Drunkard's Walk Forums

When I checked my email after getting home from work tonight I found a dozen messages sent to me by the board software at around 4 PM local time.  I won't go into detail, but it looks like someone tried to use a buffer overrun exploit to crack into the board.  I do not think they succeeded, although my downloaded backup of the board was unusually large, and when I'm done with other tasks I will be looking into its contents to see what made the size jump.

In any case, I was overdue on a MyBB software update, so I decided to do it right freaking now.  That was the 15 minute timeout.  I threw up a warning in a banner for 10 minutes and even locked the board before I started, but apparently someone still tried to use the forums as I upgraded; sorry about that.

Oh, joy.

My first thought was "Good thing I use a unique password here"...

I think that might've been me when it was offline.

OTOH I've forgotten what password I use here so if anyone has cracked it I'd appreciate if they let me know.

And I've just trolled most of the way through the backup, which is one massive SQL file which recreates the entire board DB from scratch. Unzipped, it's a good 214 or so MB; amazingly (or maybe not) some 202MB of that are all the forum posts. I'm working my way through the last 11 MB of tables, and so far I haven't found anything that looks like someone dumped anything into any of the tables. I was concerned because for the last two years, the average backup size (when zipped) has slowly gone up from around 45 MB to about 53 MB -- and this backup came down and it was 120 MB. But everything looks right, both in the SQL and in the directory structure of the site itself... <shrug>

EDIT: Oh, and I gave my host a heads-up and at their request sent them an archive of all the error emails I got.