Get your favorite beverage, sit back, and join in the discussion
You are not logged in.
Okay, folks, it happened again. Some little boy thinks he's so smart because he managed to break into the site and delete shit again.
This time, however, there was a backup copy. I restored what was lost, and so the site is back to normal.
HOWEVER
I just received an email that our password database has been posted to a publicly-accessible website.
I have already contacted the site to have it removed. You should, however, change your password on this site immediately. If you use this password anywhere else, I would change it there, too, to be on the safe side.
I'm sorry about this. The problem stems from the old version of PunBB we're running. I would upgrade PunBB, but it would break the entire rest of the website to do so. This is why I do plan to get on building the new site - which will contain all PRIVATE code - as soon as possible.
Regards,
Eric Storm
PS: To the person who did this: Do you hate this site, or do you just think this is cute? If you hate us... just stop visiting! There's no reason for you to hurt others. If you think this is cute: Please grow up. There's nothing cute or funny about what you're doing. You're just wasting people's time - including your own. I hope that someday, some thoughtless individual comes along and tears apart something you find important. Then maybe you'll understand.
Offline
And now I'll have to remember that I changed my password here (which I haven't done since I signed up since it's one I hadn't used anywhere with personal info)...
Sorry about the problems you're having though and hope they grow up soon! (because even if they hate the site they have to be immature to think that attacking it is the way to go...)
Offline
Just an update: The page which contained our password list has been removed. However, the slimeball who has the information could repost it elsewhere (and probably will), so it is still important to change your password.
HJP1993: In all honesty, if you don't feel that anything important is in danger by leaving your password, then you can leave it. It's not like there's any crucial information on this site. But if you are in the slightest concerned about them having access to whatever information is in your Pub account, then you need to change it.
On a technical note, I'd like to point out that the information that was posted wasn't quite as damaging as it could have been. What they posted was the password hash (in other words, the encrypted password, not the thing you type in), and the user's email address. As this site doesn't use the email address for login, and they didn't post usernames, I'm not sure how useful the information is to a hacker. Having said that, I still recommend changing your password. I'm not a hacker, and it's possible the information is useful in a way I'm not aware of.
Eric Storm
Offline
Someone really has a problem with the site eh?
Offline
or several someones. It could also just be a script kiddy that found a vulnerable site to harass.
Offline
Honestly, I'm figuring on the latter choice. The taunt note they left this last time said "BotingIsFun [sic] was here". The name implies they don't give a damn about the site, only the activity of harming it. The spelling indicates a lack of maturity.
Eric Storm
Offline
well hopefully you can migrate to a more secure system sooner rather then later, even if it isn't pretty for a little while, and end the headaches caused by immature bastards.
Offline
I'll be "rolling my own" for the new version of the site. That way the code is private, and whatever vulnerabilities it has will not be able to be discovered by simply looking at the code. It also eliminates the vulnerabilities inherent in "generic" code that has to work for many different sites. My code can be insanely specific to my needs.
Eric Storm
Offline