Why the Board Shut Down For 15 Minutes Tonight

[Bob Schroeck]

When I checked my email after getting home from work tonight I found a dozen messages sent to me by the board software at around 4 PM local time.  I won't go into detail, but it looks like someone tried to use a buffer overrun exploit to crack into the board.  I do not think they succeeded, although my downloaded backup of the board was unusually large, and when I'm done with other tasks I will be looking into its contents to see what made the size jump.

In any case, I was overdue on a MyBB software update, so I decided to do it right freaking now.  That was the 15 minute timeout.  I threw up a warning in a banner for 10 minutes and even locked the board before I started, but apparently someone still tried to use the forums as I upgraded; sorry about that.

[robkelk]

Oh, joy.

My first thought was "Good thing I use a unique password here"...

[Dartz]

I think that might've been me when it was offline.

OTOH I've forgotten what password I use here so if anyone has cracked it I'd appreciate if they let me know.

[Bob Schroeck]

And I've just trolled most of the way through the backup, which is one massive SQL file which recreates the entire board DB from scratch. Unzipped, it's a good 214 or so MB; amazingly (or maybe not) some 202MB of that are all the forum posts. I'm working my way through the last 11 MB of tables, and so far I haven't found anything that looks like someone dumped anything into any of the tables. I was concerned because for the last two years, the average backup size (when zipped) has slowly gone up from around 45 MB to about 53 MB -- and this backup came down and it was 120 MB. But everything looks right, both in the SQL and in the directory structure of the site itself... <shrug>

EDIT: Oh, and I gave my host a heads-up and at their request sent them an archive of all the error emails I got.