Not sure if many of you saw over the weekend, but the forum was displaying political messages from a Syrian hacking party wanting to spread word of their cause. Sadly they thought that this website would be one of their targets (they've got loads of other sites hacked too - they've been very busy).
The hack was very sophisticated and took advantage of the fact that I had not patched a particular exploit that I didn't think was urgent. (It was and they exploited it!)
It has taken many hours to unpick and clean everything up but I don't think any data has been lost. The main aim of this hack was to spread propaganda, so I'm not really worried about password, email and personal details theft. Nonetheless, I have taken precautions to change all of the passwords used for this site. I would suggest that it is good practise for everybody to make sure that they change their passwords for this site NOW. Also, if you use the same password and username for other sites, then you should change it there too (a word of advice: never use the same passwords on multiple sites, one of them may be hacked one day).
Sorry about the site downtime today, but I have taken my time before bringing the forum back online following removal of the hacks as I wanted to be as sure as I can be that it won't be re-hacked.
The hack was very sophisticated and took advantage of the fact that I had not patched a particular exploit that I didn't think was urgent. (It was and they exploited it!)
It has taken many hours to unpick and clean everything up but I don't think any data has been lost. The main aim of this hack was to spread propaganda, so I'm not really worried about password, email and personal details theft. Nonetheless, I have taken precautions to change all of the passwords used for this site. I would suggest that it is good practise for everybody to make sure that they change their passwords for this site NOW. Also, if you use the same password and username for other sites, then you should change it there too (a word of advice: never use the same passwords on multiple sites, one of them may be hacked one day).
Sorry about the site downtime today, but I have taken my time before bringing the forum back online following removal of the hacks as I wanted to be as sure as I can be that it won't be re-hacked.
Comment