We're back!
What happened, you ask? A script kiddie from Moldavia used an undisclosed vulnerability in the tbsource code to steal our staff's cookies. With that, he posted a fake donation link and sent a few people private messages asking for money in his terrible English. He managed to get money from a few of our charitable members before we discovered the scam. He also sent the staff messages asking for "protection money, or else we will break your site every day."
The scammer's PayPal account was almost immediately limit locked, and most of you who donated got your money back. If there is anybody out there that still hasn't gotten refunded or resolved a PayPal or credit card dispute, please forward your PayPal confirmation email to asiandvdclub[at]gmail.com.
Why did it take so long?
I did not have time early in the week to look at the problem, so repairs only started in earnest on Thursday. A full code review takes time. We also used this opportunity to move to our new server, which entailed major software upgrades to nearly every service you can imagine. After we tweak things a bit, you will notice that the site is much more responsive than before when we were sharing an overloaded server with 2 other trackers.
Why did this happen AGAIN?!
Well, it's solely my fault for letting the code rot and not keeping a good eye on it. Last time I performed a security code review, I missed a lot of things. In our defense, the exploit used was pretty well-hidden and not publicly disclosed. This time I had the inestimable help of gfk and as a result we're in pretty good shape, we have layered defenses that will be harder to penetrate next time some mouth-breather come a-knocking.
________________________________________________________________________________
________________________________________________________________
There have been a ton of changes behind the scenes, and although we have been doing testing, some features of the site might not be working properly. If you find a problem, please do visit the forums and report a bug so we can get everything back to normal.
0 komentarze:
Post a Comment