Hey all,
Feel free to consider this an official announcement about last week's forum issues.
Last week, the MacTalk website and forum were compromised by what appeared to by Syrian hackers, someone going by the name of "SeCuR!TY ** DR@G0N" who thought it he (or she, let's not be gender-specific here) would use MacTalk as a mouthpiece for all that's going on in Syria right now.
The attack was much more visible on the mobile site, where images and graphic videos were displayed in the place where my news would usually be. Interestingly enough, all that appeared on the desktop version of the forums and front page were a few bits of garbled text and some broken image links underneath the footer. If you want to see what it looked like, Pete put up an imgur gallery here.
After being alerted to the defaced mobile site early Thursday morning, MacTalk's web team worked to restore the site to an earlier backup from that morning. Unfortunately, the backup was also affected by the same attack, so more investigation was required. As a result, the MacTalk website and forum suffered some downtime throughout Thursday while the web guys worked on the problem.
It wasn't until early Friday morning that the attack was pin-pointed to begin late Wednesday night, which meant that restoring the 4am backup from the 10th would have fixed it. We did so, updated our vBulletin installation, and that appeared to be that. As far as I am aware, no passwords or other sensitive personal information were accessed in any way.
Unfortunately, restoring to an earlier backup also had other consequences: most notably, the loss of some content from the front page and a few forum threads and posts. If you've been wondering why you can't find a thread or post, this is probably why. It's gone :(
This honestly couldn't have come at a worse time: not only did my wrap-up of Apple's iPhone 5s and 5c event disappear, along with all the comments, but it also meant a few good threads were also lost (leon, I'm so, so, sorry about your iPhone pricing thread). Any time after an Apple event is insane for any website that does any Apple-related stuff, so you can imagine how much of a blow this was to us here at MacTalk. Not only that, but it was also on the eve of the MacTalk Live event, a thing in Melbourne I was invited to but had to decline due to prior commitments.
So, lessons learned? For one, back your stuff up — and then test your backups. You should already know this being Mac users, but backups are super, insanely, incredibly, important. It doesn't matter if your computer is only used for the occasional Pages document or Facebook browsing, or if you're publishing Apple-related news pieces every day — without a separate backup, I wouldn't have been able to put my Apple iPhone event summary back online. Without nightly backups, we wouldn't have been able to restore the site to when it was un-hacked, patch the vulnerabilities, and go from there.
Which brings us to the second lesson of the day: keep up to date. Look, I still haven't updated to Mountain Lion, and I know a few people that are still using The Old Skype. But you can be damn well sure I've installed every security update and OS update Apple has available for Lion. As it turns out, software has bugs. Unintended features that mean people from Syria can deface your website and forum. But the good news is, people find and fix those bugs, and then release them as updates. If you're not keeping your software up to date, you're letting people take advantage of those holes and rob you blind. It's like never going for your non-specific time-period dental checkup — no one LIKES going to the dentist, but would you rather your teeth all rot and fall out? Of course not. So go to the dentist, and keep your software up to date.
A big thanks to MacTalk's web team for sorting the issue, and also a thanks to anyone that let us know the website was in a bad way.
Stay safe out there, people.
Lastly: if you have any questions or need clarification on any matters relating to this incident, I'm happy to explain to the best of my ability here or in a PM :)