|
Your continuous donations keep RPGWatch running!
RPGWatch Forums » Comments » News Comments » RPGWatch - Forums Hacked

Default RPGWatch - Forums Hacked

July 23rd, 2010, 11:39
Unfortunately our forums have been hacked - please bear with us until we can get them restored. Thanks to everyone who has written in or contacted us about the issue.
More information.
Dhruin is offline

Dhruin

Dhruin's Avatar
SasqWatch
Super Moderator
RPGWatch Team

#1

Join Date: Aug 2006
Location: Sydney, Australia
Posts: 11,967

Default 

July 23rd, 2010, 11:39
I noticed. Apparently, they also thrashed the user accounts, because I couldn't log in any more. Stupid kids with a keyboard.
Thaurin is offline

Thaurin

SasqWatch

#2

Join Date: Oct 2006
Location: The Netherlands
Posts: 2,408

Default 

July 23rd, 2010, 11:42
I bet it was soneone being angry that the infected ads have been turned off.

“ Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius – and a lot of courage – to move in the opposite direction.“ (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR

#3

Join Date: Nov 2006
Location: Old Europe
Posts: 15,987

Default 

July 23rd, 2010, 11:56
The user accounts were not trashed. It was made impossible to login. See also here.

Computer n. A machine which flawlessly performs the instructions it is given, no matter how flawed those instructions may be.
Myrthos is offline

Myrthos

Myrthos's Avatar
Cave Canem
Super Moderator
RPGWatch Team

#4

Join Date: Aug 2006
Location: Netherlands
Posts: 4,225

Default 

July 23rd, 2010, 12:02
"Stupid kids with a keyboard" sounds about right, considering the content of the message he left everywhere.

- If at first you don't succeed… try, try again.
Last edited by Davion; July 23rd, 2010 at 13:40.
Davion is offline

Davion

Davion's Avatar
Lawful Good

#5

Join Date: Dec 2009
Location: Belgium, Brasschaat
Posts: 256

Default 

July 23rd, 2010, 13:59
I felt violated by this event even though I was not the one beeing attacked.
Glad everything's back to normal.
The Wanderer is offline

The Wanderer

The Wanderer's Avatar
in paths untrodden
RPGWatch Donor

#6

Join Date: Oct 2006
Location: Icewind Dale.
Posts: 573

Default 

July 23rd, 2010, 14:28
That was crazy. Glad you guys got it up and running again so quickly.
Anderson is offline

Anderson

Anderson's Avatar
Consolized

#7

Join Date: Sep 2009
Location: US
Posts: 884

Default 

July 23rd, 2010, 14:31
Originally Posted by Myrthos View Post
The user accounts were not trashed. It was made impossible to login. See also here.
Oh, okay. I thought I also saw duplicate usernames with silly names on the forums.
Thaurin is offline

Thaurin

SasqWatch

#8

Join Date: Oct 2006
Location: The Netherlands
Posts: 2,408

Default 

July 23rd, 2010, 14:49
eh, what? didn't notice anything
wolfing is offline

wolfing

wolfing's Avatar
Wonders what SasqWatch is

#9

Join Date: Sep 2008
Location: Tardis
Posts: 3,265

Default 

July 23rd, 2010, 15:14
Originally Posted by Thaurin View Post
Oh, okay. I thought I also saw duplicate usernames with silly names on the forums.
I should have used a couple of more words here . It was made impossible to log in and the usernames might or might not have been changed. However as I re-installed a backup of some 10 hours before the hack all usernames were restored again (together with the rest). Some posts were lost in the process of course.

As to the reason for changing the password. The hacker got access to the admins interface by retrieving the username and password of an admin from the database. User passwords are not visible from the admins panel, but it is not entirely clear to me if the exploit also allows to access the credentials of other users.

Computer n. A machine which flawlessly performs the instructions it is given, no matter how flawed those instructions may be.
Myrthos is offline

Myrthos

Myrthos's Avatar
Cave Canem
Super Moderator
RPGWatch Team

#10

Join Date: Aug 2006
Location: Netherlands
Posts: 4,225

Default 

July 23rd, 2010, 15:23
Found something : http://www.h-online.com/open/news/it…n-1044462.html

“ Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius – and a lot of courage – to move in the opposite direction.“ (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR

#11

Join Date: Nov 2006
Location: Old Europe
Posts: 15,987

Default 

July 23rd, 2010, 16:02
Sounds like the exploit gave access credentials to the back-end database. So they could just change things directly like usernames and thread titles. However the passwords for users are salted and hashed on a per user basis which would make it nearly impossible to decrypt. Everyone should still change passwords though.
figment is offline

figment

figment's Avatar
Sentinel
RPGWatch Donor

#12

Join Date: Apr 2010
Posts: 515

Default 

July 23rd, 2010, 16:10
Originally Posted by Thaurin View Post
Oh, okay. I thought I also saw duplicate usernames with silly names on the forums.
I missed the hack, but I wonder what was there to see; it might give an insight in the motives.
So there were silly names? Anything else that indicated it was all about 'fun'?
Or is there a chance somebody was after e.g. email addresses?

A man should never be ashamed to own he has been wrong, which is but saying that he is wiser today than he was yesterday - Alexander Pope
Omega is offline

Omega

Omega's Avatar
Low Profile

#13

Join Date: Dec 2008
Location: Europe
Posts: 515

Default 

July 23rd, 2010, 16:24
Originally Posted by Omega View Post
I missed the hack, but I wonder what was there to see; it might give an insight in the motives.
So there were silly names? Anything else that indicated it was all about 'fun'?
Or is there a chance somebody was after e.g. email addresses?
Only thing I saw was a lot of references to bodily functions and products. I think we were blessed with a very mature hacker. Maybe someone here insulted some kid's favorite JRPG?
GhanBuriGhan is offline

GhanBuriGhan

GhanBuriGhan's Avatar
Wose extraordinaire

#14

Join Date: Oct 2006
Posts: 3,483

Default 

July 23rd, 2010, 16:41
Wasn't there also a lot of Star Trek references? Anyway, glad things are back to normal.

BTW, about 2 or 3 days ago when I visited rpgwatch.com I got a white screen with black text where it said somethign like: "Read install.txt". Can't remember the exact words but it was something like that. After refreshing the site a few times it was gone and things were back to normal. Would that possibly have anything to do with the hack?
Lemonhead is offline

Lemonhead

Lemonhead's Avatar
Keeper of the Watch

#15

Join Date: Jun 2008
Location: The Great White North
Posts: 663

Default 

July 23rd, 2010, 17:09
Originally Posted by Lemonhead View Post
Wasn't there also a lot of Star Trek references? …
Yes, and that was the worst part of it. Star Trek, huh? Gimme a break.

Star Wars on the other hand….

pibbur

Guest

#16

Posts: n/a

Default 

July 23rd, 2010, 17:15
I wonder if this is one of the 7 (real) signs of the apocalypse:
- Mass Effectation of Dragon Age
- Hacking of RPGWatch
- X-Com being remade as a FPS
- …
- Release of Grimoire

Doesn't really matter what the other 3 conditions are, #7 has me totally unworried that it will happen during my lifetime
wolfing is offline

wolfing

wolfing's Avatar
Wonders what SasqWatch is

#17

Join Date: Sep 2008
Location: Tardis
Posts: 3,265

Default 

July 23rd, 2010, 18:42
Darn it, stupid kids with a keyboard, get off our lawn!

Glad to see things sorted out. I noticed that not just the forum, but also the main site was down several times during the last couple of days. Must've been part of this hack/attack, I take it.

"It is pitch black. You are likely to be eaten by a grue."
Lurking Grue is offline

Lurking Grue

Lurking Grue's Avatar
Random Encounter #23

#18

Join Date: Jan 2008
Location: I come from the land of ice and snow
Posts: 563

Default 

July 23rd, 2010, 20:05
Before the hacking was solved, our forums looked similar to an average day over at the Codex. I wouldn't be amazed if there was a connection..
Maylander is offline

Maylander

SasqWatch

#19

Join Date: Oct 2006
Location: Bergen
Posts: 5,473
Send a message via MSN to Maylander

Default 

July 23rd, 2010, 20:46
Originally Posted by Maylander View Post
Before the hacking was solved, our forums looked similar to an average day over at the Codex. I wouldn't be amazed if there was a connection..
No proof = shut up. Let's not start a pissing contest again.
GhanBuriGhan is offline

GhanBuriGhan

GhanBuriGhan's Avatar
Wose extraordinaire

#20

Join Date: Oct 2006
Posts: 3,483
RPGWatch Forums » Comments » News Comments » RPGWatch - Forums Hacked
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 07:09.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright by RPGWatch