« Monday Reader Mail: 25 | Main | Confirmed: Land Does Oasis »
December 20, 2004
Forum Hacked
By QBlog in
The Quixtar BLOG Forum was hacked today. Not sure what's going on but it's down for now. This was a real hack but I have no idea who did it or what may result from this hack.
Thanks for your patience.
UPDATE: There is some good news I guess. This blog was not hacked. All server logs indicate that no data were damaged, deleted or corrupted. That's a big relief. More updates coming.
UPDATE 2: Still working on the Forum problem. Set up a task force to identify the hacker, find him, drag him out of his hole and burn him alive.
UPDATE 3: I'm putting everything on hold till I get this Forum mess cleared up. So the blog and all the crazy stuff connected to it will be neglected till then. Sorry. I'll post updates here as needed.
UPDATE 4: It looks like the data were untouched which is a good thing. Forum should be back online tomorrow and possibly later today.
UPDATE 5: A helpful site visitor has pointed out that many forums using the same open-source software powering the Quixtar BLOG Forum were recently attacked. InfoWorld, PC World and others are reporting that a worm called "Santy" has infected forums around the globe. It exploits some security flaws, overwrites files and can expose passwords. That's bad.
But there is good news. This worm did not infect any data and so nothing in the QBlog Forum will be lost. All entries, user logins, etc. should be fully restored. Also, since this appears to be the work of a large-scale attack, it's unlikely that anyone used any of the sensitive data to cause real problems. I see no evidence of any activity beyond the initial attack. Lastly, this was obviously not something done by anyone specifically sympathetic to Quixtar, Amway or any other MLM. Sorry, no conspiracy.
So, things are looking up now. Still not happy but the forum should be back up tonight or tomorrow. Check back here for more updates.
UPDATE 6: I spoke too soon. This is bad. Real bad. It may have been mere coincidence that this happened at the same time as the Santy worm. Or maybe the Santy worm alerted someone about the security holes with the forum. This forum was hacked by a person, not some worm and as I really dug through it tonight, it looks really, really bad.
UPDATE 7: This is the last update on this post. It looks like the forum will be restored. Entries posted after Friday, Dec. 17, are lost. I'm really sorry about that but I'm extremely excited that everything else seems to have been saved. Thanks for your patience. Forum should be back this weekend.
Comments
D'oh! QBlog wins. I was also going to suggest ppl to go to whataboutquixtar.com forum, it is quite closest to what we all have became addicted to.
ChrisA and Sista, I disagree with both of u.
Looks like a "friendly" hack to me. Look at the message: "It will be back soon... i hope. qblog And if you must get your "forum fix". He might have intended to point out the fact that the phpBB board is exploitable unless patched. If he were an IBO or someone from the other side of the baricade, I think he would have dealt far more damage. Actually, there was no data loss. I agree that this is not the way to inform about security holes in software but it still looks like a kind of a "friendly attack", if you will.
Tom,
It was not a friendly hack. I yanked the forum files and put up that explanation page. It was a malicious hack though I don't think it was anything more than a stupid script-kiddy. A real hacker would have locked me out and this person did not do that. Thank God.
Anyway, things should be back to normal soon.
Do you know specifically what exploit was used?
Interesting... Another forum I frequent (non-quixtar related), that appears to use the same forum software is also down. Is it possible that someone has targetted a particular forum package? Very slim evidence, but a strange coincidence.
Well these things happens, just Like microsoft keep releasing security fixes, and so does the other software vendors to patch their software.
'santy' is in the news today for disabling thousands of php boards.
So how 'bad' does it seem to be to you QBlog?
I know that in the end once you have sifted through things, it may be different - either better or worse - but I am just curious as to how it is at this time.
Let me put it this way: I'm currently searching for DB backups.
Probably Anonymous....
Hack this!
Posted by: SheepNoMore | December 23, 2004 9:55 PM