The Pub Discussion Board

Get your favorite beverage, sit back, and join in the discussion

You are not logged in.

#1 2016-01-03 20:13:19

Eric Storm
Pub Owner
From: New Port Richey, FL
Registered: 2006-09-12
Posts: 5379
Website

Hacking attack, password issue

Okay, folks, it happened again.  Some little boy thinks he's so smart because he managed to break into the site and delete shit again.

This time, however, there was a backup copy.  I restored what was lost, and so the site is back to normal.

HOWEVER

I just received an email that our password database has been posted to a publicly-accessible website.

I have already contacted the site to have it removed.  You should, however, change your password on this site immediately.  If you use this password anywhere else, I would change it there, too, to be on the safe side.

I'm sorry about this.  The problem stems from the old version of PunBB we're running.  I would upgrade PunBB, but it would break the entire rest of the website to do so.  This is why I do plan to get on building the new site - which will contain all PRIVATE code - as soon as possible.

Regards,
Eric Storm

PS:  To the person who did this:  Do you hate this site, or do you just think this is cute?  If you hate us... just stop visiting!  There's no reason for you to hurt others.  If you think this is cute:  Please grow up.  There's nothing cute or funny about what you're doing.  You're just wasting people's time - including your own.  I hope that someday, some thoughtless individual comes along and tears apart something you find important.  Then maybe you'll understand.


Please Remember:  The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone."  The US Constitution does not grant you the right to not be offended.  If you don't like what someone's saying... IGNORE THEM.
----
Facebook page

Offline

 

#2 2016-01-04 06:08:18

HJP1993
Inebriated
From: Baytown, Texas
Registered: 2008-01-06
Posts: 21

Re: Hacking attack, password issue

And now I'll have to remember that I changed my password here (which I haven't done since I signed up since it's one I hadn't used anywhere with personal info)... 3dsad

Sorry about the problems you're having though and hope they grow up soon! (because even if they hate the site they have to be immature to think that attacking it is the way to go...)

Offline

 

#3 2016-01-05 21:49:52

Eric Storm
Pub Owner
From: New Port Richey, FL
Registered: 2006-09-12
Posts: 5379
Website

Re: Hacking attack, password issue

Just an update:  The page which contained our password list has been removed.  However, the slimeball who has the information could repost it elsewhere (and probably will), so it is still important to change your password.

HJP1993:  In all honesty, if you don't feel that anything important is in danger by leaving your password, then you can leave it.  It's not like there's any crucial information on this site.  But if you are in the slightest concerned about them having access to whatever information is in your Pub account, then you need to change it.

On a technical note, I'd like to point out that the information that was posted wasn't quite as damaging as it could have been.  What they posted was the password hash (in other words, the encrypted password, not the thing you type in), and the user's email address.  As this site doesn't use the email address for login, and they didn't post usernames, I'm not sure how useful the information is to a hacker.  Having said that, I still recommend changing your password.  I'm not a hacker, and it's possible the information is useful in a way I'm not aware of.

Eric Storm


Please Remember:  The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone."  The US Constitution does not grant you the right to not be offended.  If you don't like what someone's saying... IGNORE THEM.
----
Facebook page

Offline

 

#4 2016-01-06 17:59:54

Ecarus
Inebriated
From: Winnipeg, Mb
Registered: 2013-02-11
Posts: 77

Re: Hacking attack, password issue

Someone really has a problem with the site eh?

Offline

 

#5 2016-01-07 02:40:48

Barbarian3165
Completely Blotto
Registered: 2015-02-11
Posts: 320

Re: Hacking attack, password issue

or several someones.  It could also just be a script kiddy that found a vulnerable site to harass.

Offline

 

#6 2016-01-07 06:01:57

Eric Storm
Pub Owner
From: New Port Richey, FL
Registered: 2006-09-12
Posts: 5379
Website

Re: Hacking attack, password issue

Honestly, I'm figuring on the latter choice.  The taunt note they left this last time said "BotingIsFun [sic] was here".  The name implies they don't give a damn about the site, only the activity of harming it.  The spelling indicates a lack of maturity.

Eric Storm


Please Remember:  The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone."  The US Constitution does not grant you the right to not be offended.  If you don't like what someone's saying... IGNORE THEM.
----
Facebook page

Offline

 

#7 2016-01-08 02:40:49

Barbarian3165
Completely Blotto
Registered: 2015-02-11
Posts: 320

Re: Hacking attack, password issue

well hopefully you can migrate to a more secure system sooner rather then later, even if it isn't pretty for a little while, and end the headaches caused by immature bastards.

Offline

 

#8 2016-01-08 05:31:04

Eric Storm
Pub Owner
From: New Port Richey, FL
Registered: 2006-09-12
Posts: 5379
Website

Re: Hacking attack, password issue

I'll be "rolling my own" for the new version of the site.  That way the code is private, and whatever vulnerabilities it has will not be able to be discovered by simply looking at the code.  It also eliminates the vulnerabilities inherent in "generic" code that has to work for many different sites.  My code can be insanely specific to my needs.

Eric Storm


Please Remember:  The right to Freedom of Speech does not carry the proviso, "As long as it doesn't upset anyone."  The US Constitution does not grant you the right to not be offended.  If you don't like what someone's saying... IGNORE THEM.
----
Facebook page

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson