We're back!

[David]

We've been working hard the past week to bring the site back, everything seems to be in order now so here it is. 

 

If you missed the email/facebook/tweet/reddit/word of mouth for whatever reason you should know our database was compromised. You should reset your password here and elsewhere if it's the same. 

[Dai-San]

Great to see you back, always hard work after this kinda thing.

 

Repositories aren't working though, just a heads up.

[Guest]

It's good to have the forums back up. 

[B4rtlbi3]

God bless you guys!

 

Any Idea why this happened? 

[Amentes]

Respect for all of the fellas who have been working hard to save the situation.

[fir_nev]

@PiranhA talked to me about some actions to be taken. Hope we can squeeze 'em dry!!!

 

Test.. Test.. Hello... Issit me you're looking for?

[Steevo]

Great too see everything is back up and working, thanks for the hard work!

[Quality Crafted]

Awesome! Great to hear that everything is back online and thank you ^^.

 

Just to add something I found: adding images is broken I was trying to get a profile picture

[Minipily]

Aaaaand im in hospital and shit.

 

Must be my withdrawal from Ahoy, I shall sue.

[TheScar]

good to see the page back up - really appreciate the work

After all this is the only forum i post in ... "officially"

You rock!

 

 

 

but nxt time

...

 

 

 

[Chuck]

God bless you guys!

 

Any Idea why this happened? 

Unfortunately someone hacked into our database and stole some user information. The reason it has been down for so long is, Muckduck has been busy closing all the security flaws so this hopefully doesn't happen again.

Sent from my hamster that lives in my motherboard box

[Yarys]

good job ! well done !

[Nyos]

Thanks guy for all your hard work getting the site back and functioning. 

[Max]

for the love of god tell me you don't store user info in plaintext

[Auntystatic]

The user info on forums is all encrypted, but that is not to say that it can not eventually be broken, that's why its best to ask for a password reset when you next login, like everyone else here thanks for the hard work guys.

[Grezvany13]

Question: Is it possible to get a more detailed statement about what happened?

 

• What happened?
  • Exploit in software (and could it be prevented by an official update)
  • Hack into the server (and could it be prevented by server admin / hosting company)
  • Abuse of admin account (and was the admin called "admin" with password "admin")
• Could it have been prevented?
  • By the team who maintains the website (update, server config, admin credentials)
  • Or was it a day-one attack without any known fixes
• What is done to fix it?
• What is done to prevent it in the future?
• What will be done in the future to prevent it from happening again?
• Who was/were responsible?
  • At AW side (simply "we as AW" is an acceptable answer)
  • the thrid party who "got in" (if known)

These are some questions which I always answer in case something happened, even without asking, so I'm surprised that we don't have these yet.

I'm aware that not all questions can be answered directly, a a bit more information than "shit happened but we're back" is too little.

 

 

Background: I've been working in web development for over 10 years now, and unfortunatally had issues like this as well. And I've learned that the most important thing is to stay transparent to clients/users/etc. and take your losses, even when it's not visible to them (which in this case did happen).

 

[zissou]

Obviously the details of the hack will not be made public so we are unable to answer detailed questions. But I will attempt to answer things more generally. 

 

Could it have been prevented?  

Not at the time, and not reasonably by the admin team.

 

What is done to fix it?

The vulnerability exploited has been closed.

 

What is being done to prevent it happening again?

What will be done in the future to prevent it from happening again?

Everything possible, remember it was staff as much as members who were the victims and it's in our best interest that this doesn't happen again so rest assured that we are doing everything we can to avoid a repeat.

 

That's about as much info as we're comfortable releasing at the moment.

 

While I know this answer is far from complete you will understand our reluctance to divulge too much and again remember this was a hack that affected us all.

 

We hope you understand and thank you for your patience during this trying time.

[Auntystatic]

I've just tried to look at the homepage to check the game trackers and the url sent me straight to the forums http://www.ahoyworld.net/

 

Home page is back, but it is going to the https:// version which does not have the game trackers on it.

[Max]

On 8/26/2016 at 6:18 PM, Chuck Norris said:

 stole some user information.

 

4 hours ago, zissou said:

-

 

do you know exactly what they stole, or just that they definitely took some data? 

 

4 hours ago, Auntystatic said:

I've just tried to look at the homepage to check the game trackers and the url sent me straight to the forums http://www.ahoyworld.net/

 

Home page is back, but it is going to the https:// version which does not have the game trackers on it.

 

This would be due to recent browser's security settings requiring that all content on a page sent via https is also sent via https, and the trackers are either not available via https or they're not linked to https in the page

 

edit: I think. i am by no means an expert.

edit 2: http://i.imgur.com/DuO2VH6.jpg

[Munic]

Yeah, at Last ,at Last??

Good Job. 

Can anyone Tell me why i so not See my Member Tag on the ahoyworld Server anymore? But on ohterServers i do.

[Jason.]

@Munic

It was explained here:

https://forums.ahoyworld.net/topic/3737-new-squadxml-server/

Quote

The squad XML is currently down for maintenance,  we were simply transferring the tags onto a new server which has unfortunately caused intermittent problems.  We are currently working on it and hope to have it solved very soon, I will announce once its up and running fully.

FYI it has nothing to do with recent events.

- Mark T

 

[Munic]

Thanks

 

[DakimDragco]

Good that the site is back, did change my Pass just incase again. Been out of the game for a while but its still good to know this place is up again after the hack.

[Jagermeister]

It's amazing to see the forums back, thanks to everyone who helped and took their spare time to fix this issue.. I hope nothing bad happens again. Respect!