While most of us here in the U.S. had several days off, it appears that some hackers in Russia had a field day with the Y-Corner forums, as the forums were compromised by spam bots. The spam botters took advantage of a phpBB3 registration exploit, allowing them to register accounts and bypassing e-mail activation. This allowed them to create over fifty spam bot accounts on the forums in a very short amount of time and posting spam posts all over the forums.
Fortunately, I caught onto the situation early, as I had received several e-mail undeliverable notifications via the webmaster e-mail account (the bots were using fake/dummy e-mails to register). I restored the database prior to the spam bot invasion, erasing all spam bot accounts and posts, updated the forums to the latest phpBB3 version 3.0.11 (which fixes the e-mail activation flaw), and have temporarily closed account registrations for the time-being. If you are registered on Y-Corner’s forums, no accounts seem to have been compromised, but just to be safe, it is recommended to change your forum password.
While the forums are pretty inactive these days, it gives me a good kick in the butt to make sure to be up to date when it comes to web security. Along with security updates, I will be rolling out a new skin for the forums, as it feels like it’s time for a refresh.