Updates on Cultural Heritage Imaging Forums

9 views

Skip to first unread message

RTI Group Admin

unread,

Jan 18, 2013, 8:19:56 AM1/18/13

to rti_...@googlegroups.com

Hi all,

Unknown to one another we have both been corresponding with Carla Schroer, founder and director of Cultural Heritage Imaging, about the current state of their Forums vis a vis the hacking alert discussed previously in the RTI on iPad thread and asking if we can pass on any updates to the RTI_help group. Below are two replies from Carla explaining the problem and the progress to date. We're posting both our replies since they contain evolving information.

Dennis Piechota and Kathryn Piquette

RTI_help Admins

rtis...@gmail.com

---------- Forwarded message ----------

January 18, 2013

From: Carla Schroer

To: Dennis Piechota

Dennis,

Here is an update I sent to Kathryn a few days ago. Please feel free to post. The issue was not Java related. We are now reinstalling the forum software and we will repopulate from the database. The database was not affected, nor was our primary site.

I will post information to the forum when it is back up. And probably also on the blog. We posted a notice to our Facebook page, and also took links from our website down until it was resolved. We thought it was resolved several times, but the code kept replicating the hack.

I'm in Jordan now at WAC-7. So that has slowed things down a bit also.

Carla

Begin forwarded message:

January 14, 2013
From: Carla Schroer
To: Kathryn Piquette

Kathryn,

We have been working to clear the site. The hack is nastier than we expected, and there was some code that was self replicating, so when we cleaned up it would reappear. We have worked with our web hosting service provider to sort things out, and that is going along slowly. The problem is that the code is in files that the automatic scanners don't detect. So there is a lot of manual checking that has to be done, though we believe we have found the source

One small bright spot is that it is clear from the Google scans, that our site was never serving any malware. Rather the hack was designed to redirect users to a site that is known to serve malware. so, if anyone came to our site, and did not accept the redirect (most browsers would detect this and prompt the user) they would not be harmed. The redirect doesn't happen every time either, so it's pretty tricky stuff.

The hack came in through a vulnerability in an old version of wordpress installed on our site. We have removed that.

I'll be writing up more details once t is clear, to post on the site, and also to spread the word around. One thing I've learned is that you shouldn't put anything on your site that you aren't prepared to keep up to date, and check for issues. I think it's important to note that the forum software itself isn't where this came in, however the hack exploited the fact that the forum is coded with php and hjavascripts, and those are the files that they targetted and also wrote new files which were paced on the site.

Carla

Carla Schroer
Founder & Director
Cultural Heritage Imaging
http://culturalheritageimaging.org

Reply all

Reply to author

Forward

0 new messages