RPGWatch - Forums Hacked
 

Unfortunately our forums have been hacked - please bear with us until we can get them restored. Thanks to everyone who has written in or contacted us about the issue.
More information.

I noticed. Apparently, they also thrashed the user accounts, because I couldn't log in any more. Stupid kids with a keyboard.

I bet it was soneone being angry that the infected ads have been turned off.

The user accounts were not trashed. It was made impossible to login. See also here.

"Stupid kids with a keyboard" sounds about right, considering the content of the message he left everywhere.

I felt violated by this event even though I was not the one beeing attacked.
Glad everything's back to normal.

That was crazy. Glad you guys got it up and running again so quickly.

Oh, okay. I thought I also saw duplicate usernames with silly names on the forums.

eh, what? didn't notice anything

I should have used a couple of more words here :). It was made impossible to log in and the usernames might or might not have been changed. However as I re-installed a backup of some 10 hours before the hack all usernames were restored again (together with the rest). Some posts were lost in the process of course.

As to the reason for changing the password. The hacker got access to the admins interface by retrieving the username and password of an admin from the database. User passwords are not visible from the admins panel, but it is not entirely clear to me if the exploit also allows to access the credentials of other users.

Found something : http://www.h-online.com/open/news/it…n-1044462.html

Sounds like the exploit gave access credentials to the back-end database. So they could just change things directly like usernames and thread titles. However the passwords for users are salted and hashed on a per user basis which would make it nearly impossible to decrypt. Everyone should still change passwords though.

I missed the hack, but I wonder what was there to see; it might give an insight in the motives.
So there were silly names? Anything else that indicated it was all about 'fun'?
Or is there a chance somebody was after e.g. email addresses?

Only thing I saw was a lot of references to bodily functions and products. I think we were blessed with a very mature hacker. Maybe someone here insulted some kid's favorite JRPG? ;)

Wasn't there also a lot of Star Trek references? Anyway, glad things are back to normal.

BTW, about 2 or 3 days ago when I visited rpgwatch.com I got a white screen with black text where it said somethign like: "Read install.txt". Can't remember the exact words but it was something like that. After refreshing the site a few times it was gone and things were back to normal. Would that possibly have anything to do with the hack?

Yes, and that was the worst part of it. Star Trek, huh? Gimme a break.

Star Wars on the other hand….

I wonder if this is one of the 7 (real) signs of the apocalypse:
- Mass Effectation of Dragon Age
- Hacking of RPGWatch
- X-Com being remade as a FPS
- …
- Release of Grimoire

Doesn't really matter what the other 3 conditions are, #7 has me totally unworried that it will happen during my lifetime

Darn it, stupid kids with a keyboard, get off our lawn!

Glad to see things sorted out. I noticed that not just the forum, but also the main site was down several times during the last couple of days. Must've been part of this hack/attack, I take it.

Before the hacking was solved, our forums looked similar to an average day over at the Codex. I wouldn't be amazed if there was a connection..

No proof = shut up. Let's not start a pissing contest again.