ATTN: Admin Forum hacked?

[FunkyDrummer]

Go to google, search for "2box forum"

In the search results, the forum site is shown but there is a warning message
"this site may have been compromised"

WTF?

[UC]

Hey mate

Thanks for pointing this out, and sorry for the downtime, been conducting some very thorough tests and can't find anything suspicious.

As a precaution however, you should change your password soon and bear these in mind:
a) don't use a username/password combo anywhere else on the web (keep them unique, at least for important / personal stuff!)
b) make your passwords strong. Like @4jJsh!3sd#$7 or something.

I'll keep investigating.

Cheers
Tom

[UC]

You may have noticed we've had a fair bit of spam recently (I've deleted literally hundreds of accounts).

It also looks like someone managed to upload a page of spamlinks that used the stylesheet from the forum but not its database, and also do some bogus poop to a mod redirect file on the server. Sneaky bastards.

This is what sparked the Google warning.

So I've battoned down the hatches, shawed up the defences, and changed all the locks.

I'm pretty sure the database wasn't hacked, as I've been through it with a magnifying glass (that was really fun).

Rest assured your passwords are all encrypted using SHA1 salted hashes so anyone who did manage to get hold of them somehow would need some kind of supercomputer to decrypt them, and that would take a looooooong time.

Nonetheless, I would strongly advise people to reset their passwords to something nice and strong, and not associated with any other online identities to be on the safe side.

[rythm]

UC: Thanks for your efforts, much appreciated!