#24529 by Pete
21 May 2008, 19:31
Now that the dust is settling since the hack last weekend, I just wanted to bring everyone up to speed with what happened.

What Was It?
There is a major SQL Injection Trojan sweeping the Internet, and if that means nothing to you, let me explain. SQL is the database technology we use on V-Flyer, as do many millions of sites out there. An SQL Injection is a particular type of hacking attempt which tries to squirt unwanted data into the database by adding SQL commands to the end of legitimate query strings. An SQL Injection Trojan is a virus which automatically probes websites to send SQL commands blindly to every page it finds that use query strings. In this particular case, the trojan infects host PCs, so potentially your own PC becomes the next machine to hack a website. The trojan that swept through V-Flyer last weekend would appear to be a particularly nasty example that may have already infected many millions of PCs, that are all now zombie hacking stations.

What Did It Do?
Our logs show that the attacks started as early as 5th May, but because I've been cleaning up as much of the code on V-Flyer as possible since our last hack, it didn't find a hole until the early hours of the 18th. When it found a hole, it squirted a javascript command into multiple tables, and when that javascript tag is rendered on a vulnerable PC, it turns it into a zombie. If you haven't already done so, make sure you have run a up-to-date virus sweep on your machine.

What Is The Fix?
The initial attempt to clean out the database by searching and replacing for the script tags wasn't totally successful, because of limitations on the types of fields SQL can auto replace on. A decision was made to roll back the data to the 17th May. This means we've lost a chunk of posts from Sunday - Tuesday, but I figured this was better than leaving traces of this particularly nasty virus script in our pages.

I've added code to protect from this particular attack, although there's no guarantee that a different type of trojan couldn't find a way in in the future. Unfortunately, like spam, hacking is just an irritating fact of life.

A side effect of these attack will be the slow-downs we've been seeing on the site of late. The reason being that we're getting millions of page requests from zombie terminals trying to find holes, and that means fully-rendering pages to send that will never be viewed. It eats up server resources. Part of the fix is to now only send a single line error response, which will hopefully reduce the server burden (although we are still being hit thousands of times a day by infected PCs looking for exploits).

I'd like to thank Paul, Ben and Richard for their assistance (and keeping my nerves calm!) over the last few days. It's been a bit tricky trying to fix this from a hotel room (and changing hotels just at the point the hack was at its worst), with the distractions of San Francisco and Vegas just outside the window! Hopefully things will be back to normal, although this hack is still out there and causing havoc across the Internet.

Pete
#208790 by honey lamb
21 May 2008, 19:46
We really appreciate your efforts, especially when you were supposed to be enjoying yourself. Thank you. [:X]

If it started as early as May 5th, was that one of the reasons that the site used to play up on a Sunday evening?
#208793 by Neil
21 May 2008, 19:51
Cheers to everyone who helped sort the problem out[y][y] I was lost without V-Flyer on Monday to make me look busy at work[:w]
#208794 by fozzyo
21 May 2008, 19:55
Thanks guys ... sorry for waking you up from your post run snooze's. )

Mat
#208795 by Stevieboy
21 May 2008, 19:59
Thanks for that Pete, do we have to do anything with our own PC's?

-Steve
#208799 by buns
21 May 2008, 20:41
Sincere thanks to you Pete and admiration for those around you that were able to give you moral support[y][y][y]

buns
#208802 by Scrooge
21 May 2008, 20:50
Originally posted by Stevieboy
Thanks for that Pete, do we have to do anything with our own PC's?

-Steve


A good idea would be to run a full anti virus sweep.

If you do not have an anti virus please click on this and click on the free trial version.

I would also of course like to thank Pete and Paul for dragging themselves away from the distractions in Vegas to take care of this problem.....
#208810 by preiffer
21 May 2008, 21:56
Originally posted by Scrooge
I would also of course like to thank Pete and Paul for dragging themselves away from the distractions in Vegas to take care of this problem.....

Ummm.... *technically*, I was at the pool for most of it. [:I][:w]
#208818 by MarkedMan
22 May 2008, 01:39
Thanks much folks - your efforts are truly appreciated. Makes the site all the more friendly!
#208823 by ChuckC
22 May 2008, 03:00
Thanks very much, Pete and everyone else who helped bring us back on line!

Chuck-
#208832 by pjh
22 May 2008, 09:36
Thanks for the speed of the fix and the clarity of the explanation.

And everyone should update their anti virus software and run a full scan. Symantec was working overtime each time I ventured to see if the site was back on line.

Paul
#208872 by sbg
22 May 2008, 17:37
Good work Pete and the lads - now, can I have my TR back? (just kidding....)
#208911 by iforres1
23 May 2008, 08:30
Pete (and the lads)

many thanks for the hard work you have put in to fix the site. I for one would miss it if it was not here.

cheers
Iain
#208919 by stars
23 May 2008, 10:28
Thanks for all of your hard work!
#209045 by eejp1007
26 May 2008, 13:56
Stars, all of you.
Thank you for giving up your time and energy to feed us our fixes of v-flyer!
Ed
Virgin Atlantic

Who is online

Users browsing this forum: No registered users and 11 guests

Itinerary Calendar