Originally Posted by Stu @ M Developments
Originally Posted by chip-3door
Originally Posted by cossierich330
And did you manage to hack it?
Yes, we gained full admin access, and the ability to delete every post on the fourm and all the users and change who all the mods were.
Its a VERY good job it was someone with PF's best interests at heart and not someone who would want to harm the site!
But Pet has it all water tight now, so no need to worry about someone else doing the same

We would of course just restore a backup from that day and only lose an hour or so's worth of PF if that were to happen naturally.
It was an exploit that was available for all forms of PHP forum running the base revision that we were and was well documented on hacking sites, so yeah, we were lucky.

No way!
Any decent hacker would have made it FAR more difficult than that if they were being malicious.
Every day you delete a different selection of archived threads day by day until eventually it gets noticed, at which point to recover the useful threads you have to go back over months and months worth of backups and load them all into a big F-off table and then select the unique ones to get them back out as no single backup has everything you want in it anymore.
Thats just one example, there are loads of other things too, not least of which would be stuff like rippping off your entire database of all peoples contact details of course and editing all those over a period of time so you end up with a big percentage of 18000 users none of whom have the correct email details anymore in the their profile so cant request a new passwod and have had their passwords changed and you dont know which ones got changed when or how to recover them so you have to wait for 2000 people to all email you asking for help, likewise signing all 18000 members up for every nasty porn and spam email list going which whatever you then do with PF afterwards they are all still stuck on etc, its amazing how much trouble some of these assholes can cause if they really want to Stu, you are being very complacent if you think that the only person you have to deal with is one who will just click the big delete button
Ive (as part of a job i used to have) had to do rescue jobs on after hackers have been in there in the past and trust me you would be amazed at some of the things they come up with! (not specifically for forums i dont mean but it all applies in much the same way)
Obviously anything a hacker does can be undone on the forum, but its the extent to which they can potentially piss off your users thats hard to recover from.
Plus obviously the whole time you are "undoing" everything (which would take you days) the site isnt up which further pisses people off etc