Attention all users:
Around 6:15 this evening, Smashboards was hacked by what looks like an automated script. It replaced /index.php with a static page stating that Smashboards was hacked with a looping video. We're not 100% sure of the intrusion mechanism, but we're fairly certain that it was done through the site itself since all the files uploaded were created with NGINX's permissions and umask. (Either that, or they were smart. But it looks like it was a quick hack.)
Smashboards.com parent company, Major Leagues Gaming, in house development studio Agora Games was quick to respond and took the following actions.
* Redeployed the site's code
* Upgraded the site to the latest version of vBulletin in the 3.X branch.
* Permissioned all of the files to only be writable by root, so that
the NGINX user can no longer write.
Upon cleaning it up and performing our upgrade we have not been attacked again since. We believe this threat to have been mitigated, but we will continue monitoring, just to be safe.
It also appears many sites across the net were also attacked leading further credibility to the likelihood this having been an automated script VBulletin (the forum software used for smashboards) exploit attack. We do not currently believe any user information to have been compromised nor was the attacked done with any malicious intent but will continue to investigate the situation. This thread will continue to be updated with any additional information.
Around 6:15 this evening, Smashboards was hacked by what looks like an automated script. It replaced /index.php with a static page stating that Smashboards was hacked with a looping video. We're not 100% sure of the intrusion mechanism, but we're fairly certain that it was done through the site itself since all the files uploaded were created with NGINX's permissions and umask. (Either that, or they were smart. But it looks like it was a quick hack.)
Smashboards.com parent company, Major Leagues Gaming, in house development studio Agora Games was quick to respond and took the following actions.
* Redeployed the site's code
* Upgraded the site to the latest version of vBulletin in the 3.X branch.
* Permissioned all of the files to only be writable by root, so that
the NGINX user can no longer write.
Upon cleaning it up and performing our upgrade we have not been attacked again since. We believe this threat to have been mitigated, but we will continue monitoring, just to be safe.
It also appears many sites across the net were also attacked leading further credibility to the likelihood this having been an automated script VBulletin (the forum software used for smashboards) exploit attack. We do not currently believe any user information to have been compromised nor was the attacked done with any malicious intent but will continue to investigate the situation. This thread will continue to be updated with any additional information.