Dr. Bantham
05-08-2005, 12:44 PM
Thomas Ligotti Online became the target of a hacker in the early morning hours of 5/5/05. By the grace of good timing, I was online at the time checking activity of the previous night and managed to pull the plug before there was any damage done. The site header had already been defaced and upon the hacker spoofing new IP addresses to avoid my blocking attempts I realized that the best thing to do was to voluntarily bring the site down by deleting all executable files.
The past few days have been spent installing the new core scripting system for phpBB, which reportedly eliminates the security holes accessible from the previous version. I had been procrastinating the installation of these measures since it was quite tedious considering the amount of custom modifications which had been previously integrated. "Who would want to attack TLO?" Apparently, the hacker chose the site randomly via a search bot and I currently suspect nothing more.
The entire site is protected with backups, however the integrity of the data was maintained and restoration was not necessary. While I do not have reason to believe that member identity was compromised, I strongly urge all members to change their TLO password as a precautionary measure. In the remote event that passwords were observed, the hacker could pose as a member and potentially create, edit or delete posts for that membership. There is also the outside chance that member email addresses were observed. There was absolutely no information compromised which could be utilized in order to trace and/or hack a member's computer. I was online for the entire event and watching the activity from the outset, and I have no reason to believe that any member information was seen, as the hacker seemed to have the sole intent of defacing the site with hacker graffiti in order to establish infamy. Most of his prime time was spent dodging my defenses.
The site is now wholly functional, with the exception of Downloads, which will be brought back online very soon. The new security measures should eliminate the risk of having a reoccurrence. I apologize for the downtime and assure everyone that I will certainly make security a high priority in the future. I took this opportunity to port the core site to the root directory, therefore the old web address of www.ligotti.net/nightmare/ will now redirect to www.ligotti.net. Since there were literally thousands of files to be transferred and/or modified, there may be a few bugs which surface over the next few days. In the event that you encounter errors or anomalies, please report them at the Error Reports and Problems (http://www.ligotti.net/viewforum.php?f=70) section of the forum. Welcome back, and enjoy!
The past few days have been spent installing the new core scripting system for phpBB, which reportedly eliminates the security holes accessible from the previous version. I had been procrastinating the installation of these measures since it was quite tedious considering the amount of custom modifications which had been previously integrated. "Who would want to attack TLO?" Apparently, the hacker chose the site randomly via a search bot and I currently suspect nothing more.
The entire site is protected with backups, however the integrity of the data was maintained and restoration was not necessary. While I do not have reason to believe that member identity was compromised, I strongly urge all members to change their TLO password as a precautionary measure. In the remote event that passwords were observed, the hacker could pose as a member and potentially create, edit or delete posts for that membership. There is also the outside chance that member email addresses were observed. There was absolutely no information compromised which could be utilized in order to trace and/or hack a member's computer. I was online for the entire event and watching the activity from the outset, and I have no reason to believe that any member information was seen, as the hacker seemed to have the sole intent of defacing the site with hacker graffiti in order to establish infamy. Most of his prime time was spent dodging my defenses.
The site is now wholly functional, with the exception of Downloads, which will be brought back online very soon. The new security measures should eliminate the risk of having a reoccurrence. I apologize for the downtime and assure everyone that I will certainly make security a high priority in the future. I took this opportunity to port the core site to the root directory, therefore the old web address of www.ligotti.net/nightmare/ will now redirect to www.ligotti.net. Since there were literally thousands of files to be transferred and/or modified, there may be a few bugs which surface over the next few days. In the event that you encounter errors or anomalies, please report them at the Error Reports and Problems (http://www.ligotti.net/viewforum.php?f=70) section of the forum. Welcome back, and enjoy!