Well, THAT was fun

[Beecham]

Talk about an eventful day at Suikox.com. Looks like I'm the first one back after that? *pokes the boards lightly, wondering if the post'll go through alright*

So what's our status precisely? Are we still vulnerable? And I'm vaguely confused too: was this an attack on this site directly, or was it more generally directed at our host?

Well, here goes... let's see if this puppy works! Whee, it works, it does!

[Vextor]

Nah, it was a google worm. Some little shit decided to disperse a worm using google, abusing a vulnerability in phpBB called the "highlight vulnerability." This allows a hacker to get into the phpBB directory through the viewtopics.php, bypassing all other security measures. The hacker finds the message board by simply typing "viewtopics.php" in google. How incredible, eh?

Then they slipped in a backdoor script inside my server, which seemed to have a bot program coded in there as well. Basically, what it did is re-write every single file on suikox.comwith .html and .php extensions with a simple file that says, "This site has been dafaced!" I'm sure you saw that. Along with that, the backdoor script also automatically conducted similar searches via google, spreading itself to other sites. The one that infected Suikox.com was "Generation 11" which means 10 other sites were infected by the same worm before it came to suikox.

A lot of other sites using phpBB were hit this morning. Unfortunately, many sites did not keep backups so they lost a crap-load of data.

Suikox.com is backed up every hour, so nothing was lost at all. Your messages and user data is stored in a mySQL database, which is located in a separate, secure server. Thus, nothing was lost. Restoration did take a few hours, but it's infinitely better than redoing the entire site from scratch.

[Beecham]

Very much so. I was quite relieved earlier when you told me I hadn't lost my account :) Being only two days old here, I feared the worst ^_^;;;

Side note: odd that I thought I was the first back. The front page insisted there were no new posts in any forums, but I see now on the error forum there was. Guess I posted in the wrong place about this, but I forgot we -had- an error forum ^_^

[Lunarblade]

Phew...thanks SARSadmin, Backups = Instant WIN.
_________________

[Beecham]

More like, secure server == instant win. After speaking to him again I realized my own boards, both of which run a similar set to phpbb, were vulnerable too, I nearly had a heart attack; both, however, seem to have dodged the bullet.

[Daniel Blackhand]

I am glad the site came through okay. I think people that send out viruses are just one rung up from lawyers on the scum scale.
_________________

[Filipe]

To say the least well done Sarsadmin making sure that everything was backed up completely and after a few hours things were completely back up and running like we have all come to know, love and expect from this forum. Now if only I could find this twerp or whoever it is I would give him good reason to never do anything of this sort to anyone again. What I will do has not been determined yet and never will considering I doubt I will ever find out but eventually I will uselessly come up with some sort of vengance plot. Who's with me in this?
_________________