new account
list users
Map DB
Map Access
New map
Edit map

Back to mainpage
Hacked again06/01/2010 12:55 PM
Posted by:panschk[FP]

Yeah, it happened again. This time someone was able to change a newspost by Nighmarjoo (So he either had admin credentials on the site or write-access to the Database) and put a "index.php" file in the webspace, which deleted almost all files.

So, it is possible to make a backup, but I don't know yet what security hole there was to blame this time. It's much too easy to hack BWMN;-(

I will restore 99% of the content soon - But I will have to make some changes first. Allowing generic HTML and even JS is foolish, and it is pretty easy to put some php files on the webspace that do whatever the cracker wants.

Do ppl still do new maps? A pretty simple way to improve the security without losing any of the great archive of maps we built in the past years would be to make the site "read only" and not allow uploading any new maps. or even prevent any interaction like commenting? What do you think?

EDIT: Btw, please do not upload maps right now. They will be deleted when I install the backup anyway...

Hey, HTML formatting is still fun:D

So, I re-uploaded most of the content. Please tell me if I missed some of it.
I disabled "file database". I'm almost positive that's how the hacker got his fatal PHP script on the server.
Also, you can now change your password. At least the admins on the site should do so.
For now I did not change anything about commenting. Don't do this at home

There seems to be a problem when changing passwords that I don't really understand yet..
Except for that, please test the site and tell me if there are bugs or missing content!


Also, if anyone knows when exactly the site went down, that would be great.
thats really bad!
i hope the effort all the mappers made here arent gone!
still a great site and i want it to persist.. as it is ._.

it gave me a big shock when the servers were down yesterday.. (today's 1st of june)

thats all i know. not much

also i think there has to be another way but to make the site read only.. people that are new to this site will be like "wtf is this?"
and whoever sent that malware to the server (was it even on purpose? maybe an accident?) should think of his priorities in general -_-

i wish i could say more by now as this is a serious thing right here.. but im so astonished, i have to eat sth >:(

No comments and no uploads would suck!
Nothing else can be done?
comments and uploads are the whole purpose of this website isn't it?
okay, i see. My line of thought was that noone uses BWMN anymore, but it seems that's just not true.

Well, I'd just have to enforce some rules then. No HTML in comments anymore, upload only of SCM/SCX/JPG files. Upload only in some harmeless directories. And then hope that I did not forget some major loophole;) (Don't count on it;-))
No + pics in comments?
this sucks

who's the idiot that did this? Can't you call like Geek squad and they'll, like, catch em for u ?

I still map infrequently.
I map and add pics in comments :(
Is there no win win solution ?
Difference is typing the address for someone to copy/paste into their browser instead of this gigantic image breaking the page's format. Shouldn't be a problem at all.
I already got the backup and I start to upload the files -- that will take some time, it's 2 GB of maps;-) The Thumbnails are already online.

I think file names will be strictly alphanumeric [ and "(X)" of course] from now on. Strange encodings in the file names cause too much work for me;-)
hey panschk :)

nothing dies, no energy is lost... we are all here and support in some way of form...

keep the spirit :)

much love
holla bitches
LGI back from your undefinable trip in time and space now?
Hey LGI!
oh LGI, i heard that you couldn't come back in our world with your time travel machine. Did you see the world during dinosaurs times and future 3000years? o.o
000oooOOOO we can change pss words now :)
But I like my old 1 :P
It looks like I was able to change my password just fine...
aside from testbug and nasty and flo, pretty much every big name mapper i can think of has commented?
no :( there are a lot of gosu old mappers still MIA, like trcc, arden, travis, and many many others
ehee :) well i am still in travelling i even quit job to be able to make it more long... from 1st of july i will be in Germany, so maybe we meet somewhere ;) if you come to Psycrowdelica Festival, Antares, Full Moon or VuuV i am there and then to Ozora...

psy you all friends :)

boom boom
"no :( there are a lot of gosu old mappers still MIA, like trcc, arden, travis, and many many others"

:o :(

"who's the idiot that did this? Can't you call like Geek squad and they'll, like, catch em for u ?"

He IS the geek squad ;)

panschk, I like you because you remind me of the old days!
main forum is still fucked
hello :P
Hey trcc!

Because of heavy spam on the map comments, it is needed to be logged in to post. We are sorry that this has to be done because nothing else stops spam bots
random map
Newest updates:
  (4)Nightshade 1.1b
  (3)Downtown 0.70
  (4)Ashworld of Char
  (3)Ifrit 1.2
  (4)Mar Sara Waste..
  (2)Rhapsody in Bl..
  • month 6:
      (2)Butter 2.0b
  • MOTW
  • week 2021.01:
      (3) Lambda 1.0
  • Main Forum
  • New B..(Kroznade)
  • Magna..(addressee)
  • No Fo..(Pension)
  • Share..(Shade)R)
  • Feedback
  • This s..(triller1)
  • Rotati..(triller1)
  • Off Topic
  • scm dr..(addressee)
  • Real L..(Pension)
  • Vetera..(ProTosS4Ev)
  • Starcraft 2
  • announ..(triller1)
  • STARCR..(triller1)
  • Search Forum
  • How to make larvae spawn at the bottom right corner  
  • Worker pathing guide - How to debug and balance resour  
  • An elegant way of dealing with cliff asymmetry
  • Competition:
  • Innovative Naturals Competition  
  • Tourney Map Pack Aspirant Suggestions  
  • Maps That Need A Remake  
  • Think Quick Map Contest ($100 prize)