Liftlines hacked

Admin

Administrator
Staff member
Well, by now many of you have seen firsthand the frustration that we've experienced today.

Liftlines was hacked today, not once, but twice. We spent the majority of today trying to fix things around here. Two exploits have been floating around the Internet this week, one attacking a security hole in PHP, and one attacking a hole in phpBB, the software that runs Liftlines. Many, many Internet websites depend on phpBB to manage their user forums, and many have been hit this week by hackers. We were unfortunately not immune.

We believe that we've fixed the security vulnerabilities, and we've restored the forum data from backup. About the only thing that we've been unable to rectify, as far as we can tell right now, is the user "country flag" selection, but that's certainly trivial. The initial attack happened shortly before our backup was performed during the early morning hours of today, Dec. 22, so we were forced to utilize the backup performed during the early morning hours of Dec. 21. Thus, any forum activity after approximately 2am EST on Dec. 21 -- postings, new user registrations, etc. -- has been lost. We apologize for any inconvenience that this may have caused.

We also apologize for the email that the hackers sent through the Liftlines system to all of our users. One positive outcome of that email is that it has allowed us to identify the hacker through his IP address, and we will pursue this individual via all means available. Special thanks to our user Chromer for astutely identifying the hacker.

We thank our users for their concern about the hacked Liftlines forums, for we received many, many emails today regarding our plight.
 
what a pain! glad you guys are still here. but was there any danger to those of us who did open that email thinking it was from you?
 
I wouldn't worry about the email they sent. The only way (virtually all of the time) you can get a virus from an email is if you opened an attachment that was infected.

Otherwise, pure text emails are fine. Just don't open any attachments unless you virus scan them first and are completely sure that they are coming from a reliable source who you would be expecting an attachment from.
 
We suffered a similar attack over at ttips a few weeks ago using the same type of exploit. This site definetly faired alot better than that one. Good thing you have all those backups to work from. Tons of data was lost there and the site was down for a few days. Props to you for getting everything up and running very quickly.
 
skiadikt":1x9xppkm said:
was there any danger to those of us who did open that email thinking it was from you?

None at all.

woodi7259":1x9xppkm said:
Good thing you have all those backups to work from.

We learned our lesson over the summer.
 
I've got to hand it to you, that was a very fast response: getting the liftlines back up, more secure, and restoring from the previous backup.

I bet a lot of forums didn't fare as well as FTO did.

Kudos.
 
ONCE AGAIN, GREAT JOB!!! =D>

YOU DESERVE A FEW POWDER DAYS FOR YOUR HARD JOB MARC, if only Powderfreak could convinced Mother Nature :!: :!: :!: [-o<

Kudos, also to Chromer for tracking down the &(%&?%*%

Zoneski was also attack late afternoon on Monday(?), but they were able to identify the problem and hacker quicky.
 
Patrick":1l5cyenl said:
Zoneski was also attack late afternoon on Monday(?), but they were able to identify the problem and hacker quicky.

Yeah, I got a morally-supportive email from Christophe during the height of yesterday's fiasco. Apparently they had a 24-hour outage, but managed to have the proper backups in place as well.
 
My sympathies, Marc. We were temporarily deprived of our favorite diversion at work yesterday!

Good work restoring the NBS so quickly!
 
The fun continues. :x Did anyone else notice the ridiculous number of guest users hitting the forums over the past couple of days? Like, 200-something at one time? That was a product of the Santy worm on infected phpBB boards hitting ours to see if ours could be compromised as well. In effect, this functioned like a DDOS attack.

We've implemented a solution that denies attempts by the worm to log into our boards as a guest, so the guest count is now accurate. This may not work with future versions of the worm which may be propogated, for all the malicious code writers need to do is modify the worm to work around our solution, but for now this will reduce the strain on our processor, reduce the bandwidth used by the worm, and reflect an accurate guest count.

What a PITA! Why can't the little geeks find something better to do?
 
Back
Top