Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: Casino Crush hacked

[bsa_pro_ad_space id=2]
#756679
Anonymous
Inactive

Hi there all,

Thanks for posting about this Dominique, and I can confirm yes we were hacked today unfortunately.

Obviously it’s never good to be hacked, but luckily one of my admins called me straight away and they had about 20 mins (for me to get back from the dinner I was having with friends at the time), to delete our admins, and a few other members that were online at the time.

Fortunately because of the limited time, the damage appears to be minimal and user accounts were restored from a recent backup (not as recent as I’d like but well that’s something now taken care of in case of a repeat).

As for worries about passwords, I don’t believe it is possible for a hacker to see a users password (it is not even shown in the Administration screens – it can only ever be reset), and in User Profile screens – likewise (and then the current password must be entered by the member in order to complete a password change). The passwords (as AFC says above – md5 encrypted when stored in the database).

Without giving away too much in case the hacker happens to be a CAP member – I have put in place a few things to try and reduce the possibility of this happening again but I guess people with nothing better to do may eventually find some other way of getting in.

Just in case anyone does get their phpbb hacked, I have created some ‘recovery scripts’ which will enable recovery from backed-up tables to the current database tables if anyone would like them – just let me know and I’ll gladly forward them with some instructions that I’ll make up in time. If this is something you would like (note it is only for phpbb version 2.x.x powered forums) – then please drop me a PM and I’ll get to it when I can.

Best regards always everyone,

Thanks,
Geno/CC