E-Sangha

Casual discussion amongst spiritual friends.

Re: E-Sangha

Postby Ben » Sat Oct 17, 2009 4:08 am

This is very sad. My condolences to the owner, admins and moderators of e-sangha.
I hope their site returns to full-functionality and is cleared of all mal-ware suspicion asap.
metta

Ben
"Only those who take to meditation with good intentions can be assured of success. With the development of the purity and the power of the mind backed by the insight into the ultimate truth of nature, one might be able to do a lot of things in the right direction for the benefit of mankind."

Sayagyi U Ba Khin


Compassionate Hands Foundation (Buddhist aid in Myanmar) • Buddhist Global Relief
UNHCR Syria Emergency Relief AppealTyphoon Haiyan Relief AppealKiva: (person to person micro-finance)

e: ben.dhammawheel@gmail.com
User avatar
Ben
Site Admin
 
Posts: 15790
Joined: Wed Dec 31, 2008 12:49 am
Location: Land of the sleeping gods

Re: E-Sangha

Postby davcuts » Sat Oct 17, 2009 4:08 am

christopher::: wrote:
alex jansen wrote:Not only that. Google's now flagging e-sangha as a site that can harm your computer. Perhaps there has been a history of somebody using e-sangha to inject malware into other people's pc's.


Indeed. Going to the e-sangha.com address this message now comes up...

Reported Attack Site!

This web site at http://www.e-sangha.com (<--dont press unless you are confident that your security system will block!!) has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


There is then a button provided which leads over here to Google. Probably best to be cautious...


Safe Browsing: Diagnostic page for e-sangha.com


What is the current listing status for e-sangha.com?


Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?


Of the 11 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-10-14, and the last time suspicious content was found on this site was on 2009-10-14.

Malicious software includes 20 scripting exploit(s).


Malicious software is hosted on 1 domain(s), including t-age.ru/.

This site was hosted on 1 network(s) including AS3595 (GNAXNET).

Has this site acted as an intermediary resulting in further distribution of malware?


Over the past 90 days, e-sangha.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?


No, this site has not hosted malicious software over the past 90 days.

How did this happen?


In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.



Geeezzz this is awful. E-Sangha "was" my homepage. I can't help but believe one of the groups e-Sangha bans is behind the attack. Perhaps not but it wouldn't surprise if they are.
davcuts
 
Posts: 72
Joined: Mon Jan 26, 2009 7:03 am
Location: Asheville, North Carolina

Re: E-Sangha

Postby David N. Snyder » Sat Oct 17, 2009 4:08 am



Hi Christopher,

Thanks for that. Based on that information, I'm wondering and thinking that it might be from one of the ads they had over at e-sangha. One of the ads may have had the virus or spyware attached to it. Hopefully they will get it straightened-out and find the problem.

If so, that is one more reason we will never have ads at this site.
User avatar
David N. Snyder
Site Admin
 
Posts: 7673
Joined: Tue Dec 30, 2008 4:15 am
Location: Las Vegas, Nevada

Re: E-Sangha

Postby christopher::: » Sat Oct 17, 2009 4:28 am

A new member (currently living in China) posted this bold hypothesis over at ZFI. I have absolutely no idea if there could be any truth in this....

Is Esangha down at the moment? Or is it because I am living in China I can't access it?

I have often wondered why I can access Esangha from China even though the Tibetan Buddhist forum is often rife with anti-China sentiment.

I would have thought Esangha would have been a prime target for a cyber-attack from Chinese nationalists.


:shrug:
"As Buddhists, we should aim to develop relationships that are not predominated by grasping and clinging. Our relationships should be characterised by the brahmaviharas of metta (loving kindness), mudita (sympathetic joy), karuna (compassion), and upekkha (equanimity)."
~post by Ben, Jul 02, 2009
User avatar
christopher:::
 
Posts: 1315
Joined: Thu Jan 01, 2009 12:56 am

Re: E-Sangha

Postby catmoon » Sat Oct 17, 2009 4:31 am

alex jansen wrote:Not only that. Google's now flagging e-sangha as a site that can harm your computer. Perhaps there has been a history of somebody using e-sangha to inject malware into other people's pc's.

Yes both e-sangha & Buddhist Community are still down. It looks like a database error but if it is, its not something they haven't encountered before or is particularly hard to fix so yeah... conspiracy theories come to mind.



Last I saw, the site that was flagged as harmful was esangha.com. This is NOT the large Buddhist site we are all familiar with. The URL for the the main buddhist site is lioncity.com or something. Esangha.com is just some parasitical index site.
User avatar
catmoon
 
Posts: 368
Joined: Sat Oct 17, 2009 1:59 am

Re: E-Sangha

Postby poto » Sat Oct 17, 2009 5:48 am

catmoon wrote:
alex jansen wrote:Not only that. Google's now flagging e-sangha as a site that can harm your computer. Perhaps there has been a history of somebody using e-sangha to inject malware into other people's pc's.

Yes both e-sangha & Buddhist Community are still down. It looks like a database error but if it is, its not something they haven't encountered before or is particularly hard to fix so yeah... conspiracy theories come to mind.



Last I saw, the site that was flagged as harmful was esangha.com. This is NOT the large Buddhist site we are all familiar with. The URL for the the main buddhist site is lioncity.com or something. Esangha.com is just some parasitical index site.


E-sangha.com got hacked. The e-sangha forum located on lioncity.net looks like it just has a nasty database error and not any malicious code as far as I can tell, which could be related to the hack, or it could be unrelated. If you only visited the forum on lioncity.net you probably weren't exposed to malware and should be fine. However, if you visited e-sangha.com during the hack, you may want to scan your computer for viruses.
"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." -- C. S. Lewis
User avatar
poto
 
Posts: 363
Joined: Sat Oct 17, 2009 3:21 am

Re: E-Sangha

Postby Individual » Sat Oct 17, 2009 6:19 am

mikenz66 wrote:
Individual wrote:It's probably because the server is based in Singapore. I had the same issue years ago. Give it an hour and try it again.

Actually, it's easy enough to look up the IP address and find that the server is located in the US. New York, in fact. Like DhammaWheel... :spy:

Mike

Well, maybe I'm wrong. It used to be in Singapore... Thanks for clarifying that.

It still is probably the same issue, though, and I don't think e-Sangha can do anything about it.

After reading the rest of this thread, though, it seems likely they were hacked.
The best things in life aren't things.

The Diamond Sutra
Individual
 
Posts: 1970
Joined: Mon Jan 12, 2009 2:19 am

Re: E-Sangha

Postby Individual » Sat Oct 17, 2009 6:24 am

catmoon wrote:Last I saw, the site that was flagged as harmful was esangha.com. This is NOT the large Buddhist site we are all familiar with. The URL for the the main buddhist site is lioncity.com or something. Esangha.com is just some parasitical index site.

I'm pretty sure they're both owned by the same people. Or was it e-sangha.com? Maybe esangha.com is something different, not sure. Somebody might've set up the site to look like the other one maybe.
The best things in life aren't things.

The Diamond Sutra
Individual
 
Posts: 1970
Joined: Mon Jan 12, 2009 2:19 am

Re: E-Sangha

Postby mikenz66 » Sat Oct 17, 2009 6:31 am

Individual wrote:Well, maybe I'm wrong. It used to be in Singapore... Thanks for clarifying that.

The owner is in Singapore. People often run web-sites in different countries...
Actually, poking around a little, it looks like e-sangha.com is hosted in Alabama, whereas lioncity.net, where the forum is, is in NY.

Mike
User avatar
mikenz66
 
Posts: 9614
Joined: Sat Jan 10, 2009 7:37 am
Location: New Zealand

Re: E-Sangha

Postby tiltbillings » Sat Oct 17, 2009 6:43 am

Just tried to log on to E-Sangha at work:

Your organization's Internet use policy restricts access to this web page at this time.

Reason:
The Websense category "Malicious Web Sites" is filtered.


--------------------------------------------------------------------------------

URL:
http://www.lioncity.net/buddhism/index.php?


That is new.
This being is bound to samsara, kamma is his means for going beyond.
SN I, 38.

Ar scáth a chéile a mhaireas na daoine.
People live in one another’s shelter.
"We eat cold eels and think distant thoughts." -- Jack Johnson
User avatar
tiltbillings
 
Posts: 18370
Joined: Wed Dec 31, 2008 9:25 am
Location: Turtle Island

Re: E-Sangha

Postby Individual » Sat Oct 17, 2009 7:00 am

mikenz66 wrote:
Individual wrote:Well, maybe I'm wrong. It used to be in Singapore... Thanks for clarifying that.

The owner is in Singapore. People often run web-sites in different countries...
Actually, poking around a little, it looks like e-sangha.com is hosted in Alabama, whereas lioncity.net, where the forum is, is in NY.

Mike

I remember Leo actually used to have the server literally sitting in his home. There was a controversy when they had to deal with Singaporean censorship laws because of where the server was.
The best things in life aren't things.

The Diamond Sutra
Individual
 
Posts: 1970
Joined: Mon Jan 12, 2009 2:19 am

Re: E-Sangha

Postby Individual » Sat Oct 17, 2009 7:03 am

christopher::: wrote:A new member (currently living in China) posted this bold hypothesis over at ZFI. I have absolutely no idea if there could be any truth in this....

Is Esangha down at the moment? Or is it because I am living in China I can't access it?

I have often wondered why I can access Esangha from China even though the Tibetan Buddhist forum is often rife with anti-China sentiment.

I would have thought Esangha would have been a prime target for a cyber-attack from Chinese nationalists.


:shrug:

E-Sangha has more enemies than just Chinese nationalists.
The best things in life aren't things.

The Diamond Sutra
Individual
 
Posts: 1970
Joined: Mon Jan 12, 2009 2:19 am

Re: E-Sangha

Postby Ben » Sat Oct 17, 2009 7:05 am

Keep it nice, please.
"Only those who take to meditation with good intentions can be assured of success. With the development of the purity and the power of the mind backed by the insight into the ultimate truth of nature, one might be able to do a lot of things in the right direction for the benefit of mankind."

Sayagyi U Ba Khin


Compassionate Hands Foundation (Buddhist aid in Myanmar) • Buddhist Global Relief
UNHCR Syria Emergency Relief AppealTyphoon Haiyan Relief AppealKiva: (person to person micro-finance)

e: ben.dhammawheel@gmail.com
User avatar
Ben
Site Admin
 
Posts: 15790
Joined: Wed Dec 31, 2008 12:49 am
Location: Land of the sleeping gods

Re: E-Sangha

Postby alex jansen » Sat Oct 17, 2009 10:36 am

Leo just posted a response 10 minutes ago over at Buddhist Community that says:

All E-Sangha related websites had been hacked. I am able to retrive all data except some images which are recently uploaded.
I need some time to get E-Sangha Forum working again.


That pretty much confirms what happened then. I hope they get it up soon.

Buddhist Community is back up to normal but E-sangha is still down as I type this.
User avatar
alex jansen
 
Posts: 8
Joined: Fri Oct 16, 2009 12:12 pm

Re: E-Sangha

Postby Dmytro » Sat Oct 17, 2009 5:35 pm

Hello,

Today after the visit to E-Sangha website my Firefox browser informed me that it has blocked a malicious add-on, and that a restart is necessary to remove it completely.

I am not hundred percent sure, but recommend to be cautious.

Metta, Dmytro
User avatar
Dmytro
 
Posts: 1161
Joined: Thu Jan 01, 2009 7:24 pm
Location: Kyiv, Ukraine

Re: E-Sangha

Postby David N. Snyder » Sat Oct 17, 2009 6:37 pm

e-sangha is still down and now Buddhist Community is back down again, at least for me and my browser.

For the few moments when Buddhist Community was back up, Leo announced that all e-sangha related sites were hacked and he has been unable to retrieve all of the data so far, only being able to get the pictures.

For those of you who have direct contact with Leo, show him this site and ask him if this will help:

http://www.archive.org/web/web.php

It is a site that lets you view an 'older' version of just about any website. If he could pull-up a recent version, of say one or two months ago, perhaps he could use that data and restore the site?
User avatar
David N. Snyder
Site Admin
 
Posts: 7673
Joined: Tue Dec 30, 2008 4:15 am
Location: Las Vegas, Nevada

Re: E-Sangha

Postby adamposey » Sat Oct 17, 2009 7:02 pm

What software was he using to run this site? It seems like he may consider importing whatever he can into new software that perhaps takes a more hard line on security. It's highly unfortunate that this is necessary but I have many connections at top tech. institutes like MIT, if Leo were to make his needs for software known I could set about the work of asking around for something a little less vulnerable.
adamposey
 
Posts: 158
Joined: Sat Oct 10, 2009 8:16 pm

Re: E-Sangha

Postby poto » Sat Oct 17, 2009 7:05 pm

TheDhamma wrote:e-sangha is still down and now Buddhist Community is back down again, at least for me and my browser.

For the few moments when Buddhist Community was back up, Leo announced that all e-sangha related sites were hacked and he has been unable to retrieve all of the data so far, only being able to get the pictures.

For those of you who have direct contact with Leo, show him this site and ask him if this will help:

http://www.archive.org/web/web.php

It is a site that lets you view an 'older' version of just about any website. If he could pull-up a recent version, of say one or two months ago, perhaps he could use that data and restore the site?


I'm a webmaster and run a network of websites for a living. For a forum the size of e-sangha, scraping an old version out of archive.org would be futile. Really, this is why it's important to have current backups whenever you're running large websites. There are plenty of hosting companies that offer daily backups as part of their service, which makes it easier, although it might cost a few dollars more. I'm sure Leo has some form of backups, and e-sangha will be back at some point in time.

Archive.org usually runs several months behind and it doesn't index everything. So, even a weekly or monthly database backup would be much more current and complete than what's on archive.org, not to mention the user accounts, PMs, etc., that would be lost if one tried to restore a site off of archive.org only.
"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." -- C. S. Lewis
User avatar
poto
 
Posts: 363
Joined: Sat Oct 17, 2009 3:21 am

Re: E-Sangha

Postby adamposey » Sat Oct 17, 2009 7:09 pm

poto wrote:
TheDhamma wrote:e-sangha is still down and now Buddhist Community is back down again, at least for me and my browser.

For the few moments when Buddhist Community was back up, Leo announced that all e-sangha related sites were hacked and he has been unable to retrieve all of the data so far, only being able to get the pictures.

For those of you who have direct contact with Leo, show him this site and ask him if this will help:

http://www.archive.org/web/web.php

It is a site that lets you view an 'older' version of just about any website. If he could pull-up a recent version, of say one or two months ago, perhaps he could use that data and restore the site?


I'm a webmaster and run a network of websites for a living. For a forum the size of e-sangha, scraping an old version out of archive.org would be futile. Really, this is why it's important to have current backups whenever you're running large websites. There are plenty of hosting companies that offer daily backups as part of their service, which makes it easier, although it might cost a few dollars more. I'm sure Leo has some form of backups, and e-sangha will be back at some point in time.

Archive.org usually runs several months behind and it doesn't index everything. So, even a weekly or monthly database backup would be much more current and complete than what's on archive.org, not to mention the user accounts, PMs, etc., that would be lost if one tried to restore a site off of archive.org only.


If it were just a large forum he would be running vbulletin by default, yes?
adamposey
 
Posts: 158
Joined: Sat Oct 10, 2009 8:16 pm

Re: E-Sangha

Postby poto » Sat Oct 17, 2009 7:14 pm

adamposey wrote:What software was he using to run this site? It seems like he may consider importing whatever he can into new software that perhaps takes a more hard line on security. It's highly unfortunate that this is necessary but I have many connections at top tech. institutes like MIT, if Leo were to make his needs for software known I could set about the work of asking around for something a little less vulnerable.


He was running Invision Power Board. It's possible to import an Invision database to another forum software like vBulletin or phpbb. Any decent tech guy can do that, no need to call MIT. As long as he kept his version of Invision current it shouldn't have been a problem. As far as I know Invision is fairly secure, although vBulletin is generally considered the best forum software.

adamposey wrote:If it were just a large forum he would be running vbulletin by default, yes?


A lot of large forums do run vBulletin, although there are some large forums that don't. It's up to the webmaster/owner to decide what to run.
"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." -- C. S. Lewis
User avatar
poto
 
Posts: 363
Joined: Sat Oct 17, 2009 3:21 am

PreviousNext

Return to Lounge

Who is online

Users browsing this forum: Bing [Bot], cooran, Kim OHara, MSNbot Media and 4 guests