AHAS Forum

[AHAS]

As many of you are no doubt aware, the entire AHAS infrastructure was deactivated by my internet host yesterday. For the moment, it appears that the site and forums are running again, so I am able to post this explanation to you.

A widespread attack on security holes in the php scripting language forced the host to take drastic measures and disable sites running certain php applications. It attacked not only my sites, but thousands upon thousands of sites (40,000 an hour) running php and hackable versions of phpbb, the forum software I use for the AHAS Forum. While AHAS Forum was not at risk, it had been updated a few days earlier, another installed application I rarely use was at risk and forced the host to take down AHAS and everything under Network 23.

For more information on what happened, please see my post in the AHAS Forum.

[AHAS]

As many of you are no doubt aware, the entire AHAS infrastructure was deactivated by my internet host yesterday. For the moment, it appears that the site and forums are running again, so I am able to post this explanation to you.

Contrary to what you may have read on the disabled pages, my account was not suspended for any financial or improper reasons. I greatly wish my hosts had used a more appropriate message regarding 'technical issues' rather than the more mysterious 'suspended' note they posted.

My entire account was disabled due to a widespread attack on security holes in the php scripting language. It attacked not only my sites, but thousands upon thousands of sites (40,000 an hour) running php and hackable versions of phpbb, the forum software I use for the AHAS Forum. Confusion reigned in my head because I had updated phpbb to the latest version that removed the security hole 3-4 days ago.

According to my host, there was another, separate attack against another security hole in the php scripting language in general. I use php extensively on my sites and was not looking forward to possibly having to rewrite a majority of my code to get things up and running again. Luckily, it appears that the only code to be 'attackable' was a blog I installed last year that I hardly ever used. None of my hand-written code was under attack. I guess it was easier to take down the whole site rather than disable php or the scripts in question. I've seen AHAS without PHP. It's not a pretty picture!:shock:

I hope that AHAS is back up for good now. I am so sorry that this had to happen on Christmas Eve. I hope you are all safe and well, and I look forward to chatting with you all again!

[cronusla]

So Nyarl was tight. It WAS a hacker thing. d*mn.

But everything worked out fine fortunately.

[AHAS]

Through it all however, AlyChat (the Palace live chat system) remained up and running. Those who had bookmarked it were able to continue their Aly-related discussions and conjecturing on what was happening to the site.

So, if you want to do the same, here is the link to AlyChat. Please bookmark it. As it is completely separate from the AHAS site, it should never be affected by anything like this in the future.

Note to Macintosh users, the link probably will not work like it does for Windows users by launching the Palace software and connecting to AlyChat. Your best course is to point The Palace software here ( 68.76.161.219:9998 ) and make a bookmark in the Palace software once you connect.

[Nyarl]

I hate hackers.

Glad it is sorted Rod.

Back in business here I can see, and that is great news.

[ddyfad]

It looked for a moment there as if AHC was going to get a big influx of new regular posters!

[Nyarl]

And with all the "visiters" right now, it looks like hacker bastard programs are still at it, trying to crash the site.

[bi0metric]

*happy your back up and running!

[gilmoid]

The "link to Aly-Chat" seems to be "unavailable."

[Willows Puppy]

So that was the reason for the new record that was set yesterday regarding "most users online"? Had me suspicious from the start ..

... thanks for the explanation, Rod! Everything seems to be working OK now ..

[AHAS]

The "link to Aly-Chat" seems to be "unavailable."

It appears to work for me, although I'm connecting to my internal network, so I can't test it completely.

[cronusla]

So that was the reason for the new record that was set yesterday regarding "most users online"? Had me suspicious from the start ..

Maybe not. I asked Rod on the Palace about this:

Rod said:"I don't know. It does seem to be a higher number than usual, but there are many reasons for 'guest' numbers. Search engine spiders will appear as multiple guests for instance."

And then I got a great explanation how the search engines work. Rod is a really smart guy.

We still have more guests than usually. I think it's still the more free time for people in the Hollidays.

[1chameleon]

Ahh so hackers are to blame

[1chameleon]

So that was the reason for the new record that was set yesterday regarding "most users online"? Had me suspicious from the start ..

Maybe not. I asked Rod on the Palace about this:

Rod said:"I don't know. It does seem to be a higher number than usual, but there are many reasons for 'guest' numbers. Search engine spiders will appear as multiple guests for instance."

And then I got a great explanation how the search engines work. Rod is a really smart guy.

We still have more guests than usually. I think it's still the more free time for people in the Hollidays.

I saw an article saying it is all Googles fault



Screenshot of a website defaced by the Santy worm. Image courtesy Sophos Anti-Virus.


A worm which exploits serious vulnerabilities in the open source server-side scripting language PHP is using Google to locate bulletin boards which are using the phpBB bulletin board software.

Anti-virus software company Sophos said the Santy worm was written in Perl and could attack vulnerable sites on both Windows-based and Unix-based platforms.

"Once the worm has spread to three or more servers it will attempt to overwrite all HTM*, PHP*, ASP*, SHTM*, JSP* and PHTM* files with a web page containing the following message: 'This site is defaced!!! NeverEverNoSanity WebWorm generation'," Sophos said.

Finnish anti-virus software maker F-Secure said Santy used Google search to randomly find other hosts; part of the search strong contained "viewtopic.php".

Exploit code showing how the flaws could be used to steal database passwords from sites using phpBB was released on public mailing lists a few days ago.

The phpBB team has already released fixes for the vulnerabilities and advised users to upgrade

[TC Dylan]

I knew something was wrong with this record, but anyways I am glad everything is all right now and I hope it stays that way.