I’m afraid that it looks as though the forums have been hacked. Over the past few days, I’ve noticed that it sometimes gets very slow when trying to load random pages, and in the last few minutes I have, upon refreshing certain pages, been redirected to the following URL:
We’re not PHPBB experts - we use the PHPBB forums because they are easy to set up and maintain and we don’t have any experience in this area. Therefore, please bear with us while we investigate and try to nip this in the bud. In the meantime, be very careful to cancel any odd pages that suddenly start loading, and ensure that you don’t allow anything to download (if you’re on Windows, ensure your virus protection is turned on).
We apologise for this - we’ve had spammers attack the forums before and bombard it with porn (hence the extra questions when you register), but never anything like this.
If you see any other pages turning up or odd behaviour, please reply below and let us know. And if anyone knows anything about this because they’ve seen it done elsewhere, likewise, please let us know as it may help us find the cause.
Right, we’re back up! For now, at least. We believe we’ve located the source of the attack and nixed it, and Ioa has spent the past day furiously patching up all files. The main website should be fine now (although parts of it may be out of date as we had to revert to an earlier version and patch it up with changes, so we may have missed some things). Ioa also believes he has cleared out all the malicious code from the forums, so we’ve put them back up, albeit somewhat tentatively. If you see any redirects, please let us know immediately.
Crucially, I’d like to reassure everybody that no sensitive data was affected by this attack. We outsource all of our sales and serial number generation to reputable companies with many years of experience in these fields - namely, eSellerate and Apple. The hacks were to our site only and had no way at all of affecting eSellerate’s servers any more than they had any way of affecting Apple’s, all of which are entirely separate.
Moreover, there is no indication that the hack tried to retrieve email addresses from users’ forum accounts - it seems to have just inserted some code to redirect pages at random. So, there should be no cause for concern on the part of our customers; this was just a very annoying attack that caused our site to do strange things.
getting hacked is a nightmare… i’ve had a few sites attacked… sadly thing is once you’re hacked and you clean up… they seem to find another way in…
majority of attacks lay ‘reinstall code’ down somewhere in the site, which also tends to provide them with a backdoor shell to get in again and reinstall…
hopefully you’ve nipped it in the bud and got rid… i missed the forum in the time it was down
All very worrying – in the sense that anyone “breaking and entering”, wherever it is, creates worry, even if they don’t actually succeed in stealing anything tangible. What they actually steal is a sense of security.
I’d noticed the slowdowns, and thought it was just Dreamhost having trouble again. Oh well, I hope everything is OK, and that everyone chez Scrivener is not too stressed as a result.
I should add that the site and forum being back up so quickly is entirely down to Ioa, who is now getting some well earned rest after I-don’t-know-how-many-hours of trawling through site code.
