4 replies to this topic

[FUS News Robot]

I have some grave news, amigos.

On May 30th, FUS was hacked by a spammer. We still don't know for 100% certain how they got in, but I'm 99% certain they got in through a Wordpress exploit, since our Wordpress was rather out of date. The main thing they did, possibly the only thing, was put up a bunch of spam pages and maybe send out spam e-mails.

But there is also a chance they got ahold of the forum database, including the password table. The passwords are encrypted (or more accurately "hashed"), which means they cannot just read your password, but they might be able to decode some of them. If you reused your FUS password anywhere else, such as for an e-mail account, we highly recommend changing those passwords just to be safe. Also, though we think the chance is tiny, FUS may still be compromised for the moment. Now, the chance they got or will get your password is very small, but it's not impossible.

We think we have patched up the security holes, but the nature of security is one can never be too sure. So what we're going to do is torch the site and run. *ahem* I mean, we're going to make a big backup of everything, wipe the server, and then put everything back in as secure a manner as possible. That means that, within a day or two, FUS is going to be down for probably a few hours. We won't lose anything; when we're back up, everything will still be there and, we hope, it will look as though nothing had ever happened.

We deeply apologize for the inconvenience. Heck, it's a hassle for us too! But bear with us and everything should be fine within a couple of days, OK?

Read the full story here

[furrykef]

I have not done the full reinstall just yet. I may start the process within the next couple of hours or I might wait until tonight; it depends on when I finish preparations and how confident I am in them.

Anyway, it seems clear now that FUS is currently compromised. A malicious "indes.php" (note the "s") file was uploaded or generated a few hours ago which allows anyone who uses it to execute arbitrary PHP code. Hopefully, this was just generated by something left over from the previous hacking and isn't a sign of new hacking, in which case things should still be back to normal after I do the full reinstall.

[HeavensChampion]

I've changed my password, and I'll say just that.

[Arekkisu]

Should I do a double check through all my files because my site is hosted through FUS or should I be safe?

[furrykef]

I upgraded your Wordpress to 4.2.2 last night, and I haven't found anything compromised in it. Your site should be safe. You may still want to change the password of your Wordpress account, because they may still have read your database, but you might as well wait until the reinstall first 'cause FUS may still be compromised (and so you'd just have to change it again).