Several people notified me that the forum was down. Initially I mistakenly thought that it was due to something that the hosting provider did but I was mistaken. It turned out that someone from a Ukrainian IP address had compromised the security and tried to change a file to generate clicks on an advertisement running on a site in the United Arab Emirates whenever someone read a post on this site.
It turns out that he was better at breaking in than he was at coding and made a syntax error that brought the board down. Initially we dutifully fixed the syntax error assuming it was due to a file corruption on the server. He then changed the file again and introduced a new syntax error. This time it was harder to find and it appeared that the code had been run through a code obfuscater. Since the forum code is open source this drew my attention and a friend helped decode what the code did. He restored the file to its original state and we plugged the security hole.
We studied the logs and found that our 'visitor' touched three files, two that are not used and he introduced a syntax error into the third. He never gained access to email addresses or any user information nor did he try. He was simply intent on generating revenue through click fraud.
This alerted me to be super careful with security and I have made some changes and will continue to improve the security because I don't ever want to spend this much time on a web site related issue.
Forum Down Time
-
- Posts: 7
- Joined: Wed Apr 01, 2015 10:17 am
Re: Forum Down Time
Thanks for sharing and for the reassurance that our info. was not compromised.