Forum hacked?

maichan · Post by **maichan** » Tue Mar 06, 2012 21:51 -0700

So far I'm okay on Firefox 10.0.2

Haven't tried using the forum on IE since this started happening.

Post by **digulla** » Wed Mar 07, 2012 2:38 -0700

Yes, we were hacked again.

I restored the forum but it will probably just take a couple of hours until the virus is back.

Post by **Maka** » Wed Mar 07, 2012 6:56 -0700

digulla wrote:Yes, we were hacked again.

I restored the forum but it will probably just take a couple of hours until the virus is back.

Thanks Digulla for taking the time to fix the hack every time. I don't know how much time and energy it takes but I imagine there are other things you prefer to be doing. Thank you for taking time, energy and care.

I have had no redirect using mobile safari on iOS 5.0.1 (iPhone 4). Because it seems like it is easy for the hacker to reinstall "the virus" I think I will be only accessing the UY Dojo using mobile safari for now. While it isn't the ideal solution for me, it is more scary to have to worry about what a virus can do to (logging my keystrokes or jeopardizing my data). I'm probably over-reacting but that is my initial feeling/concern.

The UY Dojo is a great on-line community. Once again, thank you to Todd and digulla for creating the forum for us fans to connect with Stan and each other.

Best of luck to all. Peace, maka

maichan · Post by **maichan** » Wed Mar 07, 2012 8:37 -0700

Like Maka, I'd first like to thank Todd and Digulla for bring us this terrific dojo & forum! It's really a shame that some cyber ninjas are out to spoil it for us.

I share Maka's concern over the possible intrusion of our personal data, and thus I am more & more reluctant to come to the forum.

I was wondering if it wasn't possible for email notifications to actually contain the body of a message rather than just a link to the forum? That way we could follow any progress or announcements as to the safety & security of the site, rather than risk visiting it?

Anyhow, thanks to all that have made this community what it is. Your hard work & effort is greatly appreciated. I hope that the damage to the forum can eventually be fixed and that we can all once again enjoy our passion for Usagi together...

Stan Sakai · Post by **Stan Sakai** » Wed Mar 07, 2012 10:25 -0700

Thank you for all your help, Aaron. We all really appreciate your work.

Post by **digulla** » Wed Mar 07, 2012 10:31 -0700

Thanks for your thanks, it's appreciated

If you're on Windows, I suggest to use Firefox 10, Google Chrome 17 (or Chromium, if you're wary of Google) or Internet Explorer 10 or better. The virus specifically checks for IE 6 to 9. Mac and Linux users should be better off but it's only a matter of time until the virus is "upgraded" for those, too.

While Microsoft has improved security of their product in recent years, Firefox and Chrome usually respond much faster to threats and aren't as vulnerable to begin with.

Post by **Todd Shogun** » Mon Mar 12, 2012 20:31 -0700

Digulla-san -- you da man! Saving our ronin butts every time those pesky Neko Ninja are onb the attack.....Thanks buddy

Post by **Mayhem** » Mon Mar 12, 2012 20:59 -0700

To be honest, this might be the time to upgrade the forum software... sadly I can't help there, I just know how to interact with it on the admin/mod side, not the actual server install and configure bits.

maichan · Post by **maichan** » Tue Mar 13, 2012 7:01 -0700

Mayhem wrote:To be honest, this might be the time to upgrade the forum software... sadly I can't help there, I just know how to interact with it on the admin/mod side, not the actual server install and configure bits.

Whilst I can't help much either, I'll put my vote in for an upgrade if possible. I think I have read elsewhere that certain security issues have been addressed....

Post by **digulla** » Sun Mar 18, 2012 13:41 -0700

So we've been hacked again

I'd love to update the forum but I need to find 6-8h of time to do it.

Post by **Mayhem** » Sun Mar 18, 2012 14:52 -0700

Well, if there's anything any of us trusted mods/admin can do on the server side, with permissions and instructions, then I'm sure we might be able to assist in some way.

Stormhaven · Post by **Stormhaven** » Sun Mar 18, 2012 15:46 -0700

I don't think the mods or admins can do much, I think the hacks generally work on a flaw within the security settings of the forum software itself (I don't know if this particular security hack is a SQL injection attack or something different, but same principle most likely). If you don't update the software versions you usually don't have much recourse. Most of the hacks are automated as well - they're not looking specifically for the Usagi DojoBoard, they just do searches for whatever boards they can find running a certain version of phpBB. When a match is found, the attack script gets launched. More than likely it's all automated.

Post by **Mayhem** » Sun Mar 18, 2012 16:41 -0700

I was referring to updating the forum software here heh...

Post by **digulla** » Mon Mar 19, 2012 7:57 -0700

Okay, I've converted the database and updated the forum software. For the time being, it's running under /forum3/ instead of /forum/ but I'd like to move it back to /forum soon.

The main problem is the layout and the link menu. Anyone interested in doing some web design?

Oh, and can someone please check that the kanji in the title of forum "All Things Japan!" are still correct?

maichan · Post by **maichan** » Tue Mar 20, 2012 6:26 -0700

It seems the Spambot Ninjas are still at it.
I see a lot of 'new' members on a daily basis, posting junk.
Can registration be made more difficult to keep them out? Otherwise it looks like you guys are going to have your hands full keeping after them. I see all the junk from this morning has already be deleted - thank you staff!

digulla wrote: Oh, and can someone please check that the kanji in the title of forum "All Things Japan!" are still correct?

My wife is fluent in Japanese, I'll ask her to check it out.

Usagi Yojimbo DojoBoard

Forum hacked?

Re: Forum hacked?

Re: Forum hacked?