Posted by on Nov 25, 2012 in General | 0 comments

Hope everyone in the U.S. had an excellent Thanksgiving holiday weekend!

While most of us here in the U.S. had several days off, it appears that some hackers in Russia had a field day with the Y-Corner forums, as the forums were compromised by spam bots. The spam botters took advantage of a phpBB3 registration exploit, allowing them to register accounts and bypassing e-mail activation. This allowed them to create over fifty spam bot accounts on the forums in a very short amount of time and posting spam posts all over the forums.

Fortunately, I caught onto the situation early, as I had received several e-mail undeliverable notifications via the webmaster e-mail account (the bots were using fake/dummy e-mails to register). I restored the database prior to the spam bot invasion, erasing all spam bot accounts and posts, updated the forums to the latest phpBB3 version 3.0.11 (which fixes the e-mail activation flaw), and have temporarily closed account registrations for the time-being. If you are registered on Y-Corner’s forums, no accounts seem to have been compromised, but just to be safe, it is recommended to change your forum password.

While the forums are pretty inactive these days, it gives me a good kick in the butt to make sure to be up to date when it comes to web security. Along with security updates, I will be rolling out a new skin for the forums, as it feels like it’s time for a refresh.