Page 1 of 1

And we're back...

Posted: Sat Dec 01, 2012 4:09 pm
by Dryness
Hi gang,

As some of you likely noticed, earlier today the site appears to have been compromised. I'm still getting to the bottom of things, but it seems to only have been a simple find and replace, rather than a "fuck all our shit up".

So, bright side, things are back to normal. No data has been lost and there's no indication that your personal information has been obtained (outside of what you made publicly available). Further, all passwords are securely hashed, so there's no reason to be overly concerned.

On the not so bright side, I've got to try getting to the bottom of what happened. I have my suspicions, and I've taken care of what may have been the source... but I've been putting off cleaning things up around here until I have a day or two free to dedicate to it... but it appears that will be starting sooner than I expected.

Anyways... everything has been re-uploaded from one of my local backups, and additional precautionary measures have been implemented.

Carry on, but let me know if you have any other questions/concerns and I'll do my best to address them.


EDIT: I found the source. Turns out, it's all my fault. Fuck. Everything should be clean now, but I'm going to keep an eye on things for the next few days to make sure it stays that way.

Re: And we're back...

Posted: Sat Dec 01, 2012 4:26 pm
by Dram
Thanks Dry.

Re: And we're back...

Posted: Sat Dec 01, 2012 6:10 pm
by Zenar
Thanks Dry! ^^

Re: And we're back...

Posted: Sun Dec 02, 2012 3:47 am
by Maahes0
Yay! Thanks for the quick work!

Re: And we're back...

Posted: Mon Dec 03, 2012 12:33 pm
by Nimaji
Good catch, and way to bring things back. This was at the top of the page when I first opened the homepage in Chrome:


[phpBB Debug] PHP Warning: in file [ROOT]/includes/session.php on line 1042: Cannot modify header information - headers already sent by (output started at /homepages/41/d252103388/htdocs/main.php:3)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/session.php on line 1042: Cannot modify header information - headers already sent by (output started at /homepages/41/d252103388/htdocs/main.php:3)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/session.php on line 1042: Cannot modify header information - headers already sent by (output started at /homepages/41/d252103388/htdocs/main.php:3)

~jtk2

Re: And we're back...

Posted: Mon Dec 03, 2012 12:59 pm
by Dryness
Hmm... that shouldn't be happening... I thought I had fixed that the other night and I'm not seeing it now...
Looking into it.

EDIT: Should be fixed now.

Re: And we're back...

Posted: Sun Jan 06, 2013 6:39 am
by Nimaji
[phpBB Debug] PHP Warning: in file [ROOT]/wowhead/includes/wowhead_armory.php on line 901: Invalid argument supplied for foreach()
[phpBB Debug] PHP Warning: in file [ROOT]/wowhead/includes/wowhead_armory.php on line 878: Invalid argument supplied for foreach()
[phpBB Debug] PHP Warning: in file [ROOT]/wowhead/includes/wowhead_armory.php on line 792: Invalid argument supplied for foreach()
[phpBB Debug] PHP Warning: in file [ROOT]/wowhead/includes/wowhead_armory.php on line 901: Invalid argument supplied for foreach()
[phpBB Debug] PHP Warning: in file [ROOT]/wowhead/includes/wowhead_armory.php on line 878: Invalid argument supplied for foreach()
[phpBB Debug] PHP Warning: in file [ROOT]/wowhead/includes/wowhead_armory.php on line 792: Invalid argument supplied for foreach()
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4744: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4746: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4747: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4748: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3842)


This appeared again the other night, and again today when I was viewing new posts.

~jtk2

Re: And we're back...

Posted: Tue Jan 08, 2013 7:01 am
by Dryness
Yeah, that happens. I was supposed to do things on the site over my vacation, but then I got distracted by the fact that I didn't have to do fuck-all for 3 weeks and slipped into a coma.

That message should only happen the first time a new person uses the [ armory ] or [ character ] tags, and go away after. I'm going to fix the tooltips (for really reals) in a bit to stop that from happening.

Re: And we're back...

Posted: Tue Jan 08, 2013 10:22 am
by Nate
Dry! Can we fix these spammers? I'm banning email, IP, and UN with mass delete but they keep coming back >.<

Re: And we're back...

Posted: Tue Jan 08, 2013 11:54 am
by Dryness
Tiny victories!

@Nim
You should never see those errors again... ever. I've finally replaced the broken tooltips with a newer, though less robust, solution.
Right now, character names are not coloured by class, though I hope to find a solution to that in a bit. Additionally, the only thing you can pull up are characters (though there's support for much more).

@Nate
Think I found a solution that should work now going forward. If more spammers come through, delete the messages, but *don't* delete the user.

Re: And we're back...

Posted: Tue Jan 08, 2013 1:24 pm
by Zenar
I've been banning the users and IPs want me to stop that?

Re: And we're back...

Posted: Tue Jan 08, 2013 2:32 pm
by Dryness
Mods (p funk or officer groups) should now have an extra button on every post which allows you to delete the message and flag it as spam.
You shouldn't need to use it at all, as I have relatively high hopes for the new spam filter (it came highly recommended from a friend who manages a much larger forum) so... fingers crossed.
-----
Oooh! Another victory! Linked characters using either [ armory ], [ recruit ] or [character ] tags now show the class colour, m/f and class icons! For some reason it doesn't show until after you've moused over it though... I'll have to figure that one out later.