Diecast Crazy Forums banner

Regarding the hack and other forum software.

3K views 37 replies 27 participants last post by  yukonsjoy 
#1 · (Edited by Moderator)
Good evening. Following a nice long nap recovering from a late night last night and early morning rise for church, I've continued researching this group, the effects, the solutions, and other forum software.

This group targets vBulletin forum software. In fact, many have been hit over the past week by this same group of individuals. The linked site even has a disclaimer claiming no fault of these attacks but that the group of individuals must really want to spread the word about this revolution. There are millions of forums running vBulletin, including this one of course. vBulletin software is the easiest to target due to the largely simple coding. So simple that I can figure it out!

The effects of the hacking only targeted the staff and admin. No emails were compromised, only changed. The emails changed were that of the staff and admins so that we would have a difficult time regaining control of the site. This person or persons only utilized the features readily available once gaining access to my admin panel. They placed a global start code that caused this website to redirect to their website at every page load, before anything else could be loaded.

I've taken the steps suggested to prevent this from happening so easily again. I've double locked down my admin panel and changed my password to something even I have a hard time remembering.

I've also began looking into other forum software again. I tried to switch us over last year but received so much negativity over the change that I quickly reverted back. I made mention that we aren't using the most stable software anymore. The two most recent issues are the result of that. The only concrete solution is to switch software but that means that everyone here would just have to deal with the changes and learn to use something new. Alternatively, we can stick with what we have, keep addressing the issues, and understand that until something changes, we'll be vulnerable.

I would like everyone to think about this before I make any move because if we stick with what we have, I can save money for sure, but the time and frustration of being hacked once again is still a real possibility. Being hacked is nothing that can't be fixed, but it's not easy!

Other sites that have been targeted that I've found.


  • Road Bike Review
  • Walther Forums
  • PWCToday
  • Gambling Network.com
  • TigerFan
  • NYC Transit Forum
  • PS3ISO
  • Club Chopper
  • SVTPerformance
  • Roll it Up.org
  • Texas Gun Forum
  • Club Cobra
  • DC Sport Bikes
  • Gossip Rocks.com
 
See less See more
#4 ·
I'll step up and say that I'm usually resistant to change, unless I can REALLY see the need. Well, after this recent event, I REALLY see the need. I'm all for it, Racer. I hope that each of you that are also resistant to change and usually quite verbal about will also consider the recent event and why its necessary to keep moving forward in this very technological world. This place is our playground and it's a lot easier to enjoy ourselves when we're comfortable, but I think we need to change and deal with the uncomfortable newness of it so that we can move forward and be safer. The comfort will return in time and it's for a damn good reason. Keep on rockin'.
 
#6 ·
I'll be honest, I hate change as well. No one forum software does what this site does, not even the stock version of what we have now. I've spent hours upon hours adding up to probably days and weeks modifying this site to get it to the point that it is now. I don't want to do it again!

At the same time though, I also don't like knowing that some person that probably lives at home in their parents basement can just log right in and use this site that I've spent so much time building to spread their nonsense.
 
#7 ·
Honestly, I (and many others) are comfortable with what we have here. It's become easy to use and we have a ton of capability. Having said that, if we can go to something else that provides us more security at less cost and it's not a ton of work, I say go for it. However, before we go and switch, explore the vulnerabilities of any new forum software we may be using as well.

I didn't see the issues with the hack, other than receiving the e-mail, because I wasn't online. In the end, do what's going to be the best for the board and the administration of the board. If the members like the board, they will stay regardless and we will adjust to the change.
 
#8 ·
Honestly, I (and many others) are comfortable with what we have here. It's become easy to use and we have a ton of capability. Having said that, if we can go to something else that provides us more security at less cost and it's not a ton of work, I say go for it. However, before we go and switch, explore the vulnerabilities of any new forum software we may be using as well.

I didn't see the issues with the hack, other than receiving the e-mail, because I wasn't online. In the end, do what's going to be the best for the board and the administration of the board. If the members like the board, they will stay regardless and we will adjust to the change.
I share the same views that you do and I have been researching this particular software and it's as secure as it was a year and a half ago when it was used for the brief DCW experiment. If I make a switch, it is to extremely secure software.
 
#9 ·
You know me, Franklin... [MENTION=1]racersimage[/MENTION] I think I was one of the only people that actually supported you in changing the site's software. I had no problem with it. In exchange we would have had many more features, but in the end it was a moot point.


You might want to look into .ning software or it's equivalent. I think the Stock Car Racers Reunion site uses it as well as a few others I frequent. I really like it.

In the end, I know you'll make the right choice.
 
#10 ·
You know me, Franklin... @racersimage I think I was one of the only people that actually supported you in changing the site's software. I had no problem with it. In exchange we would have had many more features, but in the end it was a moot point.


You might want to look into .ning software or it's equivalent. I think the Stock Car Racers Reunion site uses it as well as a few others I frequent. I really like it.

In the end, I know you'll make the right choice.
Yep, you are familiar with the software I speak of.

I just looked into ning but unfortunately it looks like they host the boards themselves and their most expensive package is not large enough for our needs. I do like the look of it, but we've already surpassed the best that they offer size wise.
 
#12 ·
As Karl said, I think alot of people, myself included, are very comfortable with all the features the current forum software offers. But after yesterday, security of the site itself is more important to me. I'd be more comfortable with site security and learn my way around new format software, than wonder when a situation like yesterdays would happen again. If something more secure can be found, I'm for it 100%.
 
#13 ·
[MENTION=1]racersimage[/MENTION]... You might want to contact the webmasters at Diecast Space and Diecast Nutz. Same software as ning but I think they (the sites mentioned) may host it themselves. Diecast Space is pretty big... I think it might be the same package as the Dcw experiment, which I wouldn't mind trying again.
 
#15 ·
I remember when the change was tried, and how well it went over. If a little more time was given, and help from the mods and racer, i'm sure a change could be made. If there's anything we can do to help, just give a yell!!:ANYWORD:

P.S. I'd also like to Thank Franklin and the admim. They(once again) defended our home!!:yes:
 
#16 ·
The thing I don't understand is, why would anyone want to hack a diecast forum? I know that they'll hack whatever they want to, but that is interesting. Outside of us, most people think that they are just stupid toys.

This Google search link should help. https://www.google.com/#hl=en&outpu...,cf.osb&fp=9a06738beb7a37b5&biw=2560&bih=1214

We were only a victim due to our software. They don't target specific forums, just ones they can easily find.

It's very easy to find vBulletin forums through Google and a search can even be defined to show the most active or most recently accessed forums. This hacker isn't done, and even some forums have been hit twice before we were even hit once so this is going to be an ongoing problem. Hopefully I've taken the steps to keep them out for the time being.
 
#17 ·
Other sites that have been targeted that I've found.


  • Road Bike Review
  • Walther Forums
  • PWCToday
  • Gambling Network.com
  • TigerFan
  • NYC Transit Forum
  • PS3ISO
  • Club Chopper
  • SVTPerformance
  • Roll it Up.org
  • Texas Gun Forum
  • Club Cobra
  • DC Sport Bikes
  • Gossip Rocks.com
 
#18 ·
This Google search link should help. https://www.google.com/#hl=en&outpu...,cf.osb&fp=9a06738beb7a37b5&biw=2560&bih=1214

We were only a victim due to our software. They don't target specific forums, just ones they can easily find.

It's very easy to find vBulletin forums through Google and a search can even be defined to show the most active or most recently accessed forums. This hacker isn't done, and even some forums have been hit twice before we were even hit once so this is going to be an ongoing problem. Hopefully I've taken the steps to keep them out for the time being.
Wow, that is just terrible.
 
#22 ·
I am in support of any means necessary to keep this site safe from hackers. I like the current format but I am not opposed to change if it keeps us protected. Franklin, you put so much time and effort into this site and I truly appreciate that, I don't want anything to happen to this site from a personal standpoint or for your own efforts and money invested. What you've created here is great and I'd hate to see anything happen to this place.
 
#25 ·
Any forum software is going to have vulnerabilities, as I'm sure Franklin knows and is considering as well. Regardless of the software, someone will always go through the code and find a weak point to exploit, which is why the authors & contributors that build the software are always releasing patches and updates.

IMO, no matter what software the site may be switched too, the chance of being exploited still exists, and Franklin would have lost a lot of time and effort in what he has done so far while trying to get new software up to speed to replace what we already have.

I think that if you like what you have, stick with it, keep the defenses up as best as we can, and deal with any issues as they come up.
 
#26 ·
[MENTION=1]racersimage[/MENTION] ... do what you need to do software wise. If I have to relearn some controls, oh well, so be it. If this can be secured and left as is, that's ok too.

I know you've spent a lot of time customizing, if a new software you choose allows plug ins or scripts I'd be happy to chip in and help out.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top