Glad to see BCUK back online
- Thread starter Mesquite
- Start date
Boy am I glad to see the forum is back online.
I really missed my evening fix
Likewise! I was tracking a dozen or so threads, and I've had to clear the cache just to get the forum to load... otherwise I still get the maintenance page. Clearly the redirect isn't properly configured, and the maintenance.php page should have a no-cache setting!
greensurfingbear
Bushcrafter (boy, I've got a lot to say!)
Seems to work ok via tapatalk......mind you there doesn't seem to be a many new threads or replies as I would normally expect
Orric
Orric
Last edited:
We had the site down because of an exploit that came to light recently, it was a precaution till we could ascertain the danger to Bushcraft UK, it turns out that we'd already instigated security measures that prevent the forums getting hacked but it was better to be cautious than sorry and have to go through all the hassle of sorting out the aftermath.
Thanks for your patience everyone
T
Thanks for your patience everyone
T
As I understand it,
.
There was a zero day attack launched against some forums running V Bulletin software.
Inject0r ( a hacking group ) claimed The breach gave the hacker full access to "shell, database & root server" on the compromised forums. This included access to the hashed password & user name files. Alledgedly they were selling the hack for $7 online along with screenshots proving the vulnerability was real.
.
Tony took the forum offline until he was happy with the situation.
Ashley, has done the same to NB & still has an explanation page up.
.
As a precaution in such situations I prrsonally change my "low level passwords" which I use for forums etc. as they often match each other.
.
I know generally you shouldn't use the same password for different logins but as I class a compromise of my forum accounts as a low priority compared to say banking it's a risk I take.
.
V Bulletin aren't making the sort of noises I would like them to make to keep me happy, so my read on it is they were caught out, time will tell.
Cross post with Tony, must type faster....
.
There was a zero day attack launched against some forums running V Bulletin software.
Inject0r ( a hacking group ) claimed The breach gave the hacker full access to "shell, database & root server" on the compromised forums. This included access to the hashed password & user name files. Alledgedly they were selling the hack for $7 online along with screenshots proving the vulnerability was real.
.
Tony took the forum offline until he was happy with the situation.
Ashley, has done the same to NB & still has an explanation page up.
.
As a precaution in such situations I prrsonally change my "low level passwords" which I use for forums etc. as they often match each other.
.
I know generally you shouldn't use the same password for different logins but as I class a compromise of my forum accounts as a low priority compared to say banking it's a risk I take.
.
V Bulletin aren't making the sort of noises I would like them to make to keep me happy, so my read on it is they were caught out, time will tell.
Cross post with Tony, must type faster....
I still get the "maintenance" message if I try to log in normally ... and I cannot click on "new messages" without going back to that message....
john, you'll need to clear your history/cache, it's a pain I know but the computer is remembering there's no access when in fact there is
resnikov
Bushcrafter (boy, I've got a lot to say!)
Was interesting to see the post about it on Facebook and the replies and try and put real names to user names.
Is it worth adding that to the "Thank you for visiting BuschraftUK Sorry, we're currently performing essential site maintenance and will be back online shortly." message?
This is why you need to add the "no-cache" parameter to the site... since the content of a forum is changing all the time anyway, there's no real benefit to caching the pages. Then when you go to maintenance mode, the pages should return a HTTP 302 code so the browser knows it's just a temporary redirect.
That way, the moment you come out of maintenance mode, people can get back on the site without having to wipe their cache (which I'd hazard many in here don't know how to do)
Not a criticism or complaint, just a suggestion from a systems architect
And possibly check your PMs.
If you have been buying or selling anything on classifieds here then likely you have a PM history which details your name and address and possibly your paypal email address.
Some sellers also PM their Bank Account Details for BACs payments as well.
That's a very good point mate, my PM folder contains a couple of members bank details etc. from previous group buys/purchases, unfortunately it is their PM's that will contain my details so we all should maybe be a little prudent in clearing them out.
Web link to one of the many online articles starting to surface
http://www.theregister.co.uk/2013/11/18/vbulletin_hacked/
Last edited:
Similar threads
