Someone (I really don't know who would be evil enough to do something like that) deleted all entries to our beloved map database last night.
I really thought all the work we put into this in the last months dissapear from the face of the earth in a few secounds, as I did not do a backup in half a year. I got lucky though, as the great people from my webhoster make backups regulary and were able to put the backup back up (^^). The backup is from friday afternoon, so not too much is lost.
I do not know (yet) what technique the person who did that used, I did not see how it is possible to abuse the scripts on the page to mass delete, so it is possible the hacker somehow got the password to the mysql-Admin area. This password is changed, plus all user-passwords are stored encrypted now in the DB, at least it should not be possible for a hacker to get your personal passwords. You might get "wrong password" messages here and there because of this, please tell me so that I can fix.
Actually I might just do a few updates today and tomorrow, make sure you'll let me know, tuesday I'll be back to my lazy self ;D
Thanks to everyone who supported me.
Thanks again to my great web hoster, I can really recommend them, at least if you speak german ;)
It might help you to get out how all this was done and to prevent it in the future:
At first, the News and Competition sections seemed corrupted. The hacker then was able to delete single maps and the articles section may have been down right from the start.
He then continued a little on the news section and deleted some more maps. And at the end, he must have found a way to delete all maps at once...
On PGT someone posted SEN was also hacked, and indeed, they had a similar problem. They also got an IP (no proxy), and I suspect that it might have been the same person. You should check that out.
Well, nowadays even 64-char (or more) passwords are "bruteforceable". But I don't think the average hacker has access to massively parallel processing computers ;)
Hmm, a friend of mine runs a small private forum, and he read something about MD5 hashes. He took the hash of my password and reversed the hashing process (you can do that and with a certain percentage you get the actual password) and was sucessfull (of course he informed me and didn't do anything). It was a simple password though, it's just a small private forum.
Well, I don't have any deeper insight into password protection in the internet, but I guess if you got the hashes, you can speed up bruteforce quite a lot...?
Because of heavy spam on the map comments, it is needed to be logged in to post. We are sorry that this has to be done because nothing else stops spam bots