OOTP Developments Forums - View Single Post - Hacker possibly targetting OOTP online leagues

Cooleyvol · 11-16-2008, 10:49 AM

First off, I'm placing blame at no one's feet.

TSW has had only one league affected out of our 14 leagues easily linked from any league on our network. That league is an OOTP league that runs Getch's utility.

Is it the only OOTP league we have that runs Getch's stuff? No, but its one of only two.

In my experience CMS are notorious for security holes, so I'd surmise that most of those affected were hit b/c of the CMS running the sites on Fidel's space, but it seems that there's a window in through Getch's utilities. We don't use CMS and have vBulletin, so I'm guessing since those windows were closed, the only other vulnerability left for us was Getch's utility.

I just reupped the index page of our affected site and all is well again, but I will check with that other league running Getch to see if they've seen this as well.

11-16-2008, 10:49 AM	#21 (permalink)
Cooleyvol Hall Of Famer Join Date: Dec 2001 Location: Woodland Mills, TN Posts: 5,801 Thanked 456x in 272 posts	First off, I'm placing blame at no one's feet. TSW has had only one league affected out of our 14 leagues easily linked from any league on our network. That league is an OOTP league that runs Getch's utility. Is it the only OOTP league we have that runs Getch's stuff? No, but its one of only two. In my experience CMS are notorious for security holes, so I'd surmise that most of those affected were hit b/c of the CMS running the sites on Fidel's space, but it seems that there's a window in through Getch's utilities. We don't use CMS and have vBulletin, so I'm guessing since those windows were closed, the only other vulnerability left for us was Getch's utility. I just reupped the index page of our affected site and all is well again, but I will check with that other league running Getch to see if they've seen this as well. __________________