Flayrah Hacked
Posted by Aureth on Tue 20 Apr 2004 - 14:22
Early this morning, Flayrah.com was hacked by by person or persons uknown. The hack consisted of a news article posted under my name, and some minor defacement of the site. I do not know if any further damage was caused. If you notice anything further out of the ordianary, please email me. I will shortly be updating Flayrah.com's codebase to the latest release of PostNuke; this will hopefully plug any security holes that the hacker may have used. Thanks for your patience.
Aureth
Publisher, Flayrah.com
About the author
Aureth — read stories — contact (login required)an agronomist and Cornwuff from Northern Illinois, interested in sf, homebrewing, photography and running
Comments
My memory's never the best, but I notice the stories seem to be out of order or possibly some recent ones are missing, because I think the couple I'd posted had almost rolled off of the front page the last time I checked, and now they're higher up. But again, don't trust my memory. =P
If it's any consolation, I'd like to offer the opposite of hacking; heartfelt thanks for providing what I strongly consider to be one of the best online services the furry community has ever had, and certainly the top of its kind. Flayrah is a safe and honest interface between furry fandom and the outside world, and a great source of news and entertainment for our community. Great work. Here's to hoping y'all won't let the occasional juvenile vendetta stop the music.
Trickster
Comparing the syndication feed on LiveJournal to the main page, I noticed several articles now missing. In addition to an entry for the news article the hacker posted, it has links (that don't work) to the following articles that are now missing:
Yeah, I'll have to resubmit that furry.ca article sometime real soon. Fortunately, I didn't write a whole lot in it in the first place. :XP
S t r i p e y M a n e y : A Liger's Anthropomorphic Animal Art Gallery
When was the last time you patched PostNuke? There was a new vulnerability discovered as recently as April 17.
Hey, it could have been worse. It's not like they rooted the box or anything.
It's been a while, unfortunately. It's such a pain in the ass, because every new PostNuke update breaks something that used to work in the previous version.
Do you keep a testing branch of the site, where you are able to experiment with newer components on a private version, while leaving the public version intact? If you don't do that already, you might want to consider it.
Are you on any PostNuke mailing lists? Those often warn of API breakage ahead of time. They also tell you when you need to patch. Such as right now. Again. The newest vulnerability is from Wednesday.
Post new comment