!!The recent escapades.. PLEASE READ!!

[nick]

Okay Ladies and Gentlemen,

First off, let me start by apologising for what has happened recently.
For those that don’t know, the 406 Owners Club forums had been hacked. As yet, no one has claimed responsability for the attack, and the reasons for the attack are unknown.

I would like to reassure all our members that all your data, i.e. passwords are safe, and they were NOT compromised (I’ll explain how below).

Unfortunately, I have been staying at the girlfriends for a while and she doesn’t have internet access. The first I found out about it was tonight, when Foxy PM’d me.

From what I can gather, this was just some punk who spotted a hole in the security of the forum, and exploited it just for the sake of exploiting it. I am currently in talks with the hosting provider to trace the ISP of the culprit, and hopefully legal action will ensue.
As you know, the 406 Owners Club site is built around the phpBB forum software, using the current stable 2.x release branch. As a responsible Admin, and site owner, I ensured that it was kept up to date, with the latest security fixes and patches, however as the software is purely forum software, I had to add a few “modifications” so the site could do what we require. Unfortunately, I fell by the wayside in updating one particular module, which, as you can see, has caused data to be lost.

Specifically, the Links section. The attacker used a method called the “SQL Injection”. A SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. [Taken from Wikipedia - http://en.wikipedia.org/wiki/SQL_injection]. The attacker crafted the links.php file to create an admin user, and from that, had access to the general board data.

They DID NOT have access to the actual database itself, ensuring that passwords and other data remained intact.
As a result of this second attack on the site – Foxy very quickly and promptly directed all uses to the playground. This is where I try out new software for the forum, and recently asked users to have a play here to give me some feedback.
I was planning on waiting for a couple of weeks before opening this up as the actual forum, but due to the current situation I believe it is warranted.

As a result, however, any users who registered recently, and all posts made recently have been deleted.
Again, I am currently in talks with my host provider to see if any types of backups were made with regards to the data, to see if any of the forum posts can be rescued, and I’ll update everyone accordingly.

Because of this security breach, and the fact it took so long for me to find out, I have decided to ask for moderators for the forums, to help me, Niz and Foxy, subject to discussing this through with them. I don’t seem to have their mobile numbers, but if anyone has them, can you pass them to me?

Again, I sincerely apologise. This is not something that should have happened, and from what I can see, it was purely by chance that they found this site, and specifically, that file. Again, I’m sorry.

Nick
*I would like to point out that the original amount of swear words in this post made MS Word crash. For the geeks out there – the BSOD came up case there was so many blue words! Well, you got to smile in times like these...

UPDATE 26/09/2007

I didnt get a lot of sleep last night so excuse the inevitable grammer and spelling mistakes..

I've managed to get a 1month 2 weekish backup of the forums, and I', currently speaking to the techs to hopefully get a more recent backup. I've set up a bi-daily backup of the databse which is now emailed to me, incase anything like this ever happens again, and also taken proactive steps to trace the culprits. The log files I have are in a RAW format, so its hard to sift through the data. Sofar I've noticed 3 attacks all using the same method. I'm feeling that soneone asnoticed an out of date links.php file, and posted it onto a forum, and some script kiddies have pounced on it. So far, I have the exact date, and times, and IP addresses, and from what I can tell, one of them is in NI - hosted by BT Broadband. Once I gather enough data I'll speak to the Cybercrime Division of the police, and see how we can move this forward.

I've also taken down the offending file, and will check all the other forum software to ensure that EVERYTHING else is up to date. Any other MODS which havn't been updated within the last 6 months, or have had no development activity will be taken offline. This may include the likes of the Knowledge Base, the Statistics Modules, Calenders etc.

I've also started to speed up the work of the replacment site, to the phpBB 3.x Branch, and more details on this will follow.

The good thing about the new version of phpBB is that most of the functionality of this site is restored, while all the code comes from phpBB themselves, there are very few mods to install.

Again, Sorry about whats happened, and more updates to come!

Nick

[nick]

Updated.

[Foxy]

Well done old man!

Told you these PHPbb's are rubbish

Normal service has been resumed!

[wes1001]

Nick
*I would like to point out that the original amount of swear words in this post made MS Word crash. For the geeks out there – the BSOD came up case there was so many blue words! Well, you got to smile in times like these...

Good going Nick and with all the torrent use my 'pute gets, i think there's something wrong in the world if i dont see the blue screen of death at least once a week - kinda like an old family friend now

[Welly]

Well done Nick.

I'm sure I speak for us all when I say how pleased I am to see things almost back to normal.

Welly.