View CommentsFUS has been hacked

I have some grave news, amigos.

On May 30th, FUS was hacked by a spammer. We still don’t know for 100% certain how they got in, but I’m 99% certain they got in through a WordPress exploit, since our WordPress was rather out of date. The main thing they did, possibly the only thing, was put up a bunch of spam pages and maybe send out spam e-mails.

But there is also a chance they got ahold of the forum database, including the password table. The passwords are encrypted (or more accurately “hashed”), which means they cannot just read your password, but they might be able to decode some of them. If you reused your FUS password anywhere else, such as for an e-mail account, we highly recommend changing those passwords just to be safe. Also, though we think the chance is tiny, FUS may still be compromised for the moment. Now, the chance they got or will get your password is very small, but it’s not impossible.

We think we have patched up the security holes, but the nature of security is one can never be too sure. So what we’re going to do is torch the site and run. *ahem* I mean, we’re going to make a big backup of everything, wipe the server, and then put everything back in as secure a manner as possible. That means that, within a day or two, FUS is going to be down for probably a few hours. We won’t lose anything; when we’re back up, everything will still be there and, we hope, it will look as though nothing had ever happened.

We deeply apologize for the inconvenience. Heck, it’s a hassle for us too! But bear with us and everything should be fine within a couple of days, OK?