Just a brief update on what happened.
Yesterday, it was publicly announced that vBulletin 5 had a serious security flaw. (For more detail on the flaw see https://arstechnica.com/information-...vbulletin-bug/)
Of course, what happens as soon as such a vulnerability is made public is that every hacker and script kiddie on the block starts scanning for vulnerable sites to copy and paste the attack to prove how L33t they are. I got a couple of PMs late last night and missed an email due to being in that London for a networking event. Not that, to be honest, it would have helped. For Reasons, we were running a slightly oldish, unsupported version of vBulletin5 and although the devs issued a patch, it didn't apply to our version. In short, if we hadn't been hacked, I'd probably have had to take the entire board offline anyway as a precaution. It was that severe a hole in the system.
The most excellent Tim @ Latitude has done all the work is getting us back and much, much faster than I thought possible. We are on a new server, with upgraded back-end and an upgraded and patched vBulletin 5. (You'll notice some icons have changed.) We had a choice of taking the current database as of this morning, or the last backup which was midnight 24/9/2019. Although I don't think the hackers left anything behind in the DB, I decided that it was better safe than sorry and went for the pre-hack database backup. This means that any postings or changes made yesterday will have disappeared. Good job nothing news or discussion worthy happened yesterday.
As I say, I don't think that the database was affected and all passwords are salted and hashed properly. However, as a precaution, it would be very prudent for you to change your account password. I've created a topic with instructions to do so here - https://www.onetouchfootball.com/for...word?p=2203032
There will probably be little bits and pieces that aren't quite as they were, probably due to me putting a customisation in or something - I'll try and sort them as they are discovered.
We now return you to your regularly scheduled nonsense.
Yesterday, it was publicly announced that vBulletin 5 had a serious security flaw. (For more detail on the flaw see https://arstechnica.com/information-...vbulletin-bug/)
Of course, what happens as soon as such a vulnerability is made public is that every hacker and script kiddie on the block starts scanning for vulnerable sites to copy and paste the attack to prove how L33t they are. I got a couple of PMs late last night and missed an email due to being in that London for a networking event. Not that, to be honest, it would have helped. For Reasons, we were running a slightly oldish, unsupported version of vBulletin5 and although the devs issued a patch, it didn't apply to our version. In short, if we hadn't been hacked, I'd probably have had to take the entire board offline anyway as a precaution. It was that severe a hole in the system.
The most excellent Tim @ Latitude has done all the work is getting us back and much, much faster than I thought possible. We are on a new server, with upgraded back-end and an upgraded and patched vBulletin 5. (You'll notice some icons have changed.) We had a choice of taking the current database as of this morning, or the last backup which was midnight 24/9/2019. Although I don't think the hackers left anything behind in the DB, I decided that it was better safe than sorry and went for the pre-hack database backup. This means that any postings or changes made yesterday will have disappeared. Good job nothing news or discussion worthy happened yesterday.
As I say, I don't think that the database was affected and all passwords are salted and hashed properly. However, as a precaution, it would be very prudent for you to change your account password. I've created a topic with instructions to do so here - https://www.onetouchfootball.com/for...word?p=2203032
There will probably be little bits and pieces that aren't quite as they were, probably due to me putting a customisation in or something - I'll try and sort them as they are discovered.
We now return you to your regularly scheduled nonsense.
Comment