Hacked

[Kevin Pelton]

I guess I didn't explain this well enough, but this board itself was not hacked. The hack was done through an old WordPress installation on the site, from which the hacker gained access to the databases and compromised the information in them.

[Crow]

Regarding the clarification given about the type of hack (and that alone):

Different views of broad WordPress / host server hack:
http://idunno.org/archive/2010/04/13/wo ... fault.aspx
Apparently the hackers could (and probably did) gain passwords from the server hack.

Administrative passwords for that point of entry should be changed, if they have not been already.

FWIW, this note has some advice links:
http://www.networksolutions.com/blog/20 ... solutions/

[gfarkas]

Some sad news to report. SonicsCentral.com was hacked yesterday, and it appears all the information in our databases was lost. That means all users and posts from the six-plus years of the APBRmetrics forum are gone.

If there is a silver lining, it's that we're now upgraded to the newest version of phpBB, which should offer some improved functionality. I'm still learning everything myself and will be playing with the settings to try to get things as close to normal as possible.

My apologies for all the lost posts and the inconvenience of having to reregister. I assure you that no one will miss the history more than me.

Kevin - something similar happened to another site (about a completely different subject matter) that I help manage. We were able to contact our webspace provider, who had once-a-month backups, and were able to at least get somewhat of a recovery that way. I think it cost around $5-$10 for the provider to perform that service. Have you looked into this at all?

[gfarkas]

This just seems really odd to me.

Why would someone target this place? What would one have to gain from hacking this place? Being that it's a pretty neutral place/subject matter (not political, controversial, etc.), I don't see why someone would have any interest in taking it down.

I doubt it was anything specific about this place. Hacking can be random, they just look for any vulnerabilities they can find, wherever they can find them.

[Crow]

We never got a direct answer about whether there was any backup available. I've assumed it wasn't available; but it would have helped to hear a reply.

Still, I recently noticed the Sonics blog attached to this same site which was also affected by the hack managed to restore up thru most of 2008.

http://www.sonicscentral.com/blog/

If there was backup server data to allow that degree of restoration, I have to wonder if there was any similar backup for the APBRmetrics database. All I can do is ask about it.

Another question that has gone unanswered for weeks is whether any backup will be done for APBRmetrics material in the future. I'll ask that one more time.

[Crow]

Another month, no response. So it goes.

[DSMok1]

I asked Kevin about this, and he said he is working on a long term solution. He's got quite a few irons in the fire, though. Maybe now that the draft's past and we're in the off season he will have more time.

[gfarkas]

Does anyone else have to log in each time they visit, even if they check the "Remember Me" box?

[Mike G]

Yeah, that's the least of the worries. I just type M and hit the Log In button each time.
I'm thinking of this as an orphan site. And just a matter of time before some new evil strikes.
We've just had one instance of obvious spam, but that might get worse.

[wilq]

Does anyone else have to log in each time they visit, even if they check the "Remember Me" box?

I also have problems with that, what's more, sometimes I have something even worse: I have to log in multiple times to answer to one post which obviously is not helping my activity