The Def Guide to Zzap!64

The Zzap Rrap

It is currently Sat Dec 16, 2017 12:45 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 35 posts ]  Go to page 1, 2, 3  Next
Author Message
PostPosted: Thu Dec 09, 2004 7:08 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
The board was hacked this afternoon and all messages and topics and forums were deleted.

I had a backup of the board from March 2004 but this is corrupt, therefore all message have been lost for good :(

The board had over 3500 messages with lots of Zzap info in them but these are now lsot because of some idiot deciding to hack into the board.

Completely pointless vandalism.

As far as I know, the hack was preformed using an exploit in the version of the phpBB software I was using. There had been an update to the software a couple of weeks ago to fix this, but I didn't realise this until after the hack.

The rest of the site appears to be unaffected bu let me know if you notice anything different or weird.

I will of course be preforming full backups of the site's database every week from now on so this can't happen again (ie all messages lost). Unfortunately this doesn't help the situation now.

All those messages lost because of some fucking idiot cracker!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 7:49 pm 
Offline
Director
User avatar

Joined: Wed Jun 18, 2003 8:19 am
Posts: 460
Location: United Kingdom, Hartlepool
I hope the people that did this can be traced down and their ISP's informed! :twisted:

_________________
Contributor to Def Tribute to ZZAP!
Compilation64 - http://compilation64.zzap64.co.uk/
Crazy about the C64? - www.lemon64.com
Amiga Anguish? - www.lemonamiga.com


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 7:53 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
Well I have their IP and at least one ISP (BT Broadband) but will it do any good really?

I guess they might get kicked off their ISP at least, so I guess I should report it.

It's so frustrating, the messages are cached in google but there's no way to get them back on the board without spending weeks doing it by manually entering it all in the database.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 8:13 pm 
Offline
Director
User avatar

Joined: Wed Jun 18, 2003 8:19 am
Posts: 460
Location: United Kingdom, Hartlepool
iain wrote:
Well I have their IP and at least one ISP (BT Broadband) but will it do any good really?

I guess they might get kicked off their ISP at least, so I guess I should report it.

It's so frustrating, the messages are cached in google but there's no way to get them back on the board without spending weeks doing it by manually entering it all in the database.


I would definetly report them, as they are likely to do it again (somewhere else if not here!).

I don't know anything about web design/ forum programs, but how did this happen, as presumably there are supposed to be passwords etc for yourself to alter the forum if necessary - Any idea of how they got in?

_________________
Contributor to Def Tribute to ZZAP!
Compilation64 - http://compilation64.zzap64.co.uk/
Crazy about the C64? - www.lemon64.com
Amiga Anguish? - www.lemonamiga.com


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 8:28 pm 
Offline
Staffer
User avatar

Joined: Sun Jun 22, 2003 1:23 am
Posts: 146
Location: Near Newcastle, England
Holy shit.

There truly are some arseholes in this world. :evil:

_________________
They Were Our Gods - a website charting my progress on an upcoming book of the same name, about the UK gaming scene in the 1980s.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 8:34 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
Seems like they used some sort of variable overload when calling a page, and that entered an admin user in the database and it's easy to do anything from there. :(


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 8:52 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
Well the first cracker appeared to come from a Polish ISP http://www.swiat.pl/ so I have sent them an email about it. Obviously the cracker wasn't a very good one or he would have covered his tracks a bit better.

He found the board by searching for "leet forum phpbb" on Google. Lemon is another site that appear on the results page so thankfully he has now updated his software.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 9:13 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
The second hacker (arrived about 30 mins later) was from 81.153.111.201 and was using BT Broadband as an ISP so obviously I have emailed an abuse repor to them as well.

I'm also working with a couple of other webmasters to get these guys so the net is closing!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 10:18 pm 
Offline
King of Ludlow
User avatar

Joined: Thu Jun 19, 2003 10:22 pm
Posts: 1139
Location: Ludlow
WOT!!! :shock:
Everything gonzo??
I'm well err, I just don't have words for it actually. :evil:

3500 posts vanished. I just can't believe it.

Oh well, life goes on. :?

My feelings are with the webmaster and all genuine Rrappers.
Ta!
Rob


edit: aww, cool. I didn't lose my status and number of original posts! :twisted: Good! Ow, just kiddin'. :wink:

_________________
Once again I emerge from beneath a massive pile of paper which makes my desk groan to bring you the world’s most amazing posts.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 10:27 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
Mr.Zzapback wrote:

3500 posts vanished. I just can't believe it.

Oh well, life goes on. :?


Yeap, it's a shit one, since there was a lot of cool posts with interesting info about Zzap and its staff etc.

But I guess, we can't let the bastards get us down so let's not give up and let the community die. Start writing more messages to fill the board up again! and I promise I'll back up in future! ;-)


Mr.Zzapback wrote:
edit: aww, cool. I didn't lose my status and number of original posts! :twisted: Good! Ow, just kiddin'. :wink:


Well it is something that the user accounts and info survived (you have to delete them one by one, whereas the forums you can delete with one click)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 10:41 pm 
Offline
King of Ludlow
User avatar

Joined: Thu Jun 19, 2003 10:22 pm
Posts: 1139
Location: Ludlow
iain wrote:

Well it is something that the user accounts and info survived (you have to delete them one by one, whereas the forums you can delete with one click)


Oi! Wouldn't it be smart if phpBB 'protected' that possibility?
Which moderator would want to delete the whole board with one click?
This is actually making it more interesting for Hackers to hack a board and to clean-up years of effort with one click. Or am I stupid?
(DON'T answer that one :wink: )

Oh dear, what a day.
The face of 'live concerts' would be changed forever as well, I'm afraid. :evil:
Ta!
Rob

_________________
Once again I emerge from beneath a massive pile of paper which makes my desk groan to bring you the world’s most amazing posts.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Dec 09, 2004 10:49 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
You will all be pleased to know that I have just backed up the complete database. It was oh so easy, just one line! :(

Why didn't I research how to do it and DO it before? c'est la vie I guess :(


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Dec 10, 2004 9:05 am 
Offline
King of Ludlow
User avatar

Joined: Thu Jun 19, 2003 10:22 pm
Posts: 1139
Location: Ludlow
http://www.yakyak.org/viewtopic.php?t=28878&highlight=

http://www.lemon64.com/forum/viewtopic.php?t=15403

http://www.lemon64.com/forum/viewtopic.php?t=15414

http://www.lemon64.com/forum/viewtopic.php?t=15409

Iain, I'd seriously go for the option to 'buy' the backup from your host.
Even if it does fail, the money wouldn't be thrown away.
We could gather the money eaily through paypal for example.
I wouldn't mind browsing the database in case an update fails and restore stuff by hand, just let me know.

Let me hear your opinions please. (the regulars)
Ta!
Rob

_________________
Once again I emerge from beneath a massive pile of paper which makes my desk groan to bring you the world’s most amazing posts.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Dec 10, 2004 10:43 am 
Offline
Ken's Fishy Friend
User avatar

Joined: Wed Jul 09, 2003 4:27 pm
Posts: 48
Location: Belgium, Ghent
this is so so sad,
it makes me really angry!! :x
cheer up iain and all the rest!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Dec 10, 2004 1:23 pm 
Offline
Admin
User avatar

Joined: Tue Jun 17, 2003 6:42 pm
Posts: 2105
Location: Cavan, Ireland
Some good news

I have contacted my host about the possibility of getting a copy of the database backup up a few days ago.

Here's what I got back -

Quote:
If we cannot retrieve what you require then basically you will not be
charged for this but until the order has been placed and the system
administrators have tried we do not know either way. If you place the
order
and the data cannot be restored there will be no charge. If a partial
restore can be achieved then we would contact your first and ask if you
wanted to proceed.



So it's worth a shot! It's been great to see that people have said they are prepared to donate to pay for this, it gives me a warm feeling inside (seriously!), so when I get home I'll set up a donation via Paypal type thing and if we get the required amount, we can go ahead with the attempted backup and if we don't get enough, I can just refund the money back to the donators!

I have fuck all money these days, with no job and being a student again but I'll put up £20 anyway. So we just need to collect another £100.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 35 posts ]  Go to page 1, 2, 3  Next

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group