|
Post by [CK]erazor on Oct 11, 2020 10:35:10 GMT -5
"This is not funny at all actually. We may have just permanently lost one of the only extensive 6yr historical archives of the War Robots community including a lot of amazing input that many people put in a lot of time to post.
Not only that, but until we get some answers from Proboards employees, the forum is unfortunately still vulnerable to repeat attack.
Until this gets resolved, if you intend to post a detailed exposition, for example like the recent piece by Linearblade on drones, we recommend that you compose your piece in another program on your device such as Notes, then cut and paste it to the forum, so that you have a backup. We will update you as we receive word on the situation."
Sorry for creating a new thread, but I am unable to reply to the previous thread.
What is the backup situation? Maybe you can give some background information. A lot of people on this forum have a IT-Tech background. In order to help as a community, you have to break the silence and share some details.
- Do snapshots of the DBs/tables exist?
- Can we revert to a DB snapshot from some days ago?
- Do backups not exist at all?
- Is the current DB corrupted and needs a fix. If so, can you upload the DB to some file share and let the community try to work on it?
- What error codes related to Freeforums/Proboards do you guys get? - " vulnerable to repeat attack." So it was a non-patched security issue which someone used to flush all tables? What's the CVE number and are other boards hosted on freeforums affected?
You are surely aware that some guys here are willing to try to help to solve this. If u guys don't drop any info, we can't help.
|
|
|
Post by ѻﻭɼﻉ on Oct 11, 2020 10:59:31 GMT -5
Thank you, that is really appreciated. At the moment we are in discussion with pro boards to get answers and will share more when we hear back.
|
|
|
Post by [CK]erazor on Oct 11, 2020 11:09:24 GMT -5
Thank you, that is really appreciated. At the moment we are in discussion with pro boards to get answers and will share more when we hear back. Alright. I and others are willing to help, so just keep us posted. Will do what I can, if I can help. It would be a shame if the probably best War Robots archive was gone. If you need resources, VMs for running a reconstrution of a database or anything, just drop a message/post in a thread. I hope the situation can be resolved.
|
|
|
Post by linearblade on Oct 11, 2020 11:15:18 GMT -5
Thank you, that is really appreciated. At the moment we are in discussion with pro boards to get answers and will share more when we hear back. I recently had an entire cluster get rooted in one of my older installations that I suspect my admin had not updated in some time. It’s possible there is a root kit being used to gain shell access and then with reverse shell root the box, and then Becsuse internal networks are usually not secured properly , they move out from their and rootkit for ransom. While I had backups, they re rooted even wifh most of it off. So I have left that setup offline. I am not a systems admin, I am a software engineer. But it’s possible it’s that. I’d it’s a database crash, they can likely use repair tables and get going. Given that pro boards is fairly venerable. My guess is the former and not the latter. I suspect a lot of root kits floating around from that released cia root kit a few years ago. Some of it may have been esoteric and not practical without extra work to implement. And some criminal outfit finally made it work
|
|
|
Post by linearblade on Oct 11, 2020 11:30:13 GMT -5
But given only the data tables appear toast. Maybe itâs just a corrupted database or partial 「fluffernutter」 up.
If thatâs the case restoring that would be pretty simple.
Cross your fingers
|
|
|
Post by Poopface on Oct 11, 2020 11:39:18 GMT -5
Based on initial investigation, it appears deliberate by someone not on staff.
|
|
|
Post by spectre729 on Oct 11, 2020 11:41:05 GMT -5
i guess some a-hole decide to be slick and hit the RESET button
|
|
|
Post by linearblade on Oct 11, 2020 12:27:20 GMT -5
Based on initial investigation, it appears deliberate by someone not on staff. Maybe an admin panel has been exploited only then and no shell gained
|
|
|
Post by reconnecting on Oct 11, 2020 16:25:46 GMT -5
But given only the data tables appear toast. Maybe itâs just a corrupted database or partial 「fluffernutter」 up. If thatâs the case restoring that would be pretty simple. Cross your fingers
|
|
|
Post by Шɑɡɡɪή on Oct 11, 2020 17:22:17 GMT -5
Well, it appears it was malicious intent. So I wonder if the SQL database is completely gone?
|
|
|
Post by punishingcossack on Oct 11, 2020 17:34:23 GMT -5
feels like a good time to post this goodie
|
|
|
Post by T34 on Oct 11, 2020 19:27:12 GMT -5
Doesnt sound like a back up or replication issue. I am sure they would have back ups and/or data replicated. Could be a ransomware attack that was in the system for some time and if so their backups and replicated data would also be affected. To keep the forum going they probably dumped a fresh db in place so people can at least keep going with new stuff. All conjecture but sounds better than no replication or backing up.
|
|
|
Post by spectre729 on Oct 11, 2020 19:29:33 GMT -5
feels like a good time to post this goodie you like xkcd?
|
|
|
Post by punishingcossack on Oct 11, 2020 19:30:21 GMT -5
feels like a good time to post this goodie you like xkcd? i haven't looked at xkcd for a long time, but this one is an all time classic haha
|
|
|
Post by spectre729 on Oct 11, 2020 19:31:26 GMT -5
i haven't looked at xkcd for a long time, but this one is an all time classic haha ah i see
|
|
|
Post by Spicy Jones on Oct 11, 2020 20:36:59 GMT -5
Based on initial investigation, it appears deliberate by someone not on staff. Yeesh. We can pissed about the direction of the game moving forward and I don't always get on great with all of you, but that is just plain nasty. The mods here are cool and don't deserve this stress. This forum is way better than the subreddit could ever hope to be and for certain we can all speak our thoughts a lot more openly here. I'm sorry that this has happened. The people operating this site are doing so out of their love for this game/community and if it really was a deliberate attack to cripple the forum that's just sickening. Some people are just sad, childish garbage.
|
|
|
Post by shivaswrath on Oct 11, 2020 21:47:06 GMT -5
Jesus for a moment I thought it was my app.
I'll miss the kitty GIf thread the most...the one that didn't die.
|
|
|
Post by Danny Linguini on Oct 11, 2020 22:58:05 GMT -5
What I find truly baffling is that the site is still fully functional, and only data has been deleted. That seems like a lot of trouble for somebody to go to instead of just a run-of-the-mill DDOS or other disruption. If it turns out to be some kind of ransomware scam, I hope somebody tells them to go 「fluffernutter」 themselves.
|
|
|
Post by linearblade on Oct 11, 2020 23:38:27 GMT -5
What I find truly baffling is that the site is still fully functional, and only data has been deleted. That seems like a lot of trouble for somebody to go to instead of just a run-of-the-mill DDOS or other disruption. If it turns out to be some kind of ransomware scam, I hope somebody tells them to go 「fluffernutter」 themselves. If it was ransomware they would wreck you and leave a note somewhere. Ransomware attacks usually are more thorough
|
|
|
Post by tekwarrior on Oct 11, 2020 23:45:41 GMT -5
Could it be as a simple as one of the Admins account got compromised and was used to delete the forum?
Does Proboards provide audit logs, logon activity, IP addresses etc?
Can Admin accounts have 2FA/MFA setup?
|
|
|
Post by milty72 on Oct 12, 2020 1:15:28 GMT -5
Jesus for a moment I thought it was my app. I'll miss the kitty GIf thread the most...the one that didn't die. Here's one to help
|
|
|
Post by linearblade on Oct 12, 2020 2:49:25 GMT -5
Doesnt sound like a back up or replication issue. I am sure they would have back ups and/or data replicated. Could be a ransomware attack that was in the system for some time and if so their backups and replicated data would also be affected. To keep the forum going they probably dumped a fresh db in place so people can at least keep going with new stuff. All conjecture but sounds better than no replication or backing up. I agree their backups are likely infected. But the database itself is not likely executable content and should be safe to restore
|
|
|
Post by linearblade on Oct 12, 2020 2:52:33 GMT -5
Thank you, that is really appreciated. At the moment we are in discussion with pro boards to get answers and will share more when we hear back. Are other pro boards sites affected or only war robots
|
|
|
Post by cookieDad on Oct 12, 2020 3:23:29 GMT -5
|
|
|
Post by akulon on Oct 12, 2020 3:32:13 GMT -5
Thank you, that is really appreciated. At the moment we are in discussion with pro boards to get answers and will share more when we hear back. Are other pro boards sites affected or only war robots Only War Robots.
|
|
|
Post by linearblade on Oct 12, 2020 4:01:17 GMT -5
Reading the pro boards chat, sounds like weâre 「fluffernutter」ed. Hopefully they take pity and restore us. Otherwise we are up 「dookie」 creek without a paddle due to their tos
Which brings me to the reason for flexible tos ...
|
|
|
Post by punishingcossack on Oct 12, 2020 4:13:49 GMT -5
Reading the pro boards chat, sounds like weâre 「fluffernutter」ed. Hopefully they take pity and restore us. Otherwise we are up 「dookie」 creek without a paddle due to their tos Which brings me to the reason for flexible tos ... if they don't restore our data, we'll take our forum elsewhere
|
|
|
Post by [CK]erazor on Oct 12, 2020 5:26:02 GMT -5
Maybe I have figured some things out. Remember the wave of gross spam we had back in 2017 or so? One or multiple individuals would post gross images on the forum. The response to this was, from what I remember, that some members became part of a "forum clean up" team who would have the ability to immediately delete such contents. And we also enabled that for new accounts, comments would only appear after a new account had 50 comments and/or was approved by a mod. Now I'm playing the guessing game: An individual named "pillowofdoom" was part of the 2017 enabled VSTF group, which has the rights/credentials to delete/clean stuff on the forum. The name came up in the thread that Joopiter has created on the Proboards support forum. The account of "pillowofdoom" could have been legit back then, doing normal forum spam clean up. BUT, it could have been an account with a very easy to guess password. So later, someone could have checked who was involved with the VSTF group on the forum and tried to get access to one of the accounts involved.
So, from my point of view, the error to begin with was adding people to this VSTF group which has the right to clean forum contents. There was no hack or security flaw on this forum involved. It seems that the reason for the forum purge was a mixture of human error and one arsehole taking advantage of it. "pillowofdoom" somewhere mentioned quitting the game, so he/she might not have been active for ages but the forum account might still have been in this VSTF group.
Now, the 「dookie」 part is: According to Proboards TOS, they won't restore "user deleted content", which includes content deleted by users with elevated privileges (mods, admins). Unless Proboards acts against their own TOS, the contents of War Robots forum are gone.
|
|
|
Post by frunobulax on Oct 12, 2020 5:38:30 GMT -5
Now, the 「dookie」 part is: According to Proboards TOS, they won't restore "user deleted content", which includes content deleted by users with elevated privileges (mods, admins). Unless Proboards acts against their own TOS, the contents of War Robots forum are gone.
This would give them the ability to ignore damages if any admin account is hacked. It may be in their TOS, but I'd expect Proboards to act here and restore a backup, if they have any.
There must have been thousands of threads. Smells more like a "delete from [content-table]" statement to me. Would the VSTF group have access to a database frontent?
Also, you always have to question motive. Who would go to such lengths to delete all forum content, if there is no financial gain in for them? I don't want to speculate, but this sounds either like a very disgruntled user that is a hacker on the side, or somebody else who doesn't like the forum content and wants to kill it off.
|
|
|
Post by [CK]erazor on Oct 12, 2020 5:48:15 GMT -5
Now, the 「dookie」 part is: According to Proboards TOS, they won't restore "user deleted content", which includes content deleted by users with elevated privileges (mods, admins). Unless Proboards acts against their own TOS, the contents of War Robots forum are gone.
This would give them the ability to ignore damages if any admin account is hacked. It may be in their TOS, but I'd expect Proboards to act here and restore a backup, if they have any.
There must have been thousands of threads. Smells more like a "delete from [content-table]" statement to me. Would the VSTF group have access to a database frontent?
Also, you always have to question motive. Who would go to such lengths to delete all forum content, if there is no financial gain in for them? I don't want to speculate, but this sounds either like a very disgruntled user that is a hacker on the side, or somebody else who doesn't like the forum content and wants to kill it off.
This is a quote from a Proboards Admin:"joopiter, according to the security log, that member was added to the member group VSTF. That group does have the power Forum Cleanup, which allows the member to delete all threads and posts." From what I understand, you have only access to some web interface, no access to any background DBs and such stuff. If there's a big "Forum Cleanup" button that a member of VSTF has access too, herein lies the root of our problem.
"Who would go to such lengths to delete all forum content"
Honestly, I have no idea. Frustration maybe? Heck, could even be a pissed-off ex Pixonic employee, pissing over the community around the game and pissing on his former company. Ur right, the primary motivation to do things is money or fame. I personally can't understand why a person would kill thousands or tens of thousands of threads/comments on a forum about a game.
|
|