[Forum] Security Breach Detected
Posted: Mon Aug 30, 2010 7:34 pm
BEFORE READING THIS, GO CHANGE YOUR PASSWORD NOW!!!On the past days we have been doing a heavy duty emergency maintenance on forums and server, the reason of this emergency was that it was detected a malicious script injected into our forum core files, somehow a partially-unknown attacker used a vulnerability in our forum software (3.0.5 at the moment of the attack) and placed this script, so far we know all our users passwords have been compromised. In order to restore the security in our server and forums we taked down the forums and made a check of the uploaded files, deleted all the old forum files and upgraded the forum to the lastest version (3.0.7-PL1), we also made a full check of our custom themes and updated those to match the lastest version of Prosilver series. Also the software and OS running in our server was updated as well.
We apologize for any inconvenient caused to our users due this incident, we are currently investigating and we have some clues of who was the attacker, but for now, we will not publish that information in order to keep investigating. An attacker with enought time, skills and horsepower can crack password hashes with rainbow tables, passwords with less than 6 characters can be cracked in just a couple of minutes, we suggest to all our users to use a secure password with more than 8 characters and use UPPERCASE, lowercase, Numb3rs and $pecial Characters to increase your password security.
In order to ensure everyone safety we have issued a FORCED PASSWORD UPDATE for everyone, so once you login to the forums you will be asked to change your password, if you dont, you cant keep browing the forum with your account.
Again we ask for apologizes for any trouble caused.
We are moving to a new box in a few days, if you see the forum closed again its because we are doing the move.
Update: Forums have been already moved, enjoy the new box.