Technical Difficulties

To all of our users: thanks for your extended patience.

Over the last couple of weeks, we have had a period of extensive hacking attempts, and the other day, these turned into successful exploits. As some of you may have noticed, the site has experienced regular, short bursts of downtime. Some of these were caused by host server maintenance, whilst others, such as the other day when you were greeted by a blank screen upon login to the forum, were caused by hackers.

The Blank Screen incident

Hackers managed to exploit a weakness in an existing module (the Theme Editor), and insert a line of code which effectively cut off the database connection when any page on the site was accessed. We couldn’t work out what was causing the ‘whiteouts’ at first, and after an entire reinstall, we pinpointed it down to the theme, as only some users were affected.

If you use the Theme Editor on your NovaBoard installation, please, for your own security, remove it until an update has been issued.

The 500 Internal Error incident

Hackers made attempts to bypass existing security measures, and succeeded in accessing directory listings. Whether this was from an FTP connection, or whether it was from another exploit, we simply don’t know, as the logs aren’t detailed enough. However, once they had secured access, they cleaned the contents of the directory where the forum was hosted, resulting in data loss.

Now, we did realise this fairly soon, and I began a support session with a technician at the hosting company. He assured me that he could restore an at worse case 48 hours old backup to the forum directory. Unfortunately, this was not the case. He restored a backup made weeks ago onto the entire server, resulting in a total mess of the directories. Now, I must stress, the hosting company is a fantastic one, and I use them for all my hosting needs, this is the first case of something like this happening. In a way, it’s helped highlight how much crap there was on the server, so, we’ve wiped it and started again (of course, this was after making multiple backups!!!)

What’s happening now?

Over the next few days, we’re rebuilding the site in a more efficient and secure fashion. You may already notice the new theme on the homepage, and we’re utilising the WordPress platform to provide you with more insight into the development process. Please, sign up and subscribe to receive the latest updates on the project!

You may experience 404 (not found) errors and other downtime period during the course of this rebuild period – please don’t be put off by this. All the project code and downloads are hosted on Google’s servers, and even if this site was to suffer a massive loss of data, and everything was somehow nuked off, the downloads will still, always be available at the Google Code project site - http://code.google.com/p/novaboard

Thanks for reading this post, and we hope to see you back here soon. If you ever need to get in touch with someone, whatever the reason, send an email to james@novaboard.net

James Milligan
Project Manager
NovaBoard