Reactor: Online. Sensors: Online. Weapons: Online. All systems nominal.
I just tried to access the classicbattletech.com forums and received the following message:"Due to a security breach the forums are being taken down indefinitely while the damage to the system is accessed. Because of the nature of this breach it is unlikely we will be restoring a backup of user accounts as it is impossible to know who's passwords and accounts have been compromised.We are currently accessing our options and will get the forums back up in one form or another as soon as possible. Thank you for your patience.Jason M. Knight classicbattletech.com System Administrator"Does anyone know anything about this beyond what was stated in that message?
Quote from: Death or Glory on January 21, 2011, 02:21:46 AMI just tried to access the classicbattletech.com forums and received the following message:"Due to a security breach the forums are being taken down indefinitely while the damage to the system is accessed. Because of the nature of this breach it is unlikely we will be restoring a backup of user accounts as it is impossible to know who's passwords and accounts have been compromised.We are currently accessing our options and will get the forums back up in one form or another as soon as possible. Thank you for your patience.Jason M. Knight classicbattletech.com System Administrator"Does anyone know anything about this beyond what was stated in that message?Whatever the issue is, its serious. As we run the same package they do at CBT, I'm inclined to mandate password resets to be on the safe side
Update from deathshadow at HMPro quote:"Well, here's where we're at and the current battleplan.It appears that we may have had TWO hacks occur near simultaneously or with overlap -- a nasty fast one atop a slow/insidious one.The nasty fast one somehow got itself elevated to admin rights and started deleting users MANUALLY and running mySQL commands to delete post indexes from the database -- and we're not talking indexes that can be rebuilt either. Since they appear to have had access to admin rights I cannot/will not trust any of the existing user accounts that were on it. It's odd though as they used a certain admin password without it showing up as being logged in for that user -- so I think they found a security flaw or had a backdoor installed from that previous failed hacking attempt back in July. (that I thought I cleaned out)... either that or the TWO DAYS since SMF 1.1.13 was released documented a new doorway. (and I was going to upgrade tomorrow too...). Maybe a four day upgrade gap was too wide?The slow/insidious one appears to have been modifying forum .php files in the background slowly and quietly that I THINK was a failed attack circa late October, and that up and decided to start running when the 'fast one' started playing around with it.It is unclear whether these were two separate attacks, or a slowly and well planned escalation over several months... Going through the monthly backups I am unwilling to trust the Jan, Dec or Nov backups as they all seem to have a slow corruption and bits and pieces of various hacking attempts in them. SO...I'm with Ripley...To try and turn this into a positive I'm going to take this 'nuke it from orbit' moment to move us to SMF 2.0 even if it is only at release candidate status -- I was going to wait for final but if we're going to start over, I'd like to do so on the next-gen.It is going to take me a few days to get it to where I'm happy with the new security settings I'll be putting in place (things actually COULD have been worse!!! Lord help us if the main site had been running turdpress or boomla) at which point I'm gonna have the admins and mods go in and dot every t and cross every i on getting the correct forums and settings into place. We're also going to take this opportunity to review the rules and who's responsible for what.We probably will NOT have a new forums up and running for the public until sometime after monday. I apologize for the delay but the old forum was starting to rot and was hack upon hack upon upgrade upon upgrade -- and like anything else after three years of use it needed a spring cleaning anyways. (TRYING to look at the bright side here!)I'll try to keep you posted here as to where I'm at with this.Oh, and if you know who's at 192.251.226.205 (that's a german IP), do me a favor and shove your boot straight up their backside. I should have listened to George -- I put up one of the biggest static fortifications possible on a server; and it ended up a Maginot line. Leave it to some German to goose-step through Belgium on me.Fixed fortifications are a monument to the stupidity of man."
I know who Frank Trollman is, but who is HeroChip?
