Where we're at... - Canadian North Pacific Region Forum

Forum Post / Reply
You must log in before you can post or reply to messages.
Where we're at...
Thursday, February 17, 2005 12:25 AM
Ok folks... this is the update where we're presently at..

We got hacked. Duh. I'm not sure by whom, but in discussions it's pretty obvious (to me) that it wasn't tylee10, nor was it Gus. So to all those of you who have formed opinions of what has taken place... just hold off on voicing your opinion for now, alright? We've got tensions up pretty high at the moment.

In the hacking process.. the entire database of messages ended up being deleted and most of the access to both the forum software, and to the root shell was changed. This is a KNOWN exploit in the phpbb software version that we were running, and despite plans to update that software this coming weekend it obviously didn't happen soon enough.

Damon, being the incredible dude that he is (I really can't thank him enough at this point) managed to get back into the forum and then change the passwords to everything so that we once again had control of the root shell.

Unfortunately, the damage was already done, and even more unfortunately, there is no current backup of anything. So we're forced to either update what's left of the forum, or to start again from scratch. Given that there were numerous corrupt files in the system, Damon and I have chosen the latter (to start from zero).

Right now, the latest version of phpbb forum software has been installed. This version is not susceptible to the hack that we fell victim to.

At this moment... the forums are still closed, pending re-installation of the forum modifications, including some new surprises that come part-and-parcel with the new version. I'm sure you'll all be very happy once we get it online.

For the record... I would like to apologize to Tylee10 aka Tyler for accusing him of hacking the site. Given what little information I had at the time, I should have just kept my mouth shut. Tyler, I'm sorry for what you've been through in the last 24 hours.

As for the rest of you, I'm sorry that you're having to go without your daily BCJ fix.. I know how addictive it can be

Rest assured... once I drag my ass out of bed tomorrow morning bright and early, I'll be all over this forum software like a fat kid on a smartie. No offense to fat kids everywhere.

Thanks for your patience everyone.

....j




<a href="http://www.lenkorules.com/"><img src="http://s93165229.onlinehome.us/images/zm/sig/LRDCsig3.jpg"></a>

Re: Where we're at...
Thursday, February 17, 2005 9:08 AM
Hey, ... If you want some help,.. I'll be glad to help you out.

To make things a little easier you could take the format we have for jspeed and just alter it a little to suit BCJ,... this may save you some time.


Another proud Jspeed Member
www.jspeed.ca
Re: Where we're at...
Thursday, February 17, 2005 9:13 AM
Hey john,

Thanks for the update on where we are at...

I don't know how the server was hacked but I am assuming that if they were able to access the DB, it means you probably have a login account through some sort of managment software like phpMyAdmin.

What you should realize is that if you are logging into the DB this way, chances are you or the server host isn't using SSL to login over (Secure Socket Layers). Without running any sort of encryption, you are prone to attack as it is fairly simple to retreive passwords and usernames when information is sent in a "plain-text" form to the server.

I work in comp security for a living so please msg me if you have any questions/problems.

Regards

(aka mike from bcj)
Re: Where we're at...
Thursday, February 17, 2005 10:49 AM
There's a known exploit for phpbb 2.0.8 (which we were still running). Google "phpbb root exploit" and you can find it easily enough. We always used SSL for logins.

Now we're updated to 2.0.11, which isn't prone to this kind of attack.

The new forum is online, even though no one will be able to get into it until it's "ready to go" which hopefully will be tonight.

Bear with me folks... it's all going to be just fine.


...j




<a href="http://www.lenkorules.com/"><img src="http://s93165229.onlinehome.us/images/zm/sig/LRDCsig3.jpg"></a>
Re: Where we're at...
Thursday, February 17, 2005 1:40 PM
so are we gonna have to reregister then once the site is back up and running?


-------------

Re: Where we're at...
Thursday, February 17, 2005 3:58 PM
Yes. Al's post count got owned!

]
Re: Where we're at...
Thursday, February 17, 2005 4:25 PM
poor guy that sucks
Re: Where we're at...
Thursday, February 17, 2005 4:59 PM
my post count was higher than al's . i think the whole board got ownt and whoever did it is laughing. i realllly hope you guys can track down who did all this @!#$ and lay some beats. john i know i for one, as well as the rest of the board i'm sure, really appreciate the work you and damon are putting in to get the board online again, thanks!
Re: Where we're at...
Thursday, February 17, 2005 6:53 PM
na, beating the person only goes so far and likely they will do it again to retaliate. better thing it if you have the proof, press charges.



Re: Where we're at...
Thursday, February 17, 2005 7:27 PM
ok so we lost everything......

thats going to suck cuz i had all my info on the clubs money and members saved in my PMs @!#$ty deal.


ok

and when will the new forum be up or is it now. cuz it will not let me log in right now




Re: Where we're at...
Friday, February 18, 2005 10:14 AM
i dont think itd up yet jeff

Forum Post / Reply
You must log in before you can post or reply to messages.

 

Start New Topic Advanced Search