Guys, I had the worst nightmare.

Someone came to the site and posted the complete MySQL server configuration file, in text, on the forums. It had the root username and password. 3 other secure files were posted too, and everyone just joked about it until I got rid of them.

Nobody did anything about it, and the site was hacked, forcing the administrators to reset the entire forum to 2 years ago, without explaining what happened, why it happened or what's being done to prevent it from happening again.

What a ****ing nightmare.

Oh jeez that must've sucked. But dude this really awful thing happened recently...

What a horrible dream!

Unfortunately using vBulletin has it's disadvantages - one of them being public knowledge of common exploits that can be abused if the software is not kept up to date. As most of you can imagine, our staff is stretched fairly thin here between running websites and creating games and animations. Ironically, we were in the midst of bringing a full time community manager on board when the VB database was compromised and trashed. This new member of the team will be introduced and start working very shortly, and will have complete authority and access to keep this community running safely and smoothly.

In the meantime I've patched the holes and am in the midst of getting the user data restored (the post and thread data from the last year and a half is gone, however).

(your post count has been restored) ;)

Thanks for your concern! <3

Quote from Exilement

Guys, I had the worst nightmare.

Someone came to the site and posted the complete MySQL server configuration file, in text, on the forums. It had the root username and password. 3 other secure files were posted too, and everyone just joked about it until I got rid of them.

Nobody did anything about it, and the site was hacked, forcing the administrators to reset the entire forum to 2 years ago, without explaining what happened, why it happened or what's being done to prevent it from happening again.

What a ****ing nightmare.

I had this day dream that a really old member who had no hand in trying to revitalize and save this site came back half way through us getting hacked and thinking we had an actually helpful active admin and this old member tried to act like he knew what the **** was going on and criticized us for not caring when our seemingly helpful hacker tried to give us what we needed to hack the forums and help ourselves change and do things that we thought would bring activity back and give life back to the forums. Man that guy acted like an absolutely entitled prick who had no idea what was going on. Oh well....

I left that thread open because I thought someone who was actually a member of our forums would know how to use it and plug it so me and index could stay admins for the time being and do some actual good to the forums, you uptight piece of shit.

Ill just say what is on everyones minds already. Thesaw if you wouldnt have ignored this forum for what, 1? 2 years? And actually put up some decent admins that had ACTUAL power none of this would have happened. You can act all nice now like a caring admin, but thats some bullshit man, I doubt its gonna last and you have never proven to anyone that you actually CARE about this community.

If it's anyone's fault, it's mine. :)

If the post count is to be restored does that mean my name change will come back too along with my post count?

Quote from Jeremy

I had this day dream that a really old member who had no hand in trying to revitalize and save this site came back half way through us getting hacked and thinking we had an actually helpful active admin and this old member tried to act like he knew what the **** was going on and criticized us for not caring when our seemingly helpful hacker tried to give us what we needed to hack the forums and help ourselves change and do things that we thought would bring activity back and give life back to the forums. Man that guy acted like an absolutely entitled prick who had no idea what was going on. Oh well....

I'm aware of what an asshole I am, no need to passive-aggressively remind me of that.

Still, the fact is we had someone blatantly tell us our security is shit, make a public demonstration of it, and nobody cared. And now here we are. I might not know the full story, but you'd have to be an idiot not to react to such obvious breaches in our site's security.

Quote from Jeremy

I left that thread open because I thought someone who was actually a member of our forums would know how to use it and plug it so me and index could stay admins for the time being and do some actual good to the forums, you uptight piece of shit.

Nothing I did stopped you from doing 'actual good to the forums', and that thread wasn't going to make it any easier either. It was a blatant security risk. Don't even try to justify your inaction under some altruistic guise of trying to "fix" this community, especially if you're going to make that seem preferable to my removal of the server's root username and password (among other information) from a public area that anyone could see.

The only people who had the capability to fix anything were the administrators who have direct access to the servers. The files posted were from the local host, so I doubt Zed or any admins like that could have done anything, let alone some random, unknown member that you felt was worth keeping the thread open for.

Quote from Jeremy

Ill just say what is on everyones minds already. Thesaw if you wouldnt have ignored this forum for what, 1? 2 years? And actually put up some decent admins that had ACTUAL power none of this would have happened. You can act all nice now like a caring admin, but thats some bullshit man, I doubt its gonna last and you have never proven to anyone that you actually CARE about this community.

I'm sorry you feel that way, however, I do care, I just have many, many other responsibilities. This is not to pass the buck, what happened to the VB database is my fault.

Our response to the situation is to hire a full time community manager (not a part time volunteer) who will make sure nothing like this happens again (the details will be announced soon). You're probably right in that you won't see me posting a few weeks from now, but I assure you that I am here working hard day in and day out on, and for, Stickpage. :)

Quote from #32

If the post count is to be restored does that mean my name change will come back too along with my post count?

You are good to go!

yeeeahhh, my Bazooka account was kinda banned by an abusive moderator. So i'll probably just go to newgrounds now..

The door is that way
---------------->

Quote from muttonhead

yeeeahhh, my Bazooka account was kinda banned by an abusive moderator. So i'll probably just go to newgrounds now..

I sent you a PM regarding this mutton; let me know if there's anything else I can do to help resolve the situation.

Quote from Exilement

I'm aware of what an asshole I am, no need to passive-aggressively remind me of that.

Still, the fact is we had someone blatantly tell us our security is shit, make a public demonstration of it, and nobody cared. And now here we are. I might not know the full story, but you'd have to be an idiot not to react to such obvious breaches in our site's security.



Nothing I did stopped you from doing 'actual good to the forums', and that thread wasn't going to make it any easier either. It was a blatant security risk. Don't even try to justify your inaction under some altruistic guise of trying to "fix" this community, especially if you're going to make that seem preferable to my removal of the server's root username and password (among other information) from a public area that anyone could see.

The only people who had the capability to fix anything were the administrators who have direct access to the servers. The files posted were from the local host, so I doubt Zed or any admins like that could have done anything, let alone some random, unknown member that you felt was worth keeping the thread open for.

They were the supreme administrators of the forums at the time. What was I supposed to do exilement? You realize how pointless it is to delete a thread about hacking the site on a site ALREADY HACKED? Congratulations man, you hid forum information from regular members when the people who could use it HAD ALREADY USED IT TO HACK THE SITE AND MAKE THEMSELVES UNTOUCHABLE BY ANYONE ELSE, YOU DUMBASS. And this forum was hacked from regular people not admins, so obviously not only the admins could do anything about it. I could have deleted that thread sure, but 1. It was pointless to do that, and 2. Yes I did think someone would know how to use the information. Seriously drop the self righteousness already, you were not even in the situation at all why are you even trying to talk about this, you have no idea about any of it.

Quote from TheSaw

I sent you a PM regarding this mutton; let me know if there's anything else I can do to help resolve the situation.

Oh thanks man. Hmmmm, now that you mention it, how about giving me 10,000 posts for my troubles? Otherwise, you know... I'll probably just go to newgrounds and watch stick figure fights over there.....