Hacked

As you may have noticed, the website was down for about 24 hours earlier this week. This is because some lovely person decided it would be fun to hack the site.

So What Actually Happened?

On Tuesday morning I woke up to find the homepage for the Blog, Forums and Gigs website replaced by a “hacked” message. Immediately I took the website offline, and setup a temporary “under maintenance” page which I pointed all the DNS records to while assessing the damage.

At a first glance, it appeared the hacker had only replaced the “index.php” files with a defaced version, but left everything else intact. This would have been quite easy to fix with minimal downtime.

Unfortunately further examination found several copies of a backdoor had been installed, including remote shell access. Given this information, I felt it necessary to migrate the entire site to new servers, and restore from a known backup.

Was Any Information Stolen?

Potentially everything. The hacker obtained access to vBulletin using a zero-day exploit which allowed them to create an administrator account. With an admin account and remote shell access, they could have accessed email addresses, private messages, hashed passwords, and any other information on the site.

There is no indication this was a targeted attack. Dozens of other sites have been compromised this week with exactly the same symptoms. However, it is still possible that any/all of this information has been stolen, and I’m operating under the assumption that this is the case.

How Does This Affect Me?

There are a few precautions you should take to minimize any potential impact:

  • Change your forums password immediately.
  • If you use the same password on other sites (such as your email account), be sure to change them as well.
  • Assume that any information you sent via PM on the forums has been stolen.
  • Let me know via email ([email protected]) if you notice anything suspicious on the website, or have any concerns you’d like to discuss.

What’s Happening Now?

  • I am continuing to investigate the circumstances which led to the hacking, and ensure that all vulnerabilities have been patched.
  • In the near future the blog will be moved to more secure WordPress hosting.
  • I’m working with security professionals to ensure this site adheres to best practices for security moving forward.
  • Ongoing monitoring will be established, so that any future hacking attempts can be noticed and mitigated more quickly.

Conclusion

I’m very sorry to have to share this news with you. While websites are hacked all the time (and a large number seem to have been affected by this particular zero-day exploit), I feel a personal responsibility to protect the information you’ve trusted me with by joining this community. Please be assured I’m doing my best to resolve the situation, and prevent anything like this from happening again in the future.

I’ll keep you posted, and update with more information as soon as it becomes available. In the mean time, you can get in touch with me using the email address above, if you have any queries or concerns. Thanks for your continued support and patience!

Update: I’ve posted a further update about this incident on the forums.

  • Beppi

    I doubt that other site administrators could be clearer and responsible than you, thanks for the information.

  • A1ka1inE

    That’s a real bummer. Seems like you handled it well though and let’s hope nothing like this happens again!

  • StartApp

    Good job handling this super fast David. I think a lot of us felt some emptiness, not being able to check out the forum 🙂

    Keep up the great work, from everyone here at StartApp!

  • Jay

    Thank you for keeping us in the loop. If only App advertising companies were as prompt as you in conveying information. Thank you and good luck with your continued success with this forum.

  • Sorry to hear that! (no pun intended, lol) Good you had backup but you are lucky it was a mass attack.. otherwise hackers would have probably put the backdoors wait for days or even weeks so your backup will be infected too and then execute the attack.

  • Great Article!!!

  • Peter

    How to Hack the Website easly for Any Website, Visti Us, Oracle Training in Bangalore

  • Nice to learn something from this article. You can refer
    some school web design
    here.

  • I agree with you to change my forums pasword immediate.

    ppob pulsa murah

  • Namrata Patel

    Thank you for giving us such kind of information. This is one of the best sites having all the informatics details.
    carebaba.com

  • Ravi kumar

    It is a great article. You will surely like this also because it is a great stuff, yeah it’s give us lots of interest and pleasure. Their opportunities are so fantastic and working style so speedy. Thank you for sharing the nice article.rocket league

  • Uttara Manik

    Thanks for such kind of best details. Really this is very amazing information.
    Examhelpline.in

  • karthik anu

    Good Job!!

    Regards,
    Anu
    xplorant.com