Hello all,

You may have noticed the forum go offline for 15 minutes just now. This was because Bender, one of the mods, had his account presumably hacked and used to mess the forum up. All of the VIP posts are gone, he posted the FTP usernames in his signature and moved all of the staff posts into a public forum.

This has all been fixed, except the VIP posts which were deleted.

I would have restored a backup however upon looking for one, the backups were not there. The last backup was 2 weeks ago and my stupid server never reported a thing to me saying they were failing. I'm now putting in measures to make sure this doesn't happen again.

<s>Unfortunately all of the posts in the VIP forum have been lost, since there is no backup. Thankfully there weren't that many. I'm sure you will all be annoyed by this, as I am. Unfortunately it can't be helped. My status as a good admin has gone!!!</s>

If anybody knows who hacked Benders account, or knows if it was Bender himself, please tell me in whichever way you can.

EDIT: The VIP posts have been MOVED into news. Any VIP topics you find please report the topic to me and I'll move it back to the VIP section. Thanks.

Andy (Admin)

That sounds bad. Now I know why BetaArchive was displayed a second time in the place on the first page where the names of the new topics are usually displayed.

What I don't understand is why people hack other people's accounts. What's the point of hacking someone else's account? I don't understand why people think it's fun to do that kind of thing. There's nothing you gain in return, at least nothing good, so why would anyone do it? You almost always get caught anyway.

Anyway, I hope that at least someone can find out who did it. And I'm sorry about what happened, including the VIP section.

There's a moral to this story. You can NEVER get ANYTHING good in return by doing bad things! By doing bad things, chances are that you'll get something bad in return. This is one of those cases. I hope whoever it was has read my post, since he might learn his lesson.

what were the majority of the posts about? were they just the usual "i haxx0r the system!!!111!!1!!11ELEVIN" or something more sinister (for lack of a better word)?

There were no posts. He simply moved everything from one forum into another, private to public, like VIP into news and staff forums into Forum Rules. He also added an image of the ftp passwords page to his signature which is publicly viewable.

As far as I can tell nothing was deleted and nothing was posted. I'm still in the progress of moving VIP posts back into its proper section, as and when they are found by me or other members.

dang, all the more reason to have restricted areas like thus, think of the riffraff you're keeping out (excluding anti-Bender). i'd say it was "do not banned" or that other guy, but those are just biased guesses, and i don't think they have the skill to pull it off

Do not banned guy = sc4reactor = 12 year old.

= IP banned from BA and he doesn't know what proxies are.

He simply gets an error 403 from the forum and the FTP server doesn't even respond.

IP ban the IP that hacked Benders account if you haven't already.

Can't be done since the person never posted, thus phpBB didn't get the IP. phpBB doesn't have the logging necessary to catch people. phpBB3 does, which when we move will prove most useful.

I know I don't post here very often, but I dug up my password for this board so I could make a few notes. I run a forum myself, so I have some thoughts on this...

1) If you don't have phpBB3 running, no, you won't have that kind of stuff logged. Try checking your Apache's access.log and find the PHP files associated with the moderator CP and moving posts. Then find IPs based on those logs.

2) If you had been running phpBB3, that kind of information would have been logged. phpBB3 has a "moderator log" that records all edit\delete\move by any user, including moderators.

-Kirk

1) BA runs on Abyss Web Server on Windows 2003, not Apache...

2) http://betaarchive.co.uk/forum/viewtopic.php?t=5552

Bender didn't do these things, I don't talk to him on MSN, or anyone from here or
any other forum, so I'm not sticking up for him because I'm a good mate,
But because he's been here, & on other forums long enough to know what he's like...
& quite frankly, I'm a little baffled why anyone would think he's done this...


I think anyone here with any level of reasoning would know the party responsible for this,
however to avoid this thread being trashed, I'll tell you in a PM...
I will say this though, whilst the person responsible for this, remains a member
here & any other forum, you won't get the attendance from me, or any other
member worth hanging onto...

Also, the level of friendship between the majority is less
than expected, a good mate wouldn't automatically assume guilty until
proven innocent, usually the other way around...

Curious, i wonder if this is related to the wiki spamming incident.

90% its not, but it never hurts to rule out all options...

and i agree, what would probe Bender into doing something odd like that, wasn't he a supporter of the restictions, and even if he wasn't, why do something petty like that? there's something we're not seeing here

teryaki: Stop spreading speculation. Andy can do his own brainstorming. I agree with KenOath, Bender's possibly the most level-headed moderator I have observed for such an extended time.

ummm

Andy i think that you need to increase the password strength requirement for everyone but specially Mods/Staff/Admin, to prevent (or atleast make it harder) this type of things..

as for logs, i think you can track it if the board logs the IP it self for admins while doing Admin related things.

like in yaf (the one i use).
if not Webserver logs or even SQL logs.

if theres anything i can do to help just let me know

\\ Me hates Evil Haters //





*hint* Sticky: Laugh of the week award on Download Req *hint*

I never thought for one second it could have been Bender himself, but my point about security when I was speaking to people on msn was proven. Passwords for moderators MUST be secure and not easy to guess! This is why these things happen. I will be instructing all moderators to change to a stronger password today, and that includes myself as well, because mine <s>isn't</s> wasn't the strongest of passwords.

co0l
can me b mod now??

h0w th3 [censored] c4n u b33 a m0d wheen u typ333 lik3 dis l0000lzz

Agreed.

well just because i type like that doesn’t mean that i cant do the job right.


also....
i dont type like


that

i just remove some words and replace double o's for one o and one 0

OK, let me just say, that I know, who the hacker is, and it's the same [censored] moron, who already hacked the MSN accounts of marktuson, and Chicago, AND another friend of mine from another forum, AND impersonated KenOath TWICE on this forum, once, as KenOath_the_real, and once, as Ken0. He also hacked the e-mail address of a Japanese contact (Nakamura Hiroshi) of mine, TWICE, and all this, just because he believes, that I'm Nakamura's fake account.

Now, Nakamura already talked personally to this guy, TWICE, since they live relatively near each other, but it didn't help, so I contacted his ISP, but he just changed ISP, so it didn't help, either. So yeah, now, Nakamura decided to turn that moron to the police, since this seems to be the only way, that we can get rid of him.

I have also proposed to Andy to give a nation-wide Ban to Japan from BETAArchive, and I even gave him an exhaustive list of all the Japanese IP ranges, which he can use, in case he decides to give out this Ban.

well i have to say banning a whole country is a little to much (i think) but on the other hand i dont think we have many Japs on board do we?

could be a good idea, but at the same time guys that have nothing to do with it may pay the price too...

at the end is up to you Andy

I type in password sign like %^&#$%