Service Statement

Announcements regarding SomaDev

Service Statement

Postby iSylver » Thu May 28, 2009 7:41 am

As most of you will be aware SomaDev security was compromised over night due to this we have decided to switch webhost. We will be working on fixing the problem and bringing you a much more secure community and server. We'd like to thankyou for your patience within this time and also state that our test server is still up.

Unfortunately the webhost billing address was taken meaning the hackers had direct access to over 100 website cpanels and we were one of the unlucky ones to be effected we are unsure if the forum database was compromised however we'd like for you to change your passwords just in case.

We're going to look at this as a wake up call and daily backups will be done nothing but good can come from this! thankyou again for your patience. On the plus side the emulator now features a variety of auras and also the new webserver is much faster.

By the end of the next few months we should have 2x webservers, our own VPN, and the hosting we currently have.

The SomaDev Team
Image

Contact ingame:
@iSylver
SOMADEV
iSylver
SomaDev Staff
 
Posts: 1692
Joined: Fri Jan 11, 2008 6:21 pm

Re: Service Statement

Postby stabhappy » Thu May 28, 2009 6:46 pm

Surely the passwords in the DB are hashed?
stabhappy
SD One Star
SD One Star
 
Posts: 20
Joined: Sun Apr 20, 2008 5:23 pm

Re: Service Statement

Postby iSylver » Thu May 28, 2009 7:58 pm

Yes but take into account md5 hashing can be cracked although highly unlikely.
Image

Contact ingame:
@iSylver
SOMADEV
iSylver
SomaDev Staff
 
Posts: 1692
Joined: Fri Jan 11, 2008 6:21 pm

Re: Service Statement

Postby Matt » Thu May 28, 2009 8:50 pm

yeah md5 hash can be cracked within a few minutes to under and hr (depening on the complexity of the password) (gpu's ftw!!)

anyway yeah, checked the site as I do everyday and was like wtf!!!

I am suprised how far back the forums are sylver, you really should install a db backup module to forums.

I did this on mos.org.uk for gary and it did work...well untill he stopped paying for hosting.

What was the exploit used to gain access? cpanel or forum code?

God dam black hat's!!!!

*edit*

just checked googles cache, 178 new registered members lost since the db rewind.
Matt
SD Four Star
SD Four Star
 
Posts: 237
Joined: Sun Oct 26, 2008 12:35 am

Re: Service Statement

Postby Moomin » Thu May 28, 2009 9:10 pm

I just tried to get on the .com domain, and luckily I remembered Dan mentioned the .net domain. How annoying, does the host company not have some sort of backups?
Image
User avatar
Moomin
SD Four Star
SD Four Star
 
Posts: 174
Joined: Sun Sep 07, 2008 3:31 pm
Location: England

Re: Service Statement

Postby iSylver » Thu May 28, 2009 10:04 pm

Unfortunately we relied on the host backups. Nevertheless they got access to a tier above ours so it wasn't a flaw with our security.

We'l eventually setup a cronjob uploading daily backups to a seperate secure server.

Whats done is done we wont point the finger at anyone and there was nothing we could do to prevent it happening (it was out of our control).
Image

Contact ingame:
@iSylver
SOMADEV
iSylver
SomaDev Staff
 
Posts: 1692
Joined: Fri Jan 11, 2008 6:21 pm


Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest

cron