Finally back up. Spent some time souring the database and code for any other oddities the hacker introduced. Anywayz, here's what the notti boy/girl did...

- Changed "Discussion on Dramas" forum title and description into a floating HTML segment, which is the "hacked" message that some of you saw.

- Added an admin user called subzero.

- Set number of topics per page to 0, hence you get divide by zero errors and no topics in the forums nor inbox.

- Messed up some of the forum permissions to ADMIN only.. duh.. itchy fingers.

The above have been fixed. If more damage was done.. (hope not!) someone please point it out to me.

And, yes, the exploit was probably the "==" to "===" comparison code which gives the user admin access. Luckily, nothing much could be done via the admin panel. I've patched the forum to 2.0.13 manually. Hope all goes fine now! I'm gonna subscribe to whatever darn mailing list phpbb has for such updates..
_________________

Forgot one important note...

Welcome back to JDorama.com everyone!
_________________

Hey Genma, looks like some of the Artiste threads are hosed: I can post in the thread, but I get the "No posts exist for this topic" message.

Thank you and big thanks to you for all your work.

I'm experiencing that problem as well.

thank god its semi back to normal

any one try going on the irc channel?

irc.webchat.org:6666
#fontzone

*edit

* Now talking in #fontzone
* Topic is 'Try to find download fix in www.phpbb.com for fix your bug.'
* Set by mAtRiX` on Wed Mar 16 21:19:29

Theres some dude there named matrix

found out from the screen shots that takez0 took
http://www.d-addicts.com/forum/viewtopic.php?t=14457&postdays=0&postorder=asc&start=15

you could go in there and take a whois of the guy and get his ip

crap i wasnt logged in lol

welcome back jdorama~! gemna..........

Genma wrote:

Forgot one important note... Welcome back to JDorama.com everyone!

Good work, Genma. Otsukare!

Some of the threads look wacky where the last few pages are missing as several user accounts had been deleted. I've created dummy user accounts (dummyuser1, dummyuser2, etc) in their place so that the threads will look abit more normal.
_________________

Anonymous wrote:

any one try going on the irc channel? irc.webchat.org:6666 #fontzone *edit * Now talking in #fontzone * Topic is 'Try to find download fix in www.phpbb.com for fix your bug.' * Set by mAtRiX` on Wed Mar 16 21:19:29 Theres some dude there named matrix found out from the screen shots that takez0 took http://www.d-addicts.com/forum/viewtopic.php?t=14457&postdays=0&postorder=asc&start=15 you could go in there and take a whois of the guy and get his ip

are you guys planning to check it out? he/she might set up a virus trap whoever sets on foot in there

MixxDreamer wrote:

are you guys planning to check it out? he/she might set up a virus trap whoever sets on foot in there

The channel is probably password protected anyway if they were smart.

Did anyone else notice that there's a slight rate limit on posting? Genma, could this be to prevent another DoS attack or is it a an added feature in the newest patch for phpBB?

eightysix wrote:

Did anyone else notice that there's a slight rate limit on posting? Genma, could this be to prevent another DoS attack or is it a an added feature in the newest patch for phpBB?

Rate limit??

bmwracer wrote:

Rate limit??

I wanted to edit a post right after I posted, and it gave me an error page saying that I can post immediately after I just posted. It's never happened to me before the site got upgraded.

eightysix wrote:

I wanted to edit a post right after I posted, and it gave me an error page saying that I can post immediately after I just posted. It's never happened to me before the site got upgraded.

I've had that happen to me in the past, but thought it was just a normal occurence...

bmwracer wrote:

I've had that happen to me in the past, but thought it was just a normal occurence...

I'd try, but it might be seen as spam.

eightysix wrote:

Did anyone else notice that there's a slight rate limit on posting? Genma, could this be to prevent another DoS attack or is it a an added feature in the newest patch for phpBB?

I've added a restriction to disallow posts within 30s in succession. Not because of the patch, just a setting. Is there a big compromise in convenience there? Let me know.

This isn't for curbing DoS attacks, as DoS can send anything to the server and still prove effective. Just to prevent jokers from intentional flooding.
_________________

@_@ <--- webmaster?

Ok, profile updates are not fixed. Try to see if there're other problems...
_________________

Genma wrote:

I've added a restriction to disallow posts within 30s in succession. Not because of the patch, just a setting. Is there a big compromise in convenience there? Let me know.

No, not really. It's just me being curious. I hadn't seen it before so I was like, huh.

Genma~~ They are working again! Thank you so very much.