Update
2009.Jan.18, 08:20 PM
Update
Post: #1
Hi everyone. I first want to thank everyone for their patience and understanding in regards to the events of this afternoon. We know you are all anxious to get the site back up, as are we, but we want to make sure everything is secure and ready to go before we do. In the meantime we feel you deserve an update on what we have found and what happened.

Before I continue I ask that you PLEASE do not post any posts in this topic other than questions. If you want to discuss or rant or rave or whatever, please start a new thread. I ask that this thread please stay as clutter free as possible so it is easy for people to read and follow.

At approximately 2:42 server time today the site was hacked by someone who appears to have a very intimate knowledge of how this and other games like it are structured. He found an exploit using a well-known hack to gain admin access. He was able to access the administration pages and do different things on the site. Luckily he did not have access long as we were notified quickly and took the database down right away. We have been able to track his every move on the site, however, and know exactly what was changed.

4 accounts were affected, including mine. Mine was deleted (why me?!? :x ) as was another. 2 others were modified including 3rdsoldier's. I immediately banned 3rdsoldier in a moment of haste thinking perhaps he was the hacker and this would stop him. After reviewing what has happened, his account isn't necessarily the culprit. The hacker, as they always do, left some tracks.

We have also filed a report with the Internet Crime Complaint Center after being directed their by the FBI. Both Zenith and myself would like to do whatever we can legally to fight back against whoever was involved in this.

As for the site, we are in the process of restoring the lost/modified data on the 3 accounts that were affected and are going through the site page by page to ensure that no pages are left open to further exploits. We are also taking actions to ensure that if either myself or Zenith's accounts are ever compromised in the future, no actions can be taken within the game to modify pages/accounts. Once we feel the data is fully restored and the site is secure from this type of attack the game will be back and running.

The good news is no data has been lost and everything will be back just like it was the second prior to the attack. Also no one's password was compromised so there is no need to reset your password when the site does come back online.

If you have QUESTIONS ONLY please post in this thread and I will answer. ALL OTHER THREADS IN THIS POST WILL BE DELETED.
2009.Jan.18, 08:24 PM
 
Post: #2
My only question is if you have any information as of yet, as to who's responsible, and if there's any sort of motive involved. I figured that you will be pursuing legal action against this individual, so if you can't discuss that, I'll understand.

However,
I think we'd all like to know who's responsible, and why they did what they did.

"It takes only one drink to get me drunk. The trouble is, I can't remember if it's the thirteenth or the fourteenth." George F. Burns
2009.Jan.18, 08:25 PM
 
Post: #3
Will you sue this mofo?.
2009.Jan.18, 08:26 PM
 
Post: #4
Like I said, we have some very strong leads, he left some tracks. I don't want to go into too much detail. We are going to do everything legally that we possibly can.
2009.Jan.18, 08:27 PM
 
Post: #5
I know this isn't a question, but Err or Zen can only reveal the name if they file charges, and preferably if the person is found guilty. Otherwise there is a chance they can be sued.
2009.Jan.18, 08:29 PM
 
Post: #6
You stated earlier that they had knowledge on how sites like this are setup.

I assume that whatever site you use to publish this AL, has similar programs. Is it possible for the Hacker to have hacker those other sites? If so is it possible you you to contact the host to find out any information?

But their is one that they fear. In their tongue it is nova-king, DRAGONBORN!
2009.Jan.18, 08:30 PM
 
Post: #7
can you send a private message/email to the account that were affected? just letting them know. i believe it'll get restored, but i'm sure they'd still like to know.

kick the real world in the sac
2009.Jan.18, 08:33 PM
 
Post: #8
Mock8800 Wrote:You stated earlier that they had knowledge on how sites like this are setup.

I assume that whatever site you use to publish this AL, has similar programs. Is it possible for the Hacker to have hacker those other sites? If so is it possible you you to contact the host to find out any information?

Our game, and many others like it, are based off the same code base. Although we have heavily modified this code and added on many pages, there are still things that are common throughout all similar games. It is very possible this hacker could have hacked other sites like ours. I am not sure who you mean by the host, we are the host of the site.
2009.Jan.18, 08:34 PM
 
Post: #9
LikeWhoa Wrote:can you send a private message/email to the account that were affected? just letting them know. i believe it'll get restored, but i'm sure they'd still like to know.

Yes, we will let them know.
2009.Jan.18, 08:44 PM
 
Post: #10
Err Wrote:Our game, and many others like it, are based off the same code base. Although we have heavily modified this code and added on many pages, there are still things that are common throughout all similar games. It is very possible this hacker could have hacked other sites like ours. I am not sure who you mean by the host, we are the host of the site.


I believe he means do you think you could get in touch with other games that are running the same base code to see if they have had anything like that happen.