Got rid of that one too!
It’s a takeover by Riven!! :o
First he comes to power, next he creates a “crisis”, followed by emergency rule, and then he gets rid of all his political opponents, and only reappoints those willing to commit to his rule!! ;D
Thanks for the kind words!
Every great dictator thinks what he does is best for the greater good initially. Then he discovers his powers and falls into temptation.
In other news: the new anti-spammer protection works so well that you guys might soon get your ‘signature’ back. Don’t you love it? First I take away your freedom of expression and then I give it back partially: everybody happy with their new found freedom.
I’m waiting for the Wikileaks exposé which uncovers the corruption funding his regime.
[quote=“Riven,post:23,topic:36126”]
Cool - to misquote the old adage: “Keep in the pink with siggies and drink!”
Thanks for keeping us updated.
It’s unfortunate that this would happen, but not terribly unexpected - as has already been pointed out, it seems forum security is often not too great.
Wow, that’s horrible :-\
Thanks for the update.
It would also explain the unsuccessful email login attempts.
While I do not go as far as to give each site a new and distinct password, I do have sets.
Only the top layer, high risk things have unique passwords (+ user names).
But good luck in trying to hack those.
Today my smf-password was changed again… so I went to the http-log and couldn’t find any trace.
In short: the server is basically fully compromised. I noticed how the SSH fingerprint had changed, so that pretty much says root-access. For anybody interested, it’s c99sh.
I had so many plans with JGO, but these security issues really feel like a burden, allowing me little or no time for the features I had planned. If I am going to continue hosting this steaming pile, I will be forced to host it on a seperate VPS. It will probably take a lot of time, effort and money to get things straight on my current server, which is pretty much f**ked up. A second VPS with an isolated SMF installation would probably have to be closely monitored and reinstalled every few months or so.
There is no way to have a secure server and running SMF on it, its developers should be shamed.
Its sad that one hacked banhammer account resulted in this ugly situation, allowing any Moderator to become an Administrator (which can execute PHP code in the smf-admin-interface) is really SMFs fault, but here we are, browsing a comprimised website.
Oh yes, and DISABLE ALL JAVASCRIPT ON JGO for or own sake.
Can we pool money and fund a separate private server?
Fantastic work with all the changes/improvements so far.
yay, JGO is back 
well quicker than expected I suppose !
btw thanks Riven and good luck again …
gj riven, i hope it’s secure now.
This is a stripped down version of JGO:
- There are no banhammers
- There are no moderators
- There are no admins (I have to run a script on the server to make myself an admin)
- There are no uploads (attachments/avatars)
- There is no custom theme
- There is no wiki
- There is no anti-spam activation page (expect quite a bit of spam in the next few… days?)
I’ll take it slowly from here…
It was quite an expensive weekend
cool
Thanks for all you do, Riven.
I’ll glad it’s back up.
Thanks a ton for putting it up so quickly Riven, it was really weird to see not see JGO anymore when I clicked on the link a few times a day…
99% of the time I was simply waiting… waiting for the ISP (until 10AM today), waiting for my dayjob to end (until 5PM), having delightful dinner at my parents’ (until 8PM), waiting for the train (until 9:30PM), waiting for the mysqldump upload (until 9:45PM)… waiting for the import in the database… then, finally… messing around in the admin-interface!
Okay, I admit I spend a lot of time locking down the server (firewall, config files), before restoring JGO.
Thanks Riven for getting the forum back online.
Syntax highlighting and custom activation page back in (will look better with a logo).
public class HelloServer
{
public static void main(String[] args)
{
new ServerSocket(80);
}
}