13 Yrs♥F✓#
Hello everyone,
I'm horribly sorry about what has happened to the forum today.
Someone discovered an exploit in the editing system. They quickly designed a script to edit every single post on the forum.
Because of this, I have restored to a backup of the forum from February. Unfortunately, it was the only backup I could restore due to special circumstances.
No other data on the site was affected. The exploiter did not have access to the database, only the exploit through a browser.
I've learned some valuable lessons and backups are now configured to run daily, not weekly. The reason for the restore from February will not be an issue in the future either.
The exploit has been fixed, as well an exploit that was present on the submission page. That exploit, would potentially allow someone to wipe a submission for another user, not see the details of it or modify it. There is no evidence that the submission exploit was abuse but it was discovered through this incident.
Most of all I apologize for the loss of personal blog posts, Game of the Month discussion for Feb/March and the general inconvenience of it all.
Please let me know if you notice anything else is "off" or have other details to share.
Edit:
I'd also like to thank GamerAim for helping me test some things and Sora for notifying me that this was going on.
I'm horribly sorry about what has happened to the forum today.
Someone discovered an exploit in the editing system. They quickly designed a script to edit every single post on the forum.
Because of this, I have restored to a backup of the forum from February. Unfortunately, it was the only backup I could restore due to special circumstances.
No other data on the site was affected. The exploiter did not have access to the database, only the exploit through a browser.
I've learned some valuable lessons and backups are now configured to run daily, not weekly. The reason for the restore from February will not be an issue in the future either.
The exploit has been fixed, as well an exploit that was present on the submission page. That exploit, would potentially allow someone to wipe a submission for another user, not see the details of it or modify it. There is no evidence that the submission exploit was abuse but it was discovered through this incident.
Most of all I apologize for the loss of personal blog posts, Game of the Month discussion for Feb/March and the general inconvenience of it all.
Please let me know if you notice anything else is "off" or have other details to share.
Edit:
I'd also like to thank GamerAim for helping me test some things and Sora for notifying me that this was going on.
12 Yrs♥F$✓#
Just glad to have the forum back =)
Thanks for all your work and for fixing it so quickly!
Thanks for all your work and for fixing it so quickly!
5 Yrs♥✓#
Illusera
5 Yrs♥✓#
I saw that multiplying post earlier. It looked bizarre; I figured something was happening. Still, thanks for jumping on the damage control!
8 Yrs♥$✓#
schiemann
8 Yrs♥$✓#
Thanks for the update and for your hard work. :)
6 Yrs♥$✓#
TheAutisticGamer
6 Yrs♥$✓#
That really sucks that someone hacked the forums. But, at least the forums are back to normal even if it meant loss of data. I always appreciate the hard work Everdred that you do for this site so thank you for bringing the forums back to a normal state! :)
6 Yrs♥$✓#
ThomasE
6 Yrs♥$✓#
Thanks, Everdred, for fixing the issue quickly and restoring the forum! I already missed it.
It sucks that posts and threads from February and March are gone but I'm just happy the forum's back.
Purely out of curiosity: why don't you use captchas (e.g. recaptcha) and something that prevents users from creating/editing more than x posts/threads per hour? Just in case there's another exploit in the future. Again, wondering just out of curiosity, I'm not asking you to implement these.
It sucks that posts and threads from February and March are gone but I'm just happy the forum's back.
Purely out of curiosity: why don't you use captchas (e.g. recaptcha) and something that prevents users from creating/editing more than x posts/threads per hour? Just in case there's another exploit in the future. Again, wondering just out of curiosity, I'm not asking you to implement these.
9 Yrs♥$✓#
Thanks for the info...
Why would anyone do this to a place like HLTB? I'm so pissed. 😤 We have lost of lot of very nice discussions.
I don't feel responsible, but would I have been able to prevent this if I or pongsifu had the privilege to delete users? I was here when the damages were still minimal. The bot only had 1000 posts and had not started editing other people's posts yet.
But like others have said, I'm just happy to be back. The best way to kickstart this forum back to life is to vote and participate in the Game of the Month thread. 😆 Lots of high quality titles to choose from and a lot of people have voted already. 17 people have vote and it's a race between nine games!!! More voters are needed so hopefully a game will stand out in the next two days.
Game&Love
Why would anyone do this to a place like HLTB? I'm so pissed. 😤 We have lost of lot of very nice discussions.
I don't feel responsible, but would I have been able to prevent this if I or pongsifu had the privilege to delete users? I was here when the damages were still minimal. The bot only had 1000 posts and had not started editing other people's posts yet.
But like others have said, I'm just happy to be back. The best way to kickstart this forum back to life is to vote and participate in the Game of the Month thread. 😆 Lots of high quality titles to choose from and a lot of people have voted already. 17 people have vote and it's a race between nine games!!! More voters are needed so hopefully a game will stand out in the next two days.
Game&Love
11 Yrs♥✓#
The watershed moment when GamerAim and mockturtle buried the hatchet has been lost to time. Like tears in the rain.
9 Yrs♥✓#
Imagine, all those things I said about the coronavirus, gone! My shame, erased from time. A clean slate, cleansed by the blood of a thousand posts.
At least we have our PMs. No one can take that away from us.
9 Yrs♥✓#
GDI, down to 748 posts! I lost, what, 300 posts? Time to start a new coronavirus thread to make up for it.
9 Yrs♥✓#
The user could have just made a new account, and worse they could have edited every post on the forum without a sign of who did it.
9 Yrs♥✓#
I appreciate the faith Everdred puts in us, but maybe not enough to warrant 6000 posts/hour.
11 Yrs♥✓#
I'll never let go, Jack.
9 Yrs♥✓#
You're really going to make us bury the hatchet again? /sarcasm
10 Yrs♥✓#
TheOro44
10 Yrs♥✓#
Woo, forums back up, great job Everdred 👏👏👏
12 Yrs♥$✓#
These things happen. I'm just glad you were able to recover it at all.
13 Yrs♥F✓#
Thanks a lot for understanding everyone. I always appreciate the kindness around here.
I've just pushed another update to implement thresholds for posting. You'll have to let me know if you hit them down the road and find they are too tight.
Thread | 10 minutes
Post | 10 posts (or edits) for 15 minutes
I've just pushed another update to implement thresholds for posting. You'll have to let me know if you hit them down the road and find they are too tight.
Thread | 10 minutes
Post | 10 posts (or edits) for 15 minutes
11 Yrs♥✓#
Does that mean you can only post once every 10 to 15 minutes, or if you try to post more than 10 times in 15 minutes you'll get a time-out?
13 Yrs♥F✓#
On your 11th post, you'll get an alert and you'll have to wait to post.
11 Yrs♥✓#
Ah, gotcha. Thanks for the clarification! (I doubt I'll ever get close to that lol.)
13 Yrs♥F✓#
Just wanted to give some props, I've added this to the original post.
Thanks to GamerAim for helping me test some things and Sora for notifying me that this was going on.
Another thanks to the Discord chat for some tidbits!
Thanks to GamerAim for helping me test some things and Sora for notifying me that this was going on.
Another thanks to the Discord chat for some tidbits!
13 Yrs♥F✓#
Chronoja had a great idea for anyone looking to recover their blog's. Try checking google and bing's cached pages.
9 Yrs♥✓#
You also piqued my own curiosity, which allowed me to alert Everdred to another exploit that the spammer could have used to wreck our game lists (though the fact he didn't do this after the forum went down suggests he had no immediate intentions of doing so.
Honestly, I'd just like to meet the guy who did it. 7TZ2t0WR, hit me up! Yeah, you kind of screwed us all up, but you must've had a reason.
@Everdred, is https://hl2b.com/ run by you? I found it when searching that guy's username up.
9 Yrs♥✓#
Thanks! I've already salvaged my discourse on why Dear Esther is bad and reposted it on my blog.
11 Yrs♥$✓#
KingM
11 Yrs♥$✓#
Aw man. I’m just totally devastated that this exploit deleted my gaming blog in which Final Fantasy 2 maybe won the poll, but since that doesn’t exist in this timeline anymore, I just guess I’ll have to start a new thread with a new poll, and have you all vote again as to what I should play
Aw shucks
Aw shucks