Forums hacked

[ld50]

As you may have noticed some clever-clogs decided to decorate the forum.

That’s been cleaned up and passwords changed but it’s possible it’ll happen again. I’m digging through the logs to find out how it happened so I can make sure it doesn’t.

I’ve made some modifications to the forums which means a straightforward upgrade may not be possible so need to do a bit more digging till I’ll know for sure what the best plan is.

Thanks for your patience, more as I have it.

[alangjones44]

Does that mean our passwords have been pinched and would anything else have been compromised
Thanks
Alan Jones

[ld50]

I don’t think there’s likely to be a problem beyond the defacing of the site. They seem to have somehow created a user which could then edit the category description to include their banner.

Changes seem to be limited to forum settings, so nothing outside the forum database.

Passwords are stored in the database as a “hash” – i.e. password “lalala” would come out looking like 213123131abce332112, so even if someone got them they would be no use.

It would be possible that a naughty admin user could overwrite password but I don’t think they can be read/stolen as such since they’re not stored in that plain text.

Essentially I can either shut it down till I’ve had time to poke through the logs and figure out what’s happened, and have time to upgrade the site and re-do the modifications, or we can try stronger passwords and just carry on for the mo – with regular backups

[alangjones44]

All Greek to me but will do ISQ

[ld50]

Turkish perhaps? … the hacker’s IP address resolved to turkey so that would follow

[Chris S]

Yes, Turkey it was.

[nutter4x4]

turkey eh!!! reminds me of xmas again

[Author]

Posts