As if it wasn't really noticeable, the site was down for a while today. There was a security breach where an administrator account was compromised and the attacker used this account to delete accounts and generally cause a Bad Time(tm) for the site. Fortunately, the attack seems to be confined to vBulletin and no filesystem or shell server access was obtained. Also fortunately, I take backups of the site database on a daily basis and have a weekly and monthly retention policy. I have restored the site from the backup take on July 22nd (that would be 3 AM EDT), so any content added since then will have been lost. Unfortunate for sure, but it could have been worse. I have also reset passwords for two admin accounts and sent a further reset email to their inboxes. Just wanted to keep everyone up to speed - don't hesitate to reply here if you have any questions. Thanks, Ghan
Send me names of threads where you have important posts that were lost and I may be able to recover the text.
Yay for backups! And you have my thanks as well for a good job bringing the site back up. I do have a question though. Is this incident being investigated and reported to the authorities? I do believe that malicious "hacking" attacks can be (and should be) prosecuted. This one seems to me to be more than just "having fun" with the deletion of accounts and damage they tried to do to the site. Sent from my EVO 4G Shift using Tapatalk 2
There is no possible way to track whomever did this because they used an advanced proxy system; the most we can do is stay on watch and protect against future events like this.
I probably would take legal action if I were tyro especially since he was being watched through RDP. He used a normal IP for his posts. So he's hardly covered himself. And there are ways to unmask a proxy especially if it's a free one.
