Forum Hacked

[John Scheffel]

Just to let everyone know on Nov 16, 2004 the forum was hacked. As far as I can tell, the only thing they managed to do was obtain and change my vBulletin password which has admin privileges. However, this password is not sufficient to access our admin web files, that requires a separate login and password that we use to maintain this web site. I don't think the hacker got any farther than that so hopefully they did not get anyone's profile information. Please post if you have any questions or concerns.

I found some information on the vBulletin web site and have installed the recommended patch, so hopefully this won't happen again. It seems we were lucky, because the hackers usually get admin access then delete the forum database. I do a daily backup so we wouldn't have lost too much information, but it would be a really pain to restore the site. Makes me glad that I read the security section in the installation manual and took the extra time to secure the admin pages.

See the vBulletin post below for more info:

http://www.vbulletin.com/forum/showthread.php?t=108741

[clausb]

Thanks for acting so quickly and bringing everything up again! Hope they didn't implant any trojans which could now silently continue to spy the site.

Claus

[John Scheffel]

I don't think they got access to the file system on the server, I have to use a separate login and password to make any file changes. I checked but did not see any new files or any old files which had been updated.

With the access level they had, I think the most they could have done was to delete or modify individual posts and threads, but I don't see any evidence of this. If anyone notices anything missing, let me know.