NOTE: A separate thread celebrating our coming back online after the outage is here.
Ct+paste of the message that was up on our server for the last 4 days for everyone that tried to access any page on the server:
Quote
What happened:
On Sunday morning, March 2nd, around 10:30am(EST), the server was hacked into by someone who used an exploit on a piece of older software to get root access.
Thankfully the attacker was only in the machine for 1-2 hours when the intrusion was discovered, and we immediately locked down access to all services.
There doesn't appear to be any data loss, but the attacker did manage to put up some sort of activex code on the homepage of the site which attempted to infect visitors of our homepage using older versions of Internet Explorer. If you visited the home page of the site on Sunday morning EST using Internet Explorer and noticed anything strange please make sure you run a virus scan on your computer. If the activex is allowed to run, it attempts to install a version of the ntos.exe virus on the users PC. To make sure you have not been infected, please go to the (C:\)Windows\System32\ directory on your PC and look for a file called "ntos.exe". If you do find a Windows\System32\ntos.exe file on your pc, then you need help removing the infection. Here is one page with some instructions. The virus is also detected by the free antivirus programs AVG and AntiVir.
Please note that none of our file downloads were ever compromised in any way.
We have decided that the best thing for us to do in order to be absolutely certain that the attack cannot be repeated is to reinstall new server software from scratch, with tighter security restrictions, and then restore the site content from known good backups.
We can't apologize enough for the downtime and inconvenience. It's heartbreaking to us that someone would do this to the site. The only thing we can do is re-dedicate ourselves to security and take the time to fix it properly so it never happens again.
Thank you for your understanding and patience. And thank you so much for your support while we work to bring the site back up.
-mouser, gothic, wordzilla, and rest of the DC team
On Sunday morning, March 2nd, around 10:30am(EST), the server was hacked into by someone who used an exploit on a piece of older software to get root access.
Thankfully the attacker was only in the machine for 1-2 hours when the intrusion was discovered, and we immediately locked down access to all services.
There doesn't appear to be any data loss, but the attacker did manage to put up some sort of activex code on the homepage of the site which attempted to infect visitors of our homepage using older versions of Internet Explorer. If you visited the home page of the site on Sunday morning EST using Internet Explorer and noticed anything strange please make sure you run a virus scan on your computer. If the activex is allowed to run, it attempts to install a version of the ntos.exe virus on the users PC. To make sure you have not been infected, please go to the (C:\)Windows\System32\ directory on your PC and look for a file called "ntos.exe". If you do find a Windows\System32\ntos.exe file on your pc, then you need help removing the infection. Here is one page with some instructions. The virus is also detected by the free antivirus programs AVG and AntiVir.
Please note that none of our file downloads were ever compromised in any way.
We have decided that the best thing for us to do in order to be absolutely certain that the attack cannot be repeated is to reinstall new server software from scratch, with tighter security restrictions, and then restore the site content from known good backups.
We can't apologize enough for the downtime and inconvenience. It's heartbreaking to us that someone would do this to the site. The only thing we can do is re-dedicate ourselves to security and take the time to fix it properly so it never happens again.
Thank you for your understanding and patience. And thank you so much for your support while we work to bring the site back up.
-mouser, gothic, wordzilla, and rest of the DC team
Logged
- carpe noctem
)...
