Sign in to follow this  
  • entries
    375
  • comments
    1136
  • views
    297574

Downtime

Sign in to follow this  

127 views

Well, that was a fun 24 hours.

About two hours before the site went down, people started reporting that they were seeing an ActiveX popup on every page of the site. It was in response to this that the site was brought down. (I would have done it earlier, but I was out when it was reported and didn't get back until later. Brought the site down as quickly as I could when I got back).

Removing the script was easy; most of the downtime was spent investigating how it had happened, and investigating what could be done to stop it happening again. I'm confident that the measures I've put in place have closed the hole for the time being. (There's still plenty more stuff to shore up, but I can work on it without the site being down).

Unlike the attacks last year, I am confident that there was no attempt made to access the site database. Hence, we are not asking you to reset your passwords. I don't think this attacker was even trying to get that kind of data; rather, they were looking to infect machines with what was most likely a botnet program.

If you were unlucky enough to browse the site in the couple of hours before it went down, using Internet Explorer, and you accepted the ActiveX download, and your antivirus software didn't stop you, then you need to run a malware sweep of your computer immediately. I'm extremely sorry that you have to do this, and hope we never cause you to have to do it again.

On the bright side. While the webserver was down, I took the opportunity to mess with the indexes on the database server. Browsing the forums should, I hope, now be a bit faster.
Sign in to follow this  


8 Comments


Recommended Comments

Yes, thank you. Though i am curious. How did the script get there? Last time it was one of the banners, was that the case this time? If so, then i wonder, isn't there a screening process for the banners? Otherwise it would seem very easy to purchase banner time and just put up a malicious banner.

Share this comment


Link to comment
Quote:
Original post by superpig
On the bright side. While the webserver was down, I took the opportunity to mess with the indexes on the database server. Browsing the forums should, I hope, now be a bit faster.

Yes, actually it is noticeably faster for me. Well done

Share this comment


Link to comment
Quote:
Original post by dmatter
Yes, actually it is noticeably faster for me. Well done
Yup, same here. I used to get a noticeable lag when loading forum index pages; seems a lot faster now (Or there's a lot less traffic [smile])

Share this comment


Link to comment
It was a good job I was away from my computer in those few hours then :)
Just commenting to thank you and all the moderators on gamedev your all doing wonderful jobs at keeping the comunity alive and a safe place =]

Share this comment


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now