Today's downtime

[Jeff]

The site is back up now after around an hour being unavailable.

This is due to an attack by hackers, who exploited a recently discovered vulnerability in the forum software.

There are a few things I still need to do to ensure it can't happen again, and I may need to take the site down as a result, but for the time being, everything is running as it should.

 

[Motown Fox]

I wondered what had happened.
Bloody hackers I can never understand the mentality of these people.
Still it is Pirate day and I suppose in todays terms it was like Pirates attacking the ship. But good old Cap'n Jeff has repelled the boaders and sent them off to whence they came. Arrrrgggghhhh

 

[pork pie fox]

I wondered what had happened.
Bloody hackers I can never understand the mentality of these people.
Still it is Pirate day and I suppose in todays terms it was like Pirates attacking the ship. But good old Cap'n Jeff has repelled the boaders and sent them off to whence they came. Arrrrgggghhhh

:icon_lol: FFS MoFo

 

[Jeff]

But good old Cap'n Jeff has repelled the boaders and sent them off to whence they came. Arrrrgggghhhh

I'm still working on repairing the damage. They accessed a security problem in the forum software to create an admin user, and used this to upload a script that gave them access to files on the system, as well as full access to the site admin system.

I've done what I can to close off their original point of access, but they may have left other stuff behind that allows them to get in again, so I have a lot of checking of files etc before I can be confident everything is OK. I may resort to reinstalling the forum from scratch, but that will create a lot of work, and will involve some downtime.

 

[GazLCFC]

Will any of this have caused passwords to be compromised or any other information?

 

[Jeff]

Will any of this have caused passwords to be compromised or any other information?

No. Passwords are encrypted in the database and it's impossible to convert the encrypted version into the password. That's why people who forget their password have to request a new one, it's not possible to retrieve the old one.

The admin logs show that the attacker didn't access any user information.

They appear to have been just trying to deface the site to show a "hacked by" message, but at the same time they made the site inaccessible so they didn't do what they wanted.

 

[spionfox]

No. Passwords are encrypted in the database and it's impossible to convert the encrypted version into the password. That's why people who forget their password have to request a new one, it's not possible to retrieve the old one.

The admin logs show that the attacker didn't access any user information.

They appear to have been just trying to deface the site to show a "hacked by" message, but at the same time they made the site inaccessible so they didn't do what they wanted.

I heard they tried to find the secret of Joe's betting plan success.

 

[Motown Fox]

I heard they tried to find the secret of Joe's betting plan success.

I'd heard it was an attempt to infiltrate your playlists to leave a self destructing bomb.

 

[spionfox]

I'd heard it was an attempt to infiltrate your playlists to leave a self destructing bomb.

****ing candy crush!