Camen Design Forum

Downtime: Existing users please read

append delete Kroc

Hello all.

Any eagle-eyed reader may have noticed unusual bouts of downtime for Camen Design.

A few days ago, my site came down due to an exploit of some sort and I have been working with the hosts to resolve this. It could have been within some third party self-host, such as Fever or AWStats, or it could be within my own code, which would be much worse.

I don’t claim to be a security expert, I know that I have every possibility to make mistakes in my code, but on the whole I always have "don’t trust user input" emblazoned on my mind when I code and am at the least, not lax.

As I understand that all things are fallible, including my code, I never store anything of any importance on this site. All the code is open source in the first place and I have nothing to hide on here.

I’m going to take this opportunity to make a change to the forum which I was holding back because of compatibility with existing users. I have increased the strength of the hashing algorithm and salt, which means that all existing usernames on the forum are now open again.

*** IMPORTANT ***

Could anybody wanting to keep their name, especially mods (who have had their mod status removed for the moment) please reply in order to re-reserve your name. If you find anybody has taken your name, please just e-mail me at kroccamen@gmail.com for help.

***

If anybody could give any insight in the source of the exploit (if it happens to be within my code), I would be most grateful and will be willing to offer a bounty for info on the exact exploit used in this recent instance.

Kind regards,
Kroc Camen.

Reply RSS

Replies

append delete #1. Jose Pedro Arvela

Just replying to re-reserve my name. I was actually going to email you if I noticed the downtime was longer (just in case you hadn't noticed it, although I was quite certain you had).

append delete #2. Mathias

Re-reserving my name as well. Please keep us posted on any findings regarding the exploit!

append delete #3. Kroc

The exploit started a process on the server, so the point of the exploit doesn’t appear to be anything to do with the content or data of the site. Therefore I am more inclined to think that the exploit was an automated bot attacking a third party piece of software such as Fever or AWStats.

If it was an attack on my code, it didn’t seem to serve a purpose. Anybody with a vendetta against me would have put up a hacked message for publicity. If it was my code, I’m far more interested in learning how it was done.

There’s no evidence anybody’s passwords were exploited (they were hashed to begin with), and the hosting company’s security software shut the site down as soon as it saw the runaway process.

append delete #4. JJ

Ah, reserving name.

append delete #5. Zifre

I was actually just about to write you an email, just like Jose Pedro Arvela, and then I noticed that the site was back up. :-)

Name reserved. :-P

#6. Adam S

This post was deleted by its owner

append delete #7. Adam S

I was once hacked. They found their way in using a Wordpress plugin called WP-Lytebox. Fever, AWStats, all of those redistributables are potential security threats. Many people don't update/upgrade modules that they don't write themselves. Lesson learned?

append delete #8. davidhund

And here I am, reserving the name ;) I too am interested to hear more about the exploit. Also, you mentioned a ridiculously simple anti-spam measure? ;)

append delete #9. Nicolai

Re-reserving my name. Good to see the site up and running again! :)

append delete #10. Johann

Sorry to hear the downtime was caused by something like that... I thought you might be revamping stuff.

Speaking of names, for years now I sometimes wonder if a forum could work where each poster has a different name in each thread and to each visitor (seed the random generator that picks names with something made of the visitor IP and the thread ID, something like that)? You know, so it's more about what is said and not who says it. Not necessarily a suggestion for this forum, I'm just throwing it out there, because I don't know when I'll ever get to create something like that myself :)

append delete #11. theraje

Hai!

append delete #12. TorbjornLunde

Reserving my name.

Also: good to see the site is up again!

append delete #13. ra00f

A gentle bump :)

append delete #14. ThomasGC

Just re-reserving my ID. Sorry to hear you've had problems with the site.

append delete #15. oldtimes

Plim

append delete #16. cthom06

I've had security problems with AWStats in the past, reserving my name.

append delete #17. Z. Smith

Re-reserving my name. Good to have the site back up.

#18. Captain Canuck

This post was deleted by its owner

append delete #19. Captain Canuck

Details on anything that may help us figure out this exploit.

Also,

This post was deleted by its owner

append delete #20. Wannes

So that's the reason why I couldn't find any of your rants :) Glad to be able to check them again.

append delete #21. sull

squat

append delete #22. 9876098

I'm reserving my name.

append delete #23. JJ

That was a close one, 9876098.

Reply

(Leave this as-is, it’s a trap!)

There is no need to “register”, just enter the same name + password of your choice every time.

Pro tip: Use markup to add links, quotes and more.

Your friendly neighbourhood moderators: Kroc, Impressed, Martijn