Members and administrators of the Vniss hacker forum have contacted the editorial office to express their goodwill towards HVA. Meanwhile, hackernohat – the individual who took an interest in HVA causing the trouble – has also spoken out to clarify the situation.
HVA is not yet operational (Photo taken at 7:00 AM on May 5)
Administrator (Mod) with the nickname Rekc0r, representing Vniss, admitted that in the early hours of May 1, three members of Vniss attacked HVA, but did not plan the timing to exploit the security flaw. “Vniss’s defacement attack on HVA was not for fame or profit; it was simply a warning to this forum. The damage we caused can be restored by HVA’s admin within five minutes,” explained the Mod of Vniss regarding the reason for attacking the HVA forum.
According to this individual, the long-standing hacker forum HVA had fallen victim to a serious security vulnerability due to the way it handled strings in the Invision Power Board (IPB) version in the Search.php file, rather than due to an SQL Injection flaw.
“The relationship between Vniss and HVA has always been good. We do have access to HVA’s database, but not the entire thing, and we are not selling it,” Rekc0r stated. “I want to affirm that no one in the Vniss administration ever sells the database of any site after hacking it. Furthermore, Vniss is not the only group exploiting HVA’s security vulnerabilities.”
As for hackernohat, who claims to have successfully hacked HVA but then leaked information that led to the incident in the early hours of May 1, he insists that he only accessed the data and did not destroy HVA’s database. The reason for this attack was that the HVA administration had previously banned (blocked) hackernohat’s account on the forum. “After hearing that HVA was defaced by Vniss, I found out that one of my ‘underlings’ had posted the pictures I hacked from HVA on Vniss,” hackernohat recounted. “But I assure you I could only view the data because I could read the password and user database from the file gobal_conf.php of HVA. As for destroying the database, that was impossible because I tried. Besides the uploads directory, there were no other directories where I could upload or write files as HVA had set very strict permissions. I commend them for their excellent defense capabilities.”
Currently, the advertisement for selling HVA’s database is no longer available on the website ddth.com. The IT community also believes that such incidents are unwarranted as forums for IT or hackers should foster learning, support, and knowledge-sharing among one another. This is how it will benefit Vietnam’s information technology landscape.
Meanwhile, the HVA administration has stated that they are still seeking all possible ways to recover the data, and in a few days, hvaonline.net will reopen to welcome members.
Nguyễn Hằng
