All mods/hacks (the front page, Bookie, plaza, arcade, etc.) are completely offline while we (at this point, it's a small army of people) try to repair damage done by the griefer who planted the redirects.
By way of utilizing the exploit, they damaged tables in the database, as well as physical files on the server, and that has cripped the admincp area. In order to reclaim that, everything has to be completely stock while Jelsoft swoops in and (hopefully) cleans up the mess. As we speak, I literally have no direct control over the admin control panel, the good news is neither does the griefer. No one needs to worry about their account info, that's all encrypted, and they had no direct access to the databases, even if they managed to corrupt part of it with their attack.
Originally I just thought that someone figured out a way to append the perfect string of HTML code in subject lines. Sadly, it was far far more malicious and harmful than that. Which is not to give them any credit whatsoever, on the contrary, they used a published exploit, managing to learn about it before the vBulletin community as a whole (myself included) did. That doesn't take talent, ability, or imagination. Just a "paint-by-number" monkey approach.
I don't know when everything will be back to normal. Frankly, we got lucky as hell I decided to take this opportunity to switch operating systems and upgrade the back-end. Had we not done that, we would have not discovered the true extent of the damage, and would have been compromised and unaware, as opposed to damaged, but aware and secure.
That's good news, I suppose.
By way of utilizing the exploit, they damaged tables in the database, as well as physical files on the server, and that has cripped the admincp area. In order to reclaim that, everything has to be completely stock while Jelsoft swoops in and (hopefully) cleans up the mess. As we speak, I literally have no direct control over the admin control panel, the good news is neither does the griefer. No one needs to worry about their account info, that's all encrypted, and they had no direct access to the databases, even if they managed to corrupt part of it with their attack.
Originally I just thought that someone figured out a way to append the perfect string of HTML code in subject lines. Sadly, it was far far more malicious and harmful than that. Which is not to give them any credit whatsoever, on the contrary, they used a published exploit, managing to learn about it before the vBulletin community as a whole (myself included) did. That doesn't take talent, ability, or imagination. Just a "paint-by-number" monkey approach.
I don't know when everything will be back to normal. Frankly, we got lucky as hell I decided to take this opportunity to switch operating systems and upgrade the back-end. Had we not done that, we would have not discovered the true extent of the damage, and would have been compromised and unaware, as opposed to damaged, but aware and secure.
That's good news, I suppose.
