Today's downtime

Log in to stop seeing adverts

Status
Not open for further replies.

Jeff

Administrator
Staff member
The site is back up now after around an hour being unavailable.

This is due to an attack by hackers, who exploited a recently discovered vulnerability in the forum software.

There are a few things I still need to do to ensure it can't happen again, and I may need to take the site down as a result, but for the time being, everything is running as it should.
 
I wondered what had happened.
Bloody hackers I can never understand the mentality of these people.
Still it is Pirate day and I suppose in todays terms it was like Pirates attacking the ship. But good old Cap'n Jeff has repelled the boaders and sent them off to whence they came. Arrrrgggghhhh
 
I wondered what had happened.
Bloody hackers I can never understand the mentality of these people.
Still it is Pirate day and I suppose in todays terms it was like Pirates attacking the ship. But good old Cap'n Jeff has repelled the boaders and sent them off to whence they came. Arrrrgggghhhh

:icon_lol: FFS MoFo
 
But good old Cap'n Jeff has repelled the boaders and sent them off to whence they came. Arrrrgggghhhh

I'm still working on repairing the damage. They accessed a security problem in the forum software to create an admin user, and used this to upload a script that gave them access to files on the system, as well as full access to the site admin system.

I've done what I can to close off their original point of access, but they may have left other stuff behind that allows them to get in again, so I have a lot of checking of files etc before I can be confident everything is OK. I may resort to reinstalling the forum from scratch, but that will create a lot of work, and will involve some downtime.
 
Will any of this have caused passwords to be compromised or any other information?

No. Passwords are encrypted in the database and it's impossible to convert the encrypted version into the password. That's why people who forget their password have to request a new one, it's not possible to retrieve the old one.

The admin logs show that the attacker didn't access any user information.

They appear to have been just trying to deface the site to show a "hacked by" message, but at the same time they made the site inaccessible so they didn't do what they wanted.
 
No. Passwords are encrypted in the database and it's impossible to convert the encrypted version into the password. That's why people who forget their password have to request a new one, it's not possible to retrieve the old one.

The admin logs show that the attacker didn't access any user information.

They appear to have been just trying to deface the site to show a "hacked by" message, but at the same time they made the site inaccessible so they didn't do what they wanted.

I heard they tried to find the secret of Joe's betting plan success.
 
Status
Not open for further replies.
Log in to stop seeing adverts

Championship

P Pld Pts
1Leeds Utd3882
2Leicester3782
3Ipswich3881
4Southampton3673
5West Brom3866
6Norwich City3861
7Hull City3758
8Coventry City3757
9Preston 3756
10Middlesbro3854
11Cardiff City3853
12Sunderland3848
13Watford3848
14Bristol City3847
15Swansea City3846
16Millwall3843
17Blackburn 3842
18Plymouth 3841
19Stoke City3841
20QPR3840
21Birmingham3839
22Huddersfield3839
23Sheffield W3838
24Rotherham Utd3820

Latest posts

Top