Author Topic: any security issues due to the recent hack?  (Read 2730 times)

Offline plonk420

  • Member
  • Posts: 18
    • View Profile
any security issues due to the recent hack?
« on: July 23, 2012, 08:15:42 AM »
i noticed the board looked interesting in a google search, recently. any chance user/pass/email was compromised?

Offline JEEB

  • fushizenなDTVエンコーダー
  • Administrator
  • Member
  • *****
  • Posts: 117
    • View Profile
    • Yet Another x264 Builder
Re: any security issues due to the recent hack?
« Reply #1 on: July 23, 2012, 03:11:50 PM »
Yes, it seems like the account this forum was hosted on indeed was compromised at least on a file system level. While it doesn't look like the attacker was in it for the private data (mostly just file-wise changes done to show spam to Google), one must always assume the worst. Thus, as per standard procedure, even though it seems as if the information was most probably not accessed illegitimately in the database, and even though all passwords on this site are hashed (and salted), if you have re-used the password you have used on this site, it is recommended that you change it as soon as possible. Also, this piece of forum software lacks the capability to force people to reset their passwords, but you should definitely do so as well.

It is not yet known if a local problem led to this, or if this was a bigger problem with the hoster's systems. I am not going to point any fingers towards anyone at this point and just try and make the current situation better.

So far:
  • Full tarball backup of the compromised forum has been made for further analysis. We already know how the spam effect was done, but more has to be learned about possible points of entry and so forth.
  • The forum has been completely reset file-wise. If there was any cruft that might have made intrusion easier, it sure isn't there any more.
  • All uploaded avatars have been removed and disabled. Only non-local stuff can now be used. One of the possible entry points is a PHP script uploaded as a picture.
  • Overall file rights have been minimized.
  • Moderators' and administrators' passwords were reset, as well as everything possible in the overall forum configuration was changed.

Offline plonk420

  • Member
  • Posts: 18
    • View Profile
Re: any security issues due to the recent hack?
« Reply #2 on: July 23, 2012, 05:36:33 PM »
i appreciate the communication and honesty on this subject :)
« Last Edit: July 23, 2012, 06:38:42 PM by plonk420 »

Offline Reel.Deal

  • Member
  • Posts: 6
    • View Profile
Re: any security issues due to the recent hack?
« Reply #3 on: August 20, 2012, 06:35:20 AM »
Hello, there's still one entry for zyvoxam 600mg - H.264/AVC pops up when you google doom10. I'm certain zyvoxam 600mg is not an encoder. :)

Edit: I take that back, there's a couple of other entries not even remotely close to video/audio encoding.
« Last Edit: August 20, 2012, 06:39:49 AM by Reel.Deal »

Offline JEEB

  • fushizenなDTVエンコーダー
  • Administrator
  • Member
  • *****
  • Posts: 117
    • View Profile
    • Yet Another x264 Builder
Re: any security issues due to the recent hack?
« Reply #4 on: August 20, 2012, 11:24:21 AM »
Those are leftovers from the added stuff, should probably ask Google to reset their cache regarding that.

I'm pretty sure if you surf the site with a google etc. user id now, it should be as clean as it should be :)