Please login or register.

Login with username, password and session length

News:

Author Topic: Forum Was Hacked Megapost  (Read 9360 times)

0 Members and 1 Guest are viewing this topic.

April 08, 2015, 12:01:00 AM
So, if you've attempted to log into the site since the Season 5 Premier, you would have noticed a pirate rapping to you. Well, long story short, we got hacked. Hopefully Derpy One or somebody can provide some more information on that once they get on but I feel it's pretty important to get this thread out fast.

CHANGE YOUR PASSWORDS!!!

At this moment, we do not know exactly how much information the hacker gleaned, if any, or how. But as with any situation in which a site has a security breach, change your passwords immediately. Especially moderators.

Anyways. Yeah. Change your passwords. I recommend changing passwords on other sites if you used the same password but that's up to you.

Anyways. just to note, we weren't the only site to have gotten hit, WorldofEquestria.com also got hit, roughly the same time as far as I could tell. Anyone know if any other sites got hit? Mostly just curious there. But could be useful information I suppose!

Sorry but you are not allowed to view spoiler contents.

April 08, 2015, 12:51:37 AM
Reply #1
Thank you guys for your effort!
[spoiler]
Red for the bloodshed and struggle for freedom.
Blue for the Indian Ocean, in the middle of which Mauritius is situated.
Yellow for the new light of independence shining over the island.
Green for its lush vegetation and its colour throughout the year.

April 08, 2015, 01:44:02 AM
Reply #2
Ouch. I found about the hacking from a certain blog. Just changed my site and mail passwords. Gotta love password managers. A spanish MLP forum I frequent was hacked too on the premiere but they fixed it in record time just for the second part airing.
« Last Edit: April 08, 2015, 01:47:56 AM by xWN »

April 08, 2015, 02:07:39 AM
Reply #3
i'm glad that its up and running again :)
humty dumty sat on the wall
humty dumty had a great fall
humty stood up and rubbed her head
....humty dumty was never an egg
Sorry but you are not allowed to view spoiler contents.
Sorry but you are not allowed to view spoiler contents.
Sorry but you are not allowed to view spoiler contents.
[/spoiler]
nothing can stop the spooge

April 08, 2015, 02:43:46 AM
Reply #4

April 08, 2015, 04:32:43 AM
Reply #5
Ah, it's nice to be back!

The good news is that Feld was able to recover the board as it was; the board's index.php file had been replaced, but it was a simple matter for Feld to restore the original. As far as we have been able to ascertain, nothing has been lost or compromised, but obviously our priority at the moment is making sure that this can not happen again. I'm going to be checking the board software to see that everything is up-to-date and that proper controls are in place. Sadly we can't be one hundred percent certain why, or how, this attack happened, but we can do our best to try and fortify the board against future incursions.

We do strongly advise that people change their passwords, as Mirage said in the opening post. Again, we can't be certain of anything, but it is generally a good base rule to change passwords every so often regardless, especially after a hack such as this. If anyone has any reason to suspect that their personal data may have been appropriated by a third party then please let us know.

Now, on with the show...!

Sorry but you are not allowed to view spoiler contents.

April 08, 2015, 05:04:11 AM
Reply #6
I'm going to be checking the board software to see that everything is up-to-date and that proper controls are in place.

Telling the host that the site was hacked would be a start. That way they can search the server for other hacked sites and put proper measures to avoid a repeat (unless the site is hosted at hostgator, godaddy or oversold host #358). Then filling a case to the SMF people would help. Also, their article on hacked boards has a good checklist for those cases.

And sorry for hijacking the thread this way but I can't see people thinking that replacing the obvious files fix the entire issue so I give this "advice" even if it's not welcome.

April 08, 2015, 05:39:25 AM
Reply #7
And now for the stupid question: how do you change your pass?

April 08, 2015, 05:50:34 AM
Reply #8
And now for the stupid question: how do you change your pass?

Go to your profile and click "Account Settings". In there you will find a pair of text boxes to change your password and confirm the new one. You will need to enter your current password as well to authorise the change.

Sorry but you are not allowed to view spoiler contents.


<3[/spoiler]

April 08, 2015, 06:55:17 AM
Reply #9
Go to your profile and click "Account Settings". In there you will find a pair of text boxes to change your password and confirm the new one. You will need to enter your current password as well to authorise the change.
Thanks. I managed to change it now, thanks!

April 08, 2015, 07:06:31 AM
Reply #10
I have been wondering what happened, and when it would get fixed. I oscillated between concluding that it was hacked, or that this was an April Fools joke which the admins forgot to fix.

Mind you, I do find this sort of hacking a bit strange and sometimes suspicious... since not everyone can simply log into a server and replace the content of a HTML page like that. If this forum is hosted at home by one of the forum admins, I would (with all due respect) point out that the security settings on the server are extremely poor, and strongly suggest an in-depth reconfiguration of the HTML server. If this is hosted on another hosting service instead, then they have some explaining to do for letting this happen, and I would recommend moving away from them because they have poor security.

It might also be likely that someone hijacked the IP address, so they managed to host a web page of their own on the equestriaforums.com DNS domain. I tried to fetch the website's IP while that pirate meme was being displayed, but didn't dig into it enough to get more useful info. In this case though, passwords should be safe.

April 08, 2015, 08:40:26 AM
Reply #11
The pic was hosted at IMGurl... Lame script kiddy is lame
Missing....

April 08, 2015, 08:55:21 AM
Reply #12
I just saw what The Derpy One posted above, which explains what happened.

the board's index.php file had been replaced, but it was a simple matter for Feld to restore the original.

Someone gaining access to a server enough to directly edit or replace a file (such as the index.html) is not something you hear of every day, except when ISIS lunatics hack Christian websites and the like. I'm not quite a top expert when it comes to web hosting, although computers are generally my domain... but in my book this is a sign of a flawed security setup.

I assume the website allows remote control and / or connecting to the drive from over the internet? Unless this is really needed, I would generally advice turning it off... especially on websites prone to hate. If it is needed, I would suggest only using a secure system such as SSL, as well as restricting remote access to only the IP addresses of the admins. I also think there needs to be a quick way for the admins to be informed about hacking, and have a fast way to bypass and revert the negative effects... I imagine this could have been fixed in less than an hour, whereas in this case it lasted for several days.

Again I don't want to sound like an overly critical a-hole, nor give site management lessons to anyone! I'm only trying to help, since trolling and internet idiocy has seriously gotten to the point where it's time to stop. Until people across the world someday come to their senses, we must be ready to smack them as soon as they make a move :)
« Last Edit: April 08, 2015, 08:58:05 AM by MirceaKitsune »

April 08, 2015, 09:15:10 AM
Reply #13
Well...it's good to be back after what happened.

Hopefully we can strengthen ourselves from another one of these attacks.
| 3DS FC: 4055-4094-4151 | Living Pokédex COMPLETED: 10/26/2017 |
| Sonic the Hedgehog, The Simpsons and Pokémon Junkie | Graduate of Kutztown University of Pennsylvania -- Class of 2016 |

"Smarter than the average Lisa."

April 08, 2015, 10:42:48 AM
Reply #14
What I recommend is you guys start a facebook and / twitter account for the forums, so in case something like this or for some other reason the board is going to be down for a long time, you can keep us updated.

April 08, 2015, 12:00:27 PM
Reply #15
What I recommend is you guys start a facebook and / twitter account for the forums, so in case something like this or for some other reason the board is going to be down for a long time, you can keep us updated.

Maybe the forum could also get a channel on irc.canternet.org? I'm permanently online on many IRC servers, including that one... would make contacting and chatting even more easy!

April 08, 2015, 12:01:04 PM
Reply #16
Awww I miss pirate guy already.  :monster:

April 08, 2015, 12:28:04 PM
Reply #17
Yeah, I was pretty much in exile on Legends of Equestria during the whole ordeal. But, does anybody know who this guy is and whether or not he's done this to other non-brony sites?

April 08, 2015, 01:14:31 PM
Reply #18
Yeah, I was pretty much in exile on Legends of Equestria during the whole ordeal. But, does anybody know who this guy is and whether or not he's done this to other non-brony sites?

The same thing happened to World of Equestria.
3DS Friendcode:
2320-6225-0063
EqF Discord Server

Show By Rock!! ID: 784396951
Add me or something.

My Lobi Profile

Sorry but you are not allowed to view spoiler contents.


Your mother was chair making tools. :monster:
[/quote]
goes sleepy*
[/center]
[/spoiler]

April 08, 2015, 01:15:22 PM
Reply #19
Awww I miss pirate guy already.  :monster:

Y'arrgh I be peach-fuzz beard, the prepubescant pirate!
See the bunny bees and puffs of steam from singing kettles in the trees. Bread and butterflies with fork and knives who like to make a meal of time.
Life is clockwork quick - lightning slow. Faster on your toes, so eat your sugared dream and taste the day before it runs away.
Sorry but you are not allowed to view spoiler contents.

April 08, 2015, 01:38:53 PM
Reply #20
What I recommend is you guys start a facebook and / twitter account for the forums, so in case something like this or for some other reason the board is going to be down for a long time, you can keep us updated.

I second the notion of an Equestria Forums Facebook Account as well as a Twitter account.
| 3DS FC: 4055-4094-4151 | Living Pokédex COMPLETED: 10/26/2017 |
| Sonic the Hedgehog, The Simpsons and Pokémon Junkie | Graduate of Kutztown University of Pennsylvania -- Class of 2016 |

"Smarter than the average Lisa."

April 08, 2015, 01:42:22 PM
Reply #21
I second the notion of an Equestria Forums Facebook Account as well as a Twitter account.

There's already an EqF Tumblr ran by Dashell:

http://www.equestriaforums.tumblr.com/

But since Dashell isn't very active here, it probably would be best to make another social media account ran by a more active staff member.
3DS Friendcode:
2320-6225-0063
EqF Discord Server

Show By Rock!! ID: 784396951
Add me or something.

My Lobi Profile

Sorry but you are not allowed to view spoiler contents.


Your mother was chair making tools. :monster:
[/quote]
goes sleepy*
[/center]
[/spoiler]

April 08, 2015, 01:44:49 PM
Reply #22
thanks to the heads up. ^_^
Sorry but you are not allowed to view spoiler contents.
Sorry but you are not allowed to view spoiler contents.
[/spoiler]

RP Characters

Sorry but you are not allowed to view spoiler contents.
Sorry but you are not allowed to view spoiler contents.

April 08, 2015, 01:51:36 PM
Reply #23
There's already an EqF Tumblr ran by Dashell:

http://www.equestriaforums.tumblr.com/

But since Dashell isn't very active here, it probably would be best to make another social media account ran by a more active staff member.

I feel like having a member or two of the staff here on EqF to be the staff running the FB page and the Twitter page should be okay.
| 3DS FC: 4055-4094-4151 | Living Pokédex COMPLETED: 10/26/2017 |
| Sonic the Hedgehog, The Simpsons and Pokémon Junkie | Graduate of Kutztown University of Pennsylvania -- Class of 2016 |

"Smarter than the average Lisa."

April 08, 2015, 02:39:05 PM
Reply #24
Yeah, since Dashell resigned, the Tumblr method has become sort of moot.

We really should get SOMETHING up and running.

What would people prefer though? Facebook, Twitter, new Tumblr account, etc, etc?
Honestly I'd prefer to stay away from Twitter.

Sorry but you are not allowed to view spoiler contents.