As you may have noticed, the website was down for about 24 hours earlier this week. This is because some lovely person decided it would be fun to hack the site.
So What Actually Happened?
On Tuesday morning I woke up to find the homepage for the Blog, Forums and Gigs website replaced by a “hacked” message. Immediately I took the website offline, and setup a temporary “under maintenance” page which I pointed all the DNS records to while assessing the damage.
At a first glance, it appeared the hacker had only replaced the “index.php” files with a defaced version, but left everything else intact. This would have been quite easy to fix with minimal downtime.
Unfortunately further examination found several copies of a backdoor had been installed, including remote shell access. Given this information, I felt it necessary to migrate the entire site to new servers, and restore from a known backup.
Was Any Information Stolen?
Potentially everything. The hacker obtained access to vBulletin using a zero-day exploit which allowed them to create an administrator account. With an admin account and remote shell access, they could have accessed email addresses, private messages, hashed passwords, and any other information on the site.
There is no indication this was a targeted attack. Dozens of other sites have been compromised this week with exactly the same symptoms. However, it is still possible that any/all of this information has been stolen, and I’m operating under the assumption that this is the case.
How Does This Affect Me?
There are a few precautions you should take to minimize any potential impact:
- Change your forums password immediately.
- If you use the same password on other sites (such as your email account), be sure to change them as well.
- Assume that any information you sent via PM on the forums has been stolen.
- Let me know via email ([email protected]) if you notice anything suspicious on the website, or have any concerns you’d like to discuss.
What’s Happening Now?
- I am continuing to investigate the circumstances which led to the hacking, and ensure that all vulnerabilities have been patched.
- In the near future the blog will be moved to more secure WordPress hosting.
- I’m working with security professionals to ensure this site adheres to best practices for security moving forward.
- Ongoing monitoring will be established, so that any future hacking attempts can be noticed and mitigated more quickly.
I’m very sorry to have to share this news with you. While websites are hacked all the time (and a large number seem to have been affected by this particular zero-day exploit), I feel a personal responsibility to protect the information you’ve trusted me with by joining this community. Please be assured I’m doing my best to resolve the situation, and prevent anything like this from happening again in the future.
I’ll keep you posted, and update with more information as soon as it becomes available. In the mean time, you can get in touch with me using the email address above, if you have any queries or concerns. Thanks for your continued support and patience!
Update: I’ve posted a further update about this incident on the forums.