Welcome!

Welcome to our community forums, full of great people, ideas and excitement. Please register if you would like to take part.

This is extra text with a test link..

Register Now

Announcement

Collapse
No announcement yet.

About the Temporary Downtime on 9/25-9/26

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • About the Temporary Downtime on 9/25-9/26

    Apparently, there was a significant security hole in unpatched vBulletin boards that allowed hackers to come in and basically delete all of the server files. This occurred to many vBulletin forums in the last 2-3 days. However, thankfully, Rena has been keeping server backups and was able to patch this security issue. The board was down for roughly 24 hours or so, but everything has been restored to working order.

    Major thanks to Meowth. I had no idea what was going on and this was pretty scary to read about in the news, then to hear that it hit our forum was especially nerve wracking. With backups saved and her diligence in making sure this got patched as soon as she restored the backup, a true crisis has been averted.

    Basically, this announcement is for the multiple people who were reporting downtime during the last ~24 hours. A vBulletin security bug allowed for an exploit causing everything to get deleted by "hackers". It has now been patched/fixed and the forums restored to a backup. There will be some lingering issues that will crop back up, such as avatars needing to be fixed again and whatnot - if they aren't already by the time you read this. Please submit any complaints and we'll try to re-address them in a timely manner. While certainly inconvenient and a setback, I'm just glad everything's (mostly) restored.

    Thanks for your patience regarding this matter

    Sam
    DBZF Administration
    Brother! Your crusade IS OVER!!

    NO...!!

  • #2
    Thank you for writing this post, for a bit of additional information, it allowed a backdoor into the server, allowing malicious files to be uploaded, as a standard precaution, it would be strongly recommended to change any passwords, and remember, don't use the same password from one site to another. Although I have been unable to find any intrusion into the database itself, and the passwords are hashed, this is standard procedure for any breach. From the looks of some files uploaded, the intention seemed to be trying to hijack the mailserver to send out spam emails, of which, we don't have a mailserver, so those didn't get very far.

    I will attempt to remain more vigilant on vB exploits, and we do constantly have backups!

    Also note, I have taken the shoutbox offline, because it was shit and hard to maintain.

    Comment

    Working...
    X