AAAAAnnnnd we're back. So we got hacked around 3 am this morning. Thank you everyone who contacted me about it. I wasn't awake till about an hour ago, so it took me a while to get to it, but the fix was pretty easy.

The front page of the website after hacked said database was "dumped and dupped" or something like that. Well, we were able to get in via other themes on the website, and the mobile version worked just fine too. That being said most likely the front page was modified and maybe a few other strings as well, BUT just to be safe we did a system restore to 12 midnight last night PST.

So we lost a few pages and entries, but not a big deal. The site is safe. I did some research on the hacker and apparently he's a french white-hat who hacks to show security vulnerabilities and that he does it for "fun".

Whether or not that's true I encourage no retaliatory actions, except we try and find the hole he came in on and plug it. Forum Web Devs will work with me making the site more secure (Both the main page and forum).

Thanks everyone for staying with us. Are your passwords secure? Yes, or well, most likely. That information is encrypted and not even we can read them. I don't think it's an issue. Please let me know below of any weird forum functions or pages you might notice, but doing a full backup restore seems to have done the trick.

Could be unrelated but there is an app recommendation when trying to visit via the iPad .

on a slightly funny note, the dude did give himself an xbox achievement after he hacked the page...

Oh dam. I will be able to help out once I get home. Flight lands at 11 so it'll be late but ill help how I can.

Oh dam. I will be able to help out once I get home. Flight lands at 11 so it'll be late but ill help how I can.

Well, we're good for now, but we really should look at ways to make sure the forum is secure. How? not sure at the moment.

Am glad things are alright again.
When I saw it for the first time, I was like "wtf???", and then I tried to get in touch with you on as many channels as were availbale to me. It was a very interesting experience, but I am in no need to repeat this shit again ...

All the best!
Liam

It's not the first time, and won't be the last. We keep backups in place for just such an occasion.

Could be unrelated but there is an app recommendation when trying to visit via the iPad .

I think that's unrelated, Kc. I've logged on iPad for the past year and have gotten that notification for months now.

What is new, however is when I googled "Were Alive Forum" and the first link that shows says PWNED with some other code gobbledegook under it instead of the normal forum link. That may have been altered due to the hack.

I think that's unrelated, Kc. I've logged on iPad for the past year and have gotten that notification for months now.

What is new, however is when I googled "Were Alive Forum" and the first link that shows says PWNED with some other code gobbledegook under it instead of the normal forum link. That may have been altered due to the hack.

Oh great. I hope our Google cache didn't get changed while we were hacked. What are the chances!

Oh great. I hope our Google cache didn't get changed while we were hacked. What are the chances!

I think the google cache may be ok now. I just googled We're Alive & We're Alive Forum. Both bring back the correct snippet info when showing search results. Google has gotten better at keeping caches up to date and I think (based on similar stuff with sites I've worked on) that they even notice big changes and will crawl more often for jst such a reason.

Thanks for getting things back online so quickly. If I can help with securing the forum, please let me know.

What a huge turd.

ok what is the deal with the hackers? I mean why are they even trying to hack a discussion board. you think they would be trying to hack something that might have monetary value. is it just somebody childish way of getting attention?
if they want to hack something try my student loan, make that go away and then I would be impressed.

That's sort of the beginning of one of my favorite movies, "Sneakers."


Thought I was going to say "Hackers," huh?

Seriously, though, I highly recommend it. Deals with hacking and identity theft before the internet got commercially big. And it has an all-star cast.




ok what is the deal with the hackers? I mean why are they even trying to hack a discussion board. you think they would be trying to hack something that might have monetary value. is it just somebody childish way of getting attention?
if they want to hack something try my student loan, make that go away and then I would be impressed.

That's sort of the beginning of one of my favorite movies, "Sneakers."


Thought I was going to say "Hackers," huh?

Seriously, though, I highly recommend it. Deals with hacking and identity theft before the internet got commercially big. And it has an all-star cast.

seen it. own it. need to watch it again. but still

Here's: a link (http://http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/402799-preventative-how-to-avoid-being-hacked-by-teamps-i-e-p0wersurge)
- A few tips we need to follow/implement.

Corrected link:
How to avoid being hacked... (http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/402799-preventative-how-to-avoid-being-hacked-by-teamps-i-e-p0wersurge)

Okay yea that's one thing I wanted to implement. Another great addition to security

Okay yea that's one thing I wanted to implement. Another great addition to security

Is that something you have access to do? I'm ok with it as long as we have a record on what the passwords are.

Is that something you have access to do? I'm ok with it as long as we have a record on what the passwords are.

Yep, I don't think I need db access FTP is all I need.

Yep, I don't think I need db access FTP is all I need.

Yeah, I can supply that offline.

Ill get working on it soon, I think you gave me access already.

ok what is the deal with the hackers? I mean why are they even trying to hack a discussion board. you think they would be trying to hack something that might have monetary value. is it just somebody childish way of getting attention?
if they want to hack something try my student loan, make that go away and then I would be impressed.

I am kind of biased. Although I am not a huge fan of hackers doing their trade, I actually appreciate "the good guys" to simply test security issues on websites/ platforms in order to point the owner of it towards the lack of security. So not all the hacks take place in order to do harm (for example for exploiting financial or trade information) or simply to maintain a doubtful attitude like sillyness or childishness. As for "Dark Night" and his friends: I feel inclined to accept them as such "good guys", 'cause probably they had no other intention as to give 'us' a hint about the WA-forum-condition ... But I won't go as far as give them justification for what they did, because actually deleting database-information is one unnecessary step further and thus too far then just simply 'mailing' Kc or Nikvoodoo or any other authority on our beloved turf about a certain (small) lack of security ...

Anyway: Most important it is that there is no real harm done (and I got a second chance on the Reptrivia, which I failed again ...).

Best wishes!
Liam

Update on .htaccess, I have added this to the admincp. I am text/emailing Kc the info.

Update on .htaccess, I have added this to the admincp. I am text/emailing Kc the info.

How will I find out the info?

How will I find out the info?

I'm adding a few more users to the access, we will contact via email. I will make the logins this evening.