Forum security breach & planned forum move

Discussion in 'News' started by CyberKiller, Nov 19, 2015.

  1. CyberKiller

    CyberKiller Nyooks!

    Messages:
    1,107
    Likes Received:
    8
    Trophy Points:
    0
    Due to very recent events that involve a possible security breach into the forum, catface and someone else will be moving the forum to a new host this Saturday and converting it from vbulletin to a xenforo board.
    It looks like the security breach was minor in the form of an admin's smartphone getting hacked and used to mass delete threads and posts (not too many were deleted).
    The affected admin's permissions have been removed and it doesn't look like anything else was done but we can't be sure.
    So as a precaution,
    if the passwords you use on any other services is the same as the password you use on this forum then I suggest you change those passwords immediately.
     
    Last edited: Nov 19, 2015
  2. complete_

    complete_ lamer

    Messages:
    6,437
    Likes Received:
    144
    Trophy Points:
    0
    krenzo is noob

    will threads/post be converted? doesnt that take alot of time? (i assume you will be backing it up before you do that of course)

    and is xenforo any different really? whats stopping that from happening on this other forum software which is less known than vbulletin?
     
  3. Catface

    Catface Member

    Messages:
    467
    Likes Received:
    10
    Trophy Points:
    0
    Vbulletin is known for its terrible security. Having used Xenforo, I can say it is a lot better.

    Also. I've revamped the usergroups. There is a chance that certain former (no mod) developers (they know who they are) might not have access anymore to certain forums. If this is the case, please contact me, Tama or Cyberkiller.
     
  4. ViroMan

    ViroMan Black Hole (*sniff*) Bully

    Messages:
    8,381
    Likes Received:
    4
    Trophy Points:
    0
    Was phpbb considered? I run one and they are pretty easy to run and configure for anything.

    Also why not just restore from the weekly backups. You do have weekly backups.... right?

    edit3:
    So I just looked it up. Xenforo is kinda pricey. Even the frigging addons have renewal fees.

    If you want to purchase a forum while hosting it yourself.. I have also used and loved IPB. https://www.invisionpower.com/buy/self-hosted its like 225 up front and then only $25 a year.
     
    Last edited: Nov 20, 2015
  5. Catface

    Catface Member

    Messages:
    467
    Likes Received:
    10
    Trophy Points:
    0
    We'd lose our recent posts and layout changes unless we cherry pick the posts. Which is difficult considering the amount deleted.

    Yeah. But I already have a license, so it's not an issue.
     
  6. Neoony

    Neoony Member

    Messages:
    1,367
    Likes Received:
    106
    Trophy Points:
    0
    Well if someones phone was hijacked, a different forum system will most probably not help with this specific attack.

    Just saying.

    You can always virii an admin and get access...
     
  7. Sgt.Security

    Sgt.Security Member

    Messages:
    3,137
    Likes Received:
    140
    Trophy Points:
    0
    My bad, they drugged me and sneaked in.
     
  8. McGyver

    McGyver Experimental Pedagogue

    Messages:
    6,533
    Likes Received:
    31
    Trophy Points:
    0
    Now that's what I call a forum reorganisation... :P

    Our passwords here are hashed and salted, right?
     
  9. CyberKiller

    CyberKiller Nyooks!

    Messages:
    1,107
    Likes Received:
    8
    Trophy Points:
    0
    Catface already has a Xenforo license.
    We have monthly backups due to the size of them.

    Yes, but passwords can easily be exposed at login via code injection.
     
    Last edited: Nov 20, 2015
  10. Neoony

    Neoony Member

    Messages:
    1,367
    Likes Received:
    106
    Trophy Points:
    0
    hashes can also be used i believe
     
  11. Grantrithor

    Grantrithor Member

    Messages:
    9,820
    Likes Received:
    11
    Trophy Points:
    0
    oh baby
     

Share This Page