Tweet
I just wanted to quickly address why the site was down or inaccessible recently.
Our site was "hacked" at some point overnight from August 24 through August 25. The method of access was an anonymously disclosed vulnerability within the vBulletin software. The vulnerability is present in every single release of vBulletin 5.x. Though we were on a slightly older release of vBulletin 5 at the time, those with the latest (5.4.5) were also not protected from anybody that wanted to exploit this vulnerability.
The disclosure of the vulnerability was just 18-lines long. It was also apparently a vulnerability that existed for years in private circles but was only shared publicly on Monday, August 23. One of the groups that knew about this vulnerability is Zerodium, a supposed "information security" company that sold the exploit to customers for 3 years. The vulnerability allowed someone to remotely execute malicious code. Some have even went so far as to call it a back door built into vBulletin.
Simply put, this vulnerability allowed people to have pretty much free access to do whatever they wanted on the server.
When it came to our site, I will say that it doesn't seem like we were hit with anything too malicious, which I'm real thankful for. Some sites were reporting that malicious emails were being sent out to users. I looked through the email account that we use here to send out notifications/birthday wishes and I saw nothing out of the ordinary. Other sites may have also been used to deliver malicious code to visitors. But again, I don't believe that happened to us.
Later in the day on the 25th, one of the regular backups of the site was restored. We had lost only about a day's worth of content. However, someone else (maybe the same person?) quickly took the site down again. This is also about the same time that vBulletin released a patch for this vulnerability. Of course, the damage was already done to us by that point. vBulletin did not even have a patch out for this yet until the afternoon hours on the 25th.
On the 26th, the site was restored from another backup. As we were on an older release of vBulletin, we had to go through the process of updating it to the latest version, which did take a bit of time. We are now on the latest patched version of the software.
Aside from a small issue that stemmed from our previously selected search method breaking things for us, the updates seem to have gone smoothly. In fact, a few of the updates for the site should include some nice performance benefits for us.
Now, I'm not saying that any of you need to change your passwords, but you might want to do so just in case. I would say this is perhaps more important if you use the same password here as you do at other sites. I won't force you to change anything. This is all up to you.
Hopefully this won't happen again. I say this, but knowing the issues we've had in the past with vBulletin vulnerabilities, I won't be holding my breath.
As always, big thanks to Crrrazzzy for getting things back up and running, even while he was busy with his real job. He did some updates to both the front end so that we're on the latest patched version of vBulletin in addition to updates to the back end that were needed. I tried to help by staying out of his way and then did the simple stuff I know how to do without breaking the site.
I'm also going to try to learn how to update the site when new versions of vBulletin are released so that I don't have to rely on Crrrazzzy for it all the time.
If you have any questions or comments, feel free to leave them below. If you notice something wrong or broken with the site, please let me know here, or through the Contact Us tool, or @ me or the TGN account on Twitter, or even send an email to me if you know it.
Our site was "hacked" at some point overnight from August 24 through August 25. The method of access was an anonymously disclosed vulnerability within the vBulletin software. The vulnerability is present in every single release of vBulletin 5.x. Though we were on a slightly older release of vBulletin 5 at the time, those with the latest (5.4.5) were also not protected from anybody that wanted to exploit this vulnerability.
The disclosure of the vulnerability was just 18-lines long. It was also apparently a vulnerability that existed for years in private circles but was only shared publicly on Monday, August 23. One of the groups that knew about this vulnerability is Zerodium, a supposed "information security" company that sold the exploit to customers for 3 years. The vulnerability allowed someone to remotely execute malicious code. Some have even went so far as to call it a back door built into vBulletin.
Simply put, this vulnerability allowed people to have pretty much free access to do whatever they wanted on the server.
When it came to our site, I will say that it doesn't seem like we were hit with anything too malicious, which I'm real thankful for. Some sites were reporting that malicious emails were being sent out to users. I looked through the email account that we use here to send out notifications/birthday wishes and I saw nothing out of the ordinary. Other sites may have also been used to deliver malicious code to visitors. But again, I don't believe that happened to us.
Later in the day on the 25th, one of the regular backups of the site was restored. We had lost only about a day's worth of content. However, someone else (maybe the same person?) quickly took the site down again. This is also about the same time that vBulletin released a patch for this vulnerability. Of course, the damage was already done to us by that point. vBulletin did not even have a patch out for this yet until the afternoon hours on the 25th.
On the 26th, the site was restored from another backup. As we were on an older release of vBulletin, we had to go through the process of updating it to the latest version, which did take a bit of time. We are now on the latest patched version of the software.
Aside from a small issue that stemmed from our previously selected search method breaking things for us, the updates seem to have gone smoothly. In fact, a few of the updates for the site should include some nice performance benefits for us.
Now, I'm not saying that any of you need to change your passwords, but you might want to do so just in case. I would say this is perhaps more important if you use the same password here as you do at other sites. I won't force you to change anything. This is all up to you.
Hopefully this won't happen again. I say this, but knowing the issues we've had in the past with vBulletin vulnerabilities, I won't be holding my breath.
As always, big thanks to Crrrazzzy for getting things back up and running, even while he was busy with his real job. He did some updates to both the front end so that we're on the latest patched version of vBulletin in addition to updates to the back end that were needed. I tried to help by staying out of his way and then did the simple stuff I know how to do without breaking the site.
I'm also going to try to learn how to update the site when new versions of vBulletin are released so that I don't have to rely on Crrrazzzy for it all the time.
If you have any questions or comments, feel free to leave them below. If you notice something wrong or broken with the site, please let me know here, or through the Contact Us tool, or @ me or the TGN account on Twitter, or even send an email to me if you know it.