Earlier this week Eurobeat-Prime was the victim of an apparently random defacement, I took the forums down, and after a somewhat careful cleaning and security check, I put them back up.
They were promptly defaced again, this time slightly worse - we lost some forum posts and had admin passwords reset.
This morning I went through everything I could with a fine-tooth comb and am reasonably sure I finally found the hole they were using. This hole appears to be a new exploit for PHPBB's avatar upload system, if you know any communities using that software or run one yourself, I'd advise being on your toes.
But since I cannot be "COMPLETELY" sure the forums are now safe (you can never be) - I would recommend using common sense and keeping your browsers, operating system up to date and set to reasonable security levels. As sadly a good portion of website defacements are used as a platform to infect visitors with viruses/trojans/spyware. (no evidence of that in our case, though)
Issues:
Lost posts: A few of the minor forums were apparently wiped at random. we have these posts in a recent backup, but I'm still working on a solution to gracefully restore them (as I'd rather not lose recent posts and fixes in a total wipe>restore)
User passwords: should be safe due to the way phpbb stores them (encrypted one-way hash), however changing your password is a healthy habit and you may want to do so anyway.
Hidden email addresses: if our attackers were inclined - they would have had the ability to snag our entire email database. So if you notice more spam than usual there's a clue, sorry guys
Finally, if you notice anything strange - or any new site/forum bugs, feel free to alert me at jordanjb@gmail.com (msn or email)
Regarding the recent forum attacks/defacements
Thanks a lot for Jordan for figuring things out here. And also a notice to people who recieved the email from webmaster@eurobeat-prime.com that as one can figure out, it was sent by the same hackers who did all of the confusiong here.
On top of that, some avatars and such might be screwed as it is, and also currently no uploadable avatars will be featured at all. So if you wish to have an avatar use sites like www.imageshack.net for them and link them there.
On top of that, some avatars and such might be screwed as it is, and also currently no uploadable avatars will be featured at all. So if you wish to have an avatar use sites like www.imageshack.net for them and link them there.
Who is online
Users browsing this forum: Bing [Bot] and 3 guests