Any eagle-eyed reader may have noticed unusual bouts of downtime for Camen Design.
A few days ago, my site came down due to an exploit of some sort and I have been working with the hosts to resolve this. It could have been within some third party self-host, such as Fever or AWStats, or it could be within my own code, which would be much worse.
I don’t claim to be a security expert, I know that I have every possibility to make mistakes in my code, but on the whole I always have "don’t trust user input" emblazoned on my mind when I code and am at the least, not lax.
As I understand that all things are fallible, including my code, I never store anything of any importance on this site. All the code is open source in the first place and I have nothing to hide on here.
I’m going to take this opportunity to make a change to the forum which I was holding back because of compatibility with existing users. I have increased the strength of the hashing algorithm and salt, which means that all existing usernames on the forum are now open again.
*** IMPORTANT ***
Could anybody wanting to keep their name, especially mods (who have had their mod status removed for the moment) please reply in order to re-reserve your name. If you find anybody has taken your name, please just e-mail me at firstname.lastname@example.org for help.
If anybody could give any insight in the source of the exploit (if it happens to be within my code), I would be most grateful and will be willing to offer a bounty for info on the exact exploit used in this recent instance.