OverkillZJ
05-10-2005, 01:44 AM
That’s right, I, the resident computer security whore neglected to update the phpBB software (for the last 7 versions) and so we got HACKED. I’m a great example of what NOT to do. The problem is I already invest too much time into this site, and a new security hole that needs patching is found in this crappy free BB software almost weekly, it’s hard to keep up with.
Regardless, my apologies for the downtime that the site saw (even though it was fixed in 1.5 hours). The hacker made use of a MySQL vulnerability that allowed him to log in under Dave’s (BigDaveZJ) username and post a few “hacked” notices as well as change some forum permissions to “private”. I banned Dave’s name (that was fun) assuming that’s the only name he had access to at first while I figured out what happened, then pulled the board down for about an hour for a much needed upgrade.
We’re now up to the most recent version (released a few days ago) and I will continue updating it as I’ve learned there’s people bored enough to hack a site that’s just a bunch of wheelers’ bullshitting. Man, the world is full of jackasses.
Do you want to really help prevent this from happening again? BUY SOME STICKERS! SERIOUSLY! There’s a for sale thread in the “Vendor’s Marketplace” forum. That money doesn’t go into our pockets, it goes towards buying some software to run this site that doesn’t SUCK and isn’t quite as vulnerable to hacks such as this (which any script kiddy can run.)
I’m going to head to bed now for some much needed rest, like I was about to do before receiving several IM’s saying WTF!
I have a real job in the morning, crap.
-Matt
EDIT: All users will have to log in again :finga:
If you forget your password, email Dave and I at admin@mallcrawlin.com so we can reset it for you.
Regardless, my apologies for the downtime that the site saw (even though it was fixed in 1.5 hours). The hacker made use of a MySQL vulnerability that allowed him to log in under Dave’s (BigDaveZJ) username and post a few “hacked” notices as well as change some forum permissions to “private”. I banned Dave’s name (that was fun) assuming that’s the only name he had access to at first while I figured out what happened, then pulled the board down for about an hour for a much needed upgrade.
We’re now up to the most recent version (released a few days ago) and I will continue updating it as I’ve learned there’s people bored enough to hack a site that’s just a bunch of wheelers’ bullshitting. Man, the world is full of jackasses.
Do you want to really help prevent this from happening again? BUY SOME STICKERS! SERIOUSLY! There’s a for sale thread in the “Vendor’s Marketplace” forum. That money doesn’t go into our pockets, it goes towards buying some software to run this site that doesn’t SUCK and isn’t quite as vulnerable to hacks such as this (which any script kiddy can run.)
I’m going to head to bed now for some much needed rest, like I was about to do before receiving several IM’s saying WTF!
I have a real job in the morning, crap.
-Matt
EDIT: All users will have to log in again :finga:
If you forget your password, email Dave and I at admin@mallcrawlin.com so we can reset it for you.