Print

[Selroth]

Today I woke up to see Aure sent me an email that the site was hacked with a screenshot.  What a way to begin the day!

Anyway, many of you probably saw a defaced page.  We were lucky in that the code in it doesn't seem to be malicious, so everyone who saw the page should be safe.  But, because of events like this, it's always good to keep your operation system, browser, and anti-virus up to date!

Draconity.org itself was not attacked, and as far as I can see no personal information was stolen nor any privacy invasion. 

The host I rent the Virtual Private Server from, InMotion Hosting, was attacked, and a ton of their sites were defaced in a similar fashion.  You can read details here:
http://www.inmotionhosting.com/20110925-systems-announcement.html

Anyway, I took the liberty to upgrade all website software.  There may be a few bugs around, but that's normal - just report them here if you find any. 

The host is also applying a fix to all their customers, and the site may go down again for a moment.  They're assuming most of their customers don't know how to fix their site, I already fixed and upgraded my index.php file, but they may restore it off one of their backups, thus breaking the site with a version mismatch between files.  As soon as I see this, I'll have the site back up as I undo their "fix".

[ImadNemeir]

Good to see everything (almost) is back to normal, and it's also extremely good that no information was stolen (I got really worried about that by the way)

well then we'll get back to business as usual

[sillydraco]

Defaced? what someone graffiti'd the site? what did it look like?

[LackeDragon]

There was a big HACKED on the page yep
Pretty scaring lol

[Smotri]

As soon as the page is entered a script hijacks the browser and shrinks it. Then it spins the window around the screen before maximizing it to display the following;

WARNING: The URL in the screenshot is still affected by the hack. May not be a good idea to visit it.

[LackeDragon]

Exactly that

[sillydraco]

um...why do they tell everyone who did it? they even have a facebook page -.-

[Dradolan]

I am glad I was asleep when this happened. Would have freaked me out totally. o.o

[ImadNemeir]

As soon as the page is entered a script hijacks the browser and shrinks it. Then it spins the window around the screen before maximizing it to display the following;

WARNING: The URL in the screenshot is still affected by the hack. May not be a good idea to visit it.

and if you didn't take any action while opening the page an Arab rap song would start to play

[Selroth]

-Missing attachments/avatars uploaded this month fixed
-IRC Webclient fixed
-Member Map fixed

Post any other issues here, cause I may not notice the shoutbox or IRC :)

[Mawk]

This didn't happen to me, but I did get a white page this morning with some black writing on it that said something about Selroth.

[Selroth]

This didn't happen to me, but I did get a white page this morning with some black writing on it that said something about Selroth.

That was me performing surgery on the site while it was still conscious :)

I like that analogy.  It's fitting :)

[Free]

Real waste of our time - because they have nothing else better to do than hack random domain hosts. Cool story Bangladesh hackers l2getalife.

[Graeth-Raltharn]

Yup, thought it was weird.
Noscript held it back just fine.

[sillydraco]

COUNTERSTRIKE TEAM AWESOME PANDA FIRE SQUAD ALPHA FORCE GO! THIS IS WHAT I TRAINED YOU FOR!

[Tags:]

Tags: