Monday, September 12, 2011

Update on the hacker attack: Forums back online

I'm slowly making progress. Here are the latest news and a plan for revenge...
The forums are back up. I upgraded to the latest vBulletin version (which cost me $175 but hopefully will be worth the investment). There were some troubles with the project tools (used for the JADE issues, etc.) but this should be under control now, too. On the positive side the forums now
  • should be even faster,
  • have better options to prevent bots from registering and
  • probably can include nifty new features once I am happy with the overall state.
The layout is still messy (vBulletin 4 has 100s of new options and it's a bit difficult to find ones place in that jungle ;-) ).
Concerning the hacker attack:
  • Slowly things are getting under control. 
  • The blog is still gone and I'm not sure that I will get it back up running with the old content. The main problem is that my Wordpress installation was heavily customized with plugins and thus I never again was able to update it. The script kid found a security hole in some obscure plugin I never even used (grrr) and exploited that. Now the blog installation is in shambles, it's not an option to restore the old version due to the security hole(s) and I'm not sure that any modern installation will be able to make sense of the plugin-modified database. A real shame...
  • Our preliminary analysis indicates that the hacker was some rather bland and stupid script kid that nonetheless possessed enough brain tissue to discover above mentioned security hole. But not much more.
  • At least the hacker kiddy was bright enough to hide decently and my provide doesn't have the resources to track the kid.
  • The attack occurred via the IP 69.50.201.180.
  • The script kid tried to include the server in some kind of bot net.
As far as we know no other damage than destroying some data and some PHP files was done. The site is slowly recovering and hopefully we have plugged all holes.

As for the revenge... since the script kid dummy decided to hack a roguelike game site I intend to do the following:
  • I always wanted to include a deliberately humorous episode in ADOM, now this will happen in JADE.
  • There will be a minor story arc concerning the script wizard of B'ot, trying to concquer the world with some kind of infectious disease.
  • The script wizard of B'ot basically will be some kind of snotty and rotten bastard, too incompetent to achieve anything worthwhile and a target for the attacks of JADE players in their very early phases of hero life.
  • He will be trivial to defeat and usually die a horribly painful and gory death. Again and again. As he will be bound to turn up in various intervals in the game. Maybe with yet another stupid plan, maybe just to be brutalized in a few seconds.
In the way we will at the same time immortalize the hacker kid that dirtied the ADOM website and mortalize (nay, annihilate) him/her/it in a very special way. May eternal shame be the reward for the foul deed.

Suggestions for funny and embarassing deaths of the script wizard of B'ot (or whatever we are going to call him/her/it) are welcome.

P.S.: If you notice problems with the forums please post them here in the comments. Right now I am busy on many front lines and this a place I look at regularly.

13 comments:

  1. So...you take a nobody that hacks your site because he doesn't have the skills to hack something bigger and you give him a cameo in your game? A game that thousands, if not tens or even hundreds of thousands, are going to play?

    Infamy is still fame. You'll be turning this attack from a bad day for you to the greatest day in the history of that kid's life. Instead of sweeping this under the rug, you'll be shining a brilliant spotlight on your failure and his success.

    Is that really what you want?

    ReplyDelete
  2. It's not as big a deal as you're making it out to be. Besides, everyone who's read these posts knows TB is superior in all ways to the skiddie.

    ReplyDelete
  3. The B'ot wizard peers at you in confusion. "Mom/Dad, is that you? I was just messing around, honest... Am I in trouble?"
    The B'ot wizard panics! The B'ot wizard runs into a pool of (random hazard - lava/acid/ooze etc). The B'ot wizard dies! You feel somewhat bemused.

    But seriously, most websites get hacked at some point - and it sounds like this wasn't even targeted, your script kid was just interested in borrowing your server.

    ReplyDelete
  4. I have to agree with Gamer_2k4, while the plan sounds funny the kid doesn't really deserve so much attention.

    ReplyDelete
  5. Yeah, I also don't think the hacker deserves a spot in your game. His wrong doings should be repaired and then any memory of his deeds should wane until he is completely forgotten.

    ReplyDelete
  6. It's a bad idea to give the hacker any kind of acknowledgement. Whoever it is will settle for either fame or infamy.

    ReplyDelete
  7. I would like to help. Do you want us to try recovering your blog content? It was a public blog afaik so shouldnt be too many privacy issues. I will need a db dump (pre or post hack) and a complete file archive

    ReplyDelete
  8. Aww man, when you said you had a revenge plan, I thought you got the FBI to arrest him or hacked him in return! Even though the character is pitiful and killed over and over again, most people would see this as a reward.

    Main thing about idiots on the internet is that they love attention, and he would basically be saying "heh, I made this guy so mad that he included me as a character in his game".

    The way I remember it, I've already forgotten that something happened to the site. Looking forward to the next JADE update!

    ReplyDelete
  9. He could be a necromancer who commands B'ot zombies, who eventually turn on him and shred him. Being a powerful necromancer, he simply returns later as a lich, and the cycle repeats (as many times as is useful/necessary/gratuitous/cathartic.)

    ReplyDelete
  10. Ok, no hacker in the game. May he be forgotten from now on. You convinced me.

    ReplyDelete
  11. Forums seem to back offline. I'm a sad pony.

    ReplyDelete
  12. Okay, so, put a sad pony in the game. :)

    ReplyDelete
  13. Well why would the hero has to lift a finger to beat him?

    I mean, his summons should turn against him or he could send a magic missile that bounce back on the wall right at him. Or simply fail a spell that simply explode him to bits...

    I like the idea of him beeing so incompetent that when you comme to him it's just to see him fail without any help...

    ReplyDelete