PDA

View Full Version : Forum Hack - Please Read



Forum Admin
06-09-2013, 09:34 AM
Hi all,

You may have noticed (or may not) that the forum was hacked overnight. I urge you all to change your passwords. I will be doing the same with the main hosting and access ones.

Please let me know if you notice anything weird. I've done a purge of some people who I approved yesterday so sorry if you were caught up in that - safety first.

Forum Admin

Big Orange
06-09-2013, 10:07 AM
Jeez, I changed my password just now. Considering who wrecked the joint, I'm genuinely worried about my new laptop and smartphone being compromised.

Deep Black
06-09-2013, 07:18 PM
Thanks Felice, quick work :)

Conscious Bob
09-09-2013, 12:15 AM
Just before the hack I did think it odd there was a new member called 'administrator'.

Forum Admin
24-09-2013, 02:34 PM
Thank you SO MUCH for your patience on this, and to the mods who prodded me to keep trying when it was incredibly tough going in the database and I wanted with every fibre of my being to give up.

So, I can confirm the hack was due to a vbulletin security flaw not a personal attack, and not a database or password issue. There were hundreds of forums downed by the same thing all over the world, which was awful, but also good because I did have some useful help posts to trawl through. The security flaw is now closed.

Your passwords and personal info are fine - they used scripts to give themselves access to the template files and so on - but if you would rather be sure I suggest you change them. Belt and braces when it comes to security.

Please let me know if you notice anything weird. I will be doing cleaning up and so on over the next little while, adjusting security settings and so on.


2

Deep Black
24-09-2013, 08:02 PM
All looks good, a few cosmetic alterations, there was a weird little box at the top when I 1st logged in

Thanks for your efforts Felice, you've done a quicker job than the SFX forum, that's been down for months now

Uatec
25-09-2013, 11:42 AM
Good job getting things sorted out.

I've had my websites hacked before, it's quite traumatic isn't it.

charismatic megafauna
02-10-2013, 04:05 AM
I do't get why anyone would want to hack such a dinky little site like ours. Why go to all the bother. Some people really need to get some kind of life.

Uatec
02-10-2013, 11:26 AM
In the name of openness, the developer announced an exploit in VBulletin recently.

It seems that this hacker group just searched around the internet and hacked anything they could using a publicly available exploit.

I wouldn't put these guys on some kind of pedestal as skilled or talented people who attacked the site. More like the person at the back of the room who hears something they can take advantage of but doesn't have the consideration to think of the people they affecting.

Old Vig
02-10-2013, 05:04 PM
Um, well if you can believe what they uploaded they're a bunch of Islamic fanatics and they spit on our imperialist decadent forum.
But they're probably just a bunch of bored pimply teenagers with no mates.

Forum Admin
03-10-2013, 01:29 PM
Yeah, there was an announcement about the security issue - sadly after we had been hacked. The rest of the internet then decided to post up step-by-step instructions on how to hack any vBulletin forum (that still had missed the announcement/hadn't gotten an email from the team) so they all rushed to the party.

Helpful, news sites, very helpful.

But point is as you say Uatec they weren't skilled or talented people. They did it just because they could. Sadly.