we are reading now).

What makes you suspect that the nature of the attack was related to Kunena? To be more specific about details, please post your configuration report.

sozzled wrote: I searched on Google and there are no results that tie webr00t to Kunena (apart from this topic that we are reading now).

What makes you suspect that the nature of the attack was related to Kunena? To be more specific about details, please post your configuration report.

There is no accessible (to me config report as the whole site has been taken over by this entity, all the mods and admin accounts have been stamped as created by this entity, all user entries are created by this entity, unable to log in to the back end), I only managed to log in by creating another account. If any one is interested they can create a fake account on www.jcagain.com and have a look.

As to the point of entry into the site, I'm not debating that, my original question was about the entity, and if it was known. If nothing else is evident so far, then its a focussed DOS rather than a hosting site being taken down.

810 wrote: did you used old kunena version.
There is released a old 2 years security vul.

Are you able to point me to that information please

The best advice in these extreme circumstances, where control of your website has been wrested from your hands, is to revert to a previous known, good backup of your site and restore operations to as normal as possible.

I do not know how else we can be of help.

sozzled wrote: The best advice in these extreme circumstances, where control of your website has been wrested from your hands, is to revert to a previous known, good backup of your site and restore operations to as normal as possible.

I do not know how else we can be of help.

Thanks for that. I'm waiting on the owner to contact the developer, just thinking along the lines of what else was known to be issues so we can look out for them. If I had had full access I would have had back ups and restored it ASAP

and also can you provide the IP from were the post ware made (to add to block list)

@mole999 www.kunena.org/download , and is frustrating to talk people who are not even site SA!

Thanks for that. I'm waiting on the owner to contact the developer, just thinking along the lines of what else was known to be issues so we can look out for them. If I had had full access I would have had back ups and restored it ASAP

Regards from Finland,

Sami/Mortti