As most of you will be aware SomaDev security was compromised over night due to this we have decided to switch webhost. We will be working on fixing the problem and bringing you a much more secure community and server. We'd like to thankyou for your patience within this time and also state that our test server is still up.
Unfortunately the webhost billing address was taken meaning the hackers had direct access to over 100 website cpanels and we were one of the unlucky ones to be effected we are unsure if the forum database was compromised however we'd like for you to change your passwords just in case.
We're going to look at this as a wake up call and daily backups will be done nothing but good can come from this! thankyou again for your patience. On the plus side the emulator now features a variety of auras and also the new webserver is much faster.
By the end of the next few months we should have 2x webservers, our own VPN, and the hosting we currently have.
The SomaDev Team
Service Statement
6 posts
• Page 1 of 1
Re: Service Statement
by stabhappy » Thu May 28, 2009 6:46 pm
Surely the passwords in the DB are hashed?
- stabhappy
- SD One Star
- Posts: 20
- Joined: Sun Apr 20, 2008 5:23 pm
Re: Service Statement
by Matt » Thu May 28, 2009 8:50 pm
yeah md5 hash can be cracked within a few minutes to under and hr (depening on the complexity of the password) (gpu's ftw!!)
anyway yeah, checked the site as I do everyday and was like wtf!!!
I am suprised how far back the forums are sylver, you really should install a db backup module to forums.
I did this on mos.org.uk for gary and it did work...well untill he stopped paying for hosting.
What was the exploit used to gain access? cpanel or forum code?
God dam black hat's!!!!
*edit*
just checked googles cache, 178 new registered members lost since the db rewind.
anyway yeah, checked the site as I do everyday and was like wtf!!!
I am suprised how far back the forums are sylver, you really should install a db backup module to forums.
I did this on mos.org.uk for gary and it did work...well untill he stopped paying for hosting.
What was the exploit used to gain access? cpanel or forum code?
God dam black hat's!!!!
*edit*
just checked googles cache, 178 new registered members lost since the db rewind.
My Soma Mirror: http://downloads.mythofesoma.net
- Matt
- SD Four Star
- Posts: 237
- Joined: Sun Oct 26, 2008 12:35 am
Re: Service Statement
by Moomin » Thu May 28, 2009 9:10 pm
I just tried to get on the .com domain, and luckily I remembered Dan mentioned the .net domain. How annoying, does the host company not have some sort of backups?
-
Moomin - SD Four Star
- Posts: 174
- Joined: Sun Sep 07, 2008 3:31 pm
- Location: England
Re: Service Statement
by iSylver » Thu May 28, 2009 10:04 pm
Unfortunately we relied on the host backups. Nevertheless they got access to a tier above ours so it wasn't a flaw with our security.
We'l eventually setup a cronjob uploading daily backups to a seperate secure server.
Whats done is done we wont point the finger at anyone and there was nothing we could do to prevent it happening (it was out of our control).
We'l eventually setup a cronjob uploading daily backups to a seperate secure server.
Whats done is done we wont point the finger at anyone and there was nothing we could do to prevent it happening (it was out of our control).
- iSylver
- SomaDev Staff
- Posts: 1692
- Joined: Fri Jan 11, 2008 6:21 pm
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest