Err
2009.Jan.18, 08:20 PM
Hi everyone. I first want to thank everyone for their patience and understanding in regards to the events of this afternoon. We know you are all anxious to get the site back up, as are we, but we want to make sure everything is secure and ready to go before we do. In the meantime we feel you deserve an update on what we have found and what happened.
Before I continue I ask that you PLEASE do not post any posts in this topic other than questions. If you want to discuss or rant or rave or whatever, please start a new thread. I ask that this thread please stay as clutter free as possible so it is easy for people to read and follow.
At approximately 2:42 server time today the site was hacked by someone who appears to have a very intimate knowledge of how this and other games like it are structured. He found an exploit using a well-known hack to gain admin access. He was able to access the administration pages and do different things on the site. Luckily he did not have access long as we were notified quickly and took the database down right away. We have been able to track his every move on the site, however, and know exactly what was changed.
4 accounts were affected, including mine. Mine was deleted (why me?!? :x ) as was another. 2 others were modified including 3rdsoldier's. I immediately banned 3rdsoldier in a moment of haste thinking perhaps he was the hacker and this would stop him. After reviewing what has happened, his account isn't necessarily the culprit. The hacker, as they always do, left some tracks.
We have also filed a report with the Internet Crime Complaint Center after being directed their by the FBI. Both Zenith and myself would like to do whatever we can legally to fight back against whoever was involved in this.
As for the site, we are in the process of restoring the lost/modified data on the 3 accounts that were affected and are going through the site page by page to ensure that no pages are left open to further exploits. We are also taking actions to ensure that if either myself or Zenith's accounts are ever compromised in the future, no actions can be taken within the game to modify pages/accounts. Once we feel the data is fully restored and the site is secure from this type of attack the game will be back and running.
The good news is no data has been lost and everything will be back just like it was the second prior to the attack. Also no one's password was compromised so there is no need to reset your password when the site does come back online.
If you have QUESTIONS ONLY please post in this thread and I will answer. ALL OTHER THREADS IN THIS POST WILL BE DELETED.
Before I continue I ask that you PLEASE do not post any posts in this topic other than questions. If you want to discuss or rant or rave or whatever, please start a new thread. I ask that this thread please stay as clutter free as possible so it is easy for people to read and follow.
At approximately 2:42 server time today the site was hacked by someone who appears to have a very intimate knowledge of how this and other games like it are structured. He found an exploit using a well-known hack to gain admin access. He was able to access the administration pages and do different things on the site. Luckily he did not have access long as we were notified quickly and took the database down right away. We have been able to track his every move on the site, however, and know exactly what was changed.
4 accounts were affected, including mine. Mine was deleted (why me?!? :x ) as was another. 2 others were modified including 3rdsoldier's. I immediately banned 3rdsoldier in a moment of haste thinking perhaps he was the hacker and this would stop him. After reviewing what has happened, his account isn't necessarily the culprit. The hacker, as they always do, left some tracks.
We have also filed a report with the Internet Crime Complaint Center after being directed their by the FBI. Both Zenith and myself would like to do whatever we can legally to fight back against whoever was involved in this.
As for the site, we are in the process of restoring the lost/modified data on the 3 accounts that were affected and are going through the site page by page to ensure that no pages are left open to further exploits. We are also taking actions to ensure that if either myself or Zenith's accounts are ever compromised in the future, no actions can be taken within the game to modify pages/accounts. Once we feel the data is fully restored and the site is secure from this type of attack the game will be back and running.
The good news is no data has been lost and everything will be back just like it was the second prior to the attack. Also no one's password was compromised so there is no need to reset your password when the site does come back online.
If you have QUESTIONS ONLY please post in this thread and I will answer. ALL OTHER THREADS IN THIS POST WILL BE DELETED.