Topic: Uhhh someone changed the forum headings on the main page.

"Hacked By c0ncenTraTe | Turkish Hackers - No War!"

At least they were nice enough to just vandalize it a bit instead of really mucking things up.

In the interest of better coding, how did they get in?

Re: Uhhh someone changed the forum headings on the main page.

Still not sure how they got in, but I'm looking into it. Once I've figured it out I'll post in here. Sorry for the minor disruption guys sad

vinnie - rails forum admin

Re: Uhhh someone changed the forum headings on the main page.

At least he wasn't advocating war... that would have been a real downer. *shifty eyes*

Josh Catone helps run this place
Rails Forum - Rails Jobs

Re: Uhhh someone changed the forum headings on the main page.

So the most likely vulnerability was one in punbb's search form that would allow an attacker to execute some database queries. We've upgraded our punbb install to the latest version which has a fix for this issue, and I've disabled searching for guests. That doesn't totally protect us, but it makes another hack like this more difficult to pull off.

vinnie - rails forum admin