WARNING - PFA's internet provider could suspend the site due to Russian hacking - please read thread for contingency plan

[Dan Druff]

Over the 10+ years of this site, I have had to deal with occasional hackings by Russian and Chinese groups. These hackings were never maliciously aimed at me or PFA. They were part of large, organized hacking efforts to hijack sites and use them as either spam servers or zombies. (A "zombie" is a computer taken over by hackers, which is used then to attack or scan other sites.)

PFA is a loosely constructed structure of third party software, public domain freeware, and software/routines I wrote myself. For example, that little messaging box at the bottom right (which only shows on some devices) is a piece of third party software. The chat room we use during radio is (old) third party software which I shoehorned into working with PFA. The radio appears to broadcast through the forum, but is actually third party software which I integrated into the site.

There are lots of different pieces of software running on the server here -- some visible to you, some not.

The bad part of this is the fact that each of these opens up vulnerabilities to hackers.

A recent hack has been using PFA as a zombie system, and our internet provider has gotten multiple complaints. There is no question that this is a result of a hacking, and they do not believe I am behind the zombie attacks. However, I have been given an ultimatum to fix this, or otherwise PFA will be suspended. I already thought this was fixed a few days ago, but apparently not.

If this happens, you will see a suspension message, and will not be able to access either PFA or our sister site, Vegas Casino Talk.

In addition, other sites I manage such as dandruffpoker.com and toddwitteles.com will also go down.

Here is the plan if this occurs:

1) I will be giving updates on https://twitter.com/PokerFraudAlert

2) I will move all of the sites I manage to a different provider -- first with a temporary page explaining what's going on, and then I'll put everything back as before

3) PFA might be taken down later tonight for purposes of doing backups, but this will only last for about 30 minutes.


This might all take several days, so please be patient if it happens.

I am hoping I can take care of this matter and a provider switch will not be necessary. Of course, even if I do switch providers, I'll need to kick the Russians off, because this problem will occur all over again once I restore from the backup.

[BCR]

Considering half the site are Putin fanboys, you’d think they’d cut you a break.

[sonatine]

this would never happen at sonatinep0ker.com.


[redacted]? maybe.





probably.

[MumblesBadly]

Considering half the site are Putin fanboys, you’d think they’d cut you a break.

Wondering whether this threat is a false flag op in case Druff has to explain away why he’d still vote for Trump when the Orange Man is wearing an orange jumpsuit courtesy of the Federal Bureau of Prisons.

[Ryback_feed_me_more]

I know its a small hit to the jew wallet but would using cloudflare solve any issues. You can geoblock russian and Chinese IP addresses en masse from accessing the site for $20 a month I believe.

[simpdog]

Good luck Druff.

Does your hosting have any security guys that can help you out?

Maybe shut down everything except vbulletin for a bit?

[devidee]

[Dan Druff]

Spent hours on this today but I think I wiped it all off.

My first attempt last week was a fail. I only got some of it. I did a deeper search today.

It looks like the breach occurred on January 31, 2020. It is unknown when they started actually using the zombie software they installed.


Later on tonight, I will back up the site, so there might be some downtime then.

[Dan Druff]

Good luck Druff.

Does your hosting have any security guys that can help you out?

Maybe shut down everything except vbulletin for a bit?

I haven't wanted to resort to this yet because:

1) I'm a cheap Jew, and these services are expensive.

2) I am actually competent at doing this myself.

3) I am the most knowledgeable of anyone regarding what I installed/modified (and why), so I can quickly dismiss false positives, whereas any third party I hire cannot (without constantly coming back and asking me). Since there are various custom modifications on this site, I don't need some security guy just wiping off anything which doesn't match the standard package of the latest version of all the software, which is generally what they like to do.


Hopefully I got it all this time.

I am going to update some of the software in question, and hopefully that will stop future breaches like this.

[JimmyG_415]

I'm sure it is just a total coincidence that that is when Entropy opened his account.

Spent hours on this today but I think I wiped it all off.

My first attempt last week was a fail. I only got some of it. I did a deeper search today.

It looks like the breach occurred on January 31, 2020. It is unknown when they started actually using the zombie software they installed.


Later on tonight, I will back up the site, so there might be some downtime then.

[DJ_Chaps]

Considering half the site are Putin fanboys, you’d think they’d cut you a break.

Wondering whether this threat is a false flag op in case Druff has to explain away why he’d still vote for Trump when the Orange Man is wearing an orange jumpsuit courtesy of the Federal Bureau of Prisons.

HOW DO YOU MANAGE TO SHOEHORN TRUMP INTO EVERY DISCUSSION YOU WALTZ INTO ON HERE? YOU ARE LITERALLY TDS DEFINED X2, TRUMP AND TODD DERANGEMENT SYNDROME. SHUT IT DOWN.

[Gordman]

I'm sure it is just a total coincidence that that is when Entropy opened his account.

Except, that is not when he opened his account

[limitles]

Wondering whether this threat is a false flag op in case Druff has to explain away why he’d still vote for Trump when the Orange Man is wearing an orange jumpsuit courtesy of the Federal Bureau of Prisons.

HOW DO YOU MANAGE TO SHOEHORN TRUMP INTO EVERY DISCUSSION YOU WALTZ INTO ON HERE? YOU ARE LITERALLY TDS DEFINED X2, TRUMP AND TODD DERANGEMENT SYNDROME. SHUT IT DOWN.

Because it never gets old. The chance to remind anyone of their support for the criminal president should gone be ignored. These truth deniers
have not given up so game on.

Why do you care as much as you do?

[1dollarboxcar]

it was probably one of Christopher Mitchell's employees under his huge payroll. like one of his highly paid consultants or one of his highly paid investigators but most likely one of his highly paid hackers that disguised their attack from China and Russia since he has clients from all over the world.....

[limitles]

it was probably one of Christopher Mitchell's employees under his huge payroll. like one of his highly paid consultants or one of his highly paid investigators but most likely one of his highly paid hackers that disguised their attack from China and Russia since he has clients from all over the world.....

Watch out for this guy a real thnker

[limitles]

it was probably one of Christopher Mitchell's employees under his huge payroll. like one of his highly paid consultants or one of his highly paid investigators but most likely one of his highly paid hackers that disguised their attack from China and Russia since he has clients from all over the world.....

Watch out for this guy a real thnker

Ban Entropy the Russian.

[turdzilla]

Time to display my ignorance.

I used an enhanced security product offered by GoDaddy for my site.

Why can't you do the same?

[Dan Druff]

Time to display my ignorance.

I used an enhanced security product offered by GoDaddy for my site.

Why can't you do the same?

Every piece of software installed has its own potential security vulnerability. There is no way around that, though "best practices" involve always making sure you have the latest versions and patches. For reasons explained on my show, I can't do that, so the site is always a little bit vulnerable.