Someone had cracked the password of an admin account, and placed redirect code in our forums.
The initial effect was a missing footer and odd gltches, such as, no pop up on pm, and reply worked like reply with quote. The redirect code was not immediatly active.
The initial fix attempt was to restore all files that the intruder touched to a date prior to thier log in. While that fix on the surface seemded to work initially, it also resulted in scrambling the post identifier in the DB, posts were not going where they were supposed to, so we had to revert back.
The plan from there was to attempt an overall fix by upgrading the forum software, but our hacker gave me another option.
Our hacker came back again and accessed the same account they had previously, even though the password had been changed, and activated the redirect.
In doing so I was able to track through the logs (it records EVERYTHING) and find the malicious code, and remove it.
Resulting in a forum that now works again like it should.
Additional steps were also taken, the password for that particular admin account was changed to a 150 character random jumble, the permissons for everything were removed, then I deleted the account.
Hopefully effectively locking our nuisance out permanantly.
While I invested a fair amount of time in dealing with this, I in all fairness must aknowledge the tremendous level of support recieved form our host NETFRONTS.
They continually go above and beyond what you might expext from a provider and thier tech support team.
It is with thier help on the back end that we are able to keep this place going, there are not enough thanks to truly reflect thier contribution.
I only delete everything.
As well, so you all can have some peace of mind.
When we get intruded like we did there is only limited things that can be accessed.
Passwords for example do NOT show up for admins or anyone else, they are scrambled in the DB and the only thing we have the ability to do is change it for you, but we cannot see current passwords.
Because we do not do any financial transactions there is no payoff in CC numbers for serious organized hacker groups, so we are left with amatuers trying to learn thier dark arts.
There are redunadant protections in place we can fall back on, and do.
The worst that can happen to us is a denial of service attack, which we have already had and succesfully dealt with in recent months.
The more recent intrusion is really no more than a nuisance, and was never any kind of serious threat.
I only delete everything.
Thanks for all of your work nuTTTz! It's certainly appreciated. Wish I had the skills to be able to help out.
nuTTTz...I want to echo SS's words of thanks for your efforts here. It's nice...that you give NETFRONTS so much credit for their work in helping resolve this particular issue...but we all know that your efforts here are key in keeping this league operating...and they are much appreciated. Thank you man
I know some of you are wondering what has happened to me that would keep me away for so long...
Candace and I have been burning the candles at both ends getting some of lifes requirements taken care of, Candace has passed the exam she spent three months studying for and I couldn't be prouder of her. I am now allowed back in the house and able to make noise once again so I would be back in the rig racing with you however we lost one of Candaces aunts last night and we have a dog battling cancer so I am not really free to join you yet. Rest assured I have not forgotten you or grown tired of the good times we share in the TPRA. To quote a famous american general " I will return" as soon as I can.