We are Back...

[WAMF]

WOW I missed all the action of the last couple of days.

 

[Berkeley_Eagle]

WOW I missed all the action of the last couple of days.

Action ? we wasn't here lol

 

[Captain Moondog]

Great work Dan
Last couple of days I've been reduced to talking to the Missus. She'll be happy too, she reckons she's sick of hearing about football, seems a bit strange to me....

 

[globaleagle]

Dan did such a great job we should welcome him into the 'last fan standing' competition.

Welcome mate!


You forgot to put your tip in for last week so you're out.

 

[Shoe1]

The blue is reminiscent of our new bulldogs style training jersey!

 

[HappilyManly]

Extra Time for Manly and Dan

Thanks for the NSW Blues colour scheme now that the Origin Season is here 😀

Where do I find the link to the Last Fan Standing competition?
Or was the crash caused by Jethro hacking out his Dogs tip? 😛

 

[Tibstar]

Thank you Dan and well done for all the effort you've put in to get this site up and running again. There's some strange ones about. I cant believe that there's people out there who actually don't support Manly. Lol !!!!

 

[Mark from Brisbane]

If you are a true Silvertail you would have an iPad so no need for mobile friendly theme needed!

I have a PC (work and home), an I-Pad (home) and and I-Phone.....just need something that works better on the phone (actually really liked Tapatalk....but no drama's)

I will await the mobile friendly option

 

[Dan]

If you are a true Silvertail you would have an iPad so no need for mobile friendly theme needed!

I have a PC (work and home), an I-Pad (home) and and I-Phone.....just need something that works better on the phone (actually really liked Tapatalk....but no drama's)

I will await the mobile friendly option

The mobile theme worked really well, in fact better than tapatalk for functionality and speed.

The issue with tapatalk is that it has vulnerabilities in it, which adds another layer of insecurity on top of the forums themselves. At least with the forums, I am able to patch issues if I see them, without having to wait for an official release. Tapatalk means I need to wait for a new version to be released as well as make sure everyone updates. It also slows down the site.

After the mess of the last few days I certainly don't want to be adding too many layers of complication

 

[Lord Eagleton]

Please change the layout colour from Doggies Blue to Sea Eagles maroon asap

 

[Dan]

🙂 I will don't worry. This is just the default theme and has to stay for now whilst I do more cleanup

 

[Berkeley_Eagle]

Hope you changed all your passwords to 150 characters Dan lol

 

[Dan]

My account was only compromised after they injected their own data into the database funnily enough, however I have changed all the site passwords and my passwords to more complex ones, just in case

 

[globaleagle]

My avatar looks like the only one working.

Or is it that at the moment we only see our own?

 

[Mark from Brisbane]

Nup can't see mine....BUT you are "special"

---

I am the first to admit I know bugger all about computers, and even less about hacking...at some stage Dan maybe a brief explanation on how they did it (not a technical one that someone can copy and do again) but just a "they hacked my password and then changed everything" (which may well be the answer).

 

[globaleagle]

Dan loves the moose!

 

[Bradza]

Thanks for the massive effort Dan. Happy birthday to Matilda.

 

[Dan]

Not 100% certain, however from what I can tell in the access logs, they used either an XSS or and CRSF exploit to get in. There were at least 2 plugins on the site that were vulnerable as well as an older template. We were also one point version behind on the forum software.

So with the vulnerable areas they were able to use an SQL injection in order to change settings and get elevated privileges, once they did that, the world was their oyster so to speak.

To recover I had to locally restore a backup that I took before the attack, I then had to transfer that data (posts and user accounts) over to a new install, then upgrade the software. Once that was done I had to manually reset permissions, strip out any injected "<script>" tags in signatures, posts and other areas. I then had to install a few security addons and then take another backup of the site to make sure that I could recover at a better point in time if it is hacked again.

I am continuing to work on tightening security more today

 

[Dan]

As for the avatars, they are all gone and can't link up properly. One thing they attackers did was to upload attachments and avatars quickly, most likely files with malware etc in them, so I stripped most of these out

 

[Pittwater Legend]

Maybe we should get Kaspersky to help us out here 😉

While we're at it we'll see if he can track down who these bastards are.