[We're Back] SUSPENDING SEGUE because of Hack Warnings


#1

Hi

Our web host has asked me to review the security of our website. Apparently, something has been installed that has raised their concerns.

Around the same time, I received a message from another Taiwan phpBB website that they’ve been hacked. They report that others have been “messed around with,” too.

Please expect the worst to happen here at Segue as well. We simply do NOT have the resources to monitor the website round the clock. Heck, I’m hoping I can back up everything later today, so that if anything really bad does happen here, we can recover without THAT much loss :frowning:


#2

I’ve been told that the recent spate of hack attacks on other Taiwan forums exploit security holes in versions of phpBB lower than 2.0.3

This includes us :frowning: we only run 2.0.1

Thus, I need to upgrade the forums after all. This is a problem becuase there are so many forum modifications that have been done here.

Here’s what to expect:

  1. Downtime – it is not easy for me to find time to backup, upload and re-modify the forums

  2. Many of the modifications will be gone (short-term) and then re-appear over time. This affects Karma, the Calendar, Print views, the various chat programs, the job forum forms, and a whole slew of features that help us moderate and manage these discussions

My head hurts just thinking about this. I did not plan to upgrade beyond 2.0.1

I’m considering shutting EVERYTHING DOWN for sometime. I will consult the volunteers and moderators of Segue and our technical support about this.

Stay tuned.


#3

Gosh, I’d have to get a life :shock:

Yes, please keep us informed. If there’s anything I can do to help in spite of my limited technical knowledge …

Iris


#4

Many phpBB boards around the world have been dropping like flies (several that I use regularly). It’s easy to find sites that use phpBB on Google becuase the Help/FAQ allways get indexed and alwasy contain the same phrases. Someone is searching for phpBB websites and exploiting a security hole with avegence (has probably automated the hack with a script, which he’s(she’s) running accross multiple servers already hacked)

Best to upgrade to the latest version, and check the latest news on phpbb.com


#5

I might have to go outside… :shock:


#6

I’d say keep the system down until you are satisfied with the result. A day, a week, a month, a year…whatever.
…and don’t worry about the karma. I am coming back as an insect anyway. :?


#7

[quote=“wolf_reinhold”]I’d say keep the system down until you are satisfied with the result. A day, a week, a month, a year…whatever.
…and don’t worry about the karma. I am coming back as an insect anyway. :?[/quote]

I second that. :frowning: If something does happen (knock on wood) the amount of work nessisary to bring it back up might keep it down for good.

Everyone probably needs a break anyway.


#8

We could all post at another site for a while and come back when segs is back up and running. But where? That new place? Of course, we’d all need to go to the same place to get that ‘special segue feel’! :slight_smile: