Welcome, Guest. Please Login or Register
To the NESWORLD news page
  This forum is no longer active and actually hasn't been for years. It serves as an archive of what happened "back then" and nothing more. You may be able to register and post, or you may not... and should you encounter any problems then I am really sorry but I am not able to provide any sort of support.
  HomeHelpSearchLoginRegisterAwards  
 
Page Index Toggle Pages: 1
Send Topic Print
Where has the site been? (Read 4869 times)
NationalGameDepot
God Member
*****

Offline



The NGD Game List v3.0
is DONE!!

Posts: 3976
Knoxville, TN USA

Gender: male
Where has the site been?
13. Feb 2009 at 02:38
 
I know the site has been down for a few days...what happened Martin?
~~NGD
Back to top
 

...~~NationalGameDepot...
WWW NationalGameDepot NationalGameDepot jbsmildew2003 nationgamesdepot  
IP Logged
 
justabum
God Member
*****

Offline




Posts: 522
Midwest

Gender: male
Re: Where has the site been?
Reply #1 - 13. Feb 2009 at 03:08
 
I was curious too, nice to have it back up though.

Bryan
Back to top
 

If consequenses dictate your course of action, then it doesn't matter what is right, it's only wrong if you get caught.  -maynard james keenan
essissence  
IP Logged
 
Martin
YaBB Administrator
*****

Offline




Posts: 2434
Denmark

Gender: male
Re: Where has the site been?
Reply #2 - 13. Feb 2009 at 11:17
 
Monday evening I noticed something was wrong, my mail box was receiving returned mails, reason being the receiver was unknown. By the time I discovered it I had received 400 or so mails, but the total number went as high as 3000 during the evening. No, I hadn't sent 3000 mails Smiley

It turned out that the mails were sent from my Parodius Network (nesworld) account which made it even stranger as I never use that account for mail and have a forwarder to my regularly used account at a danish internet provider.

So I contacted Jeremy who runs the Parodius Network and it turned out that around 18000 mails had been sent from my account. We decided to shut down the site immediately and Jeremy went to investigate the logs.

It turns out that a hacker had discovered an exploit in a PHP script of mine and had used it to install some tools to send spam mails among other things.

At first I was a bit shocked to see the attack and as we didn't know how it had happened, I told Jeremy to just leave the site dead, but I guess he refused Smiley

He found the exploited PHP and helped out a lot to get the site back on track. It took me a few days to clean up the rest of the PHPs for possible exploits and Thursday we were finally able to bring the site back online.

I never should've "left" the plain HTML days, then this never would have happened  Smiley
Back to top
« Last Edit: 13. Feb 2009 at 11:23 by Martin »  

Seen on #NESWORLD (on efnet)...
[Ace`] i like my HES cases to have arse prints on them
WWW 46415786  
IP Logged
 
NESaholic
God Member
*****

Offline



Obscurist maximus

Posts: 2450
The Netherlands

Gender: male
Re: Where has the site been?
Reply #3 - 13. Feb 2009 at 11:37
 
Yes indeed, anyways glad it's up again.
Back to top
 
NESaholic NeSaHoLiC  
IP Logged
 
Dutch nes gamer
God Member
*****

Offline




Posts: 598
holland

Gender: male
Re: Where has the site been?
Reply #4 - 13. Feb 2009 at 13:19
 
spam bitches Angry
Back to top
 
 
IP Logged
 
NationalGameDepot
God Member
*****

Offline



The NGD Game List v3.0
is DONE!!

Posts: 3976
Knoxville, TN USA

Gender: male
Re: Where has the site been?
Reply #5 - 13. Feb 2009 at 13:40
 
Thanks for the update Martin.  I was getting worried the site was going to be lost forever. 
~~NGD
Back to top
 

...~~NationalGameDepot...
WWW NationalGameDepot NationalGameDepot jbsmildew2003 nationgamesdepot  
IP Logged
 
Dutch nes gamer
God Member
*****

Offline




Posts: 598
holland

Gender: male
Re: Where has the site been?
Reply #6 - 14. Feb 2009 at 10:36
 
So if Jeremy didn't fixed the site and cleaned things up you would of left the site for dead?
dead as: no new site but gone forever.
Back to top
 
 
IP Logged
 
Martin
YaBB Administrator
*****

Offline




Posts: 2434
Denmark

Gender: male
Re: Where has the site been?
Reply #7 - 14. Feb 2009 at 14:09
 
Dutch nes gamer wrote on 14. Feb 2009 at 10:36:
So if Jeremy didn't fixed the site and cleaned things up you would of left the site for dead?
dead as: no new site but gone forever.


Yes, that was my first reaction to the attack.

Keep in mind that we had no idea of how they "got in" at that time and I wasn't (still isn't) prepared for a full rewrite of the site, it's just too much work.
Back to top
« Last Edit: 15. Feb 2009 at 09:53 by Martin »  

Seen on #NESWORLD (on efnet)...
[Ace`] i like my HES cases to have arse prints on them
WWW 46415786  
IP Logged
 
jdc
Forum Newbie
*

Offline




Posts: 14
Mountain View, CA

Gender: male
Re: Where has the site been?
Reply #8 - 14. Feb 2009 at 21:38
 
Dutch nes gamer wrote on 14. Feb 2009 at 10:36:
So if Jeremy didn't fixed the site and cleaned things up you would of left the site for dead?
dead as: no new site but gone forever.


I'm Jeremy.  Tongue  I should clarify something: I didn't "fix the site" -- Martin actually fixed the site.  I wasn't going to "turn NESWORLD back on" until the security holes in the PHP code got fixed -- I simply cannot risk a recurrence of what happened (I'm surprised many DNSBLs haven't blacklisted us from sending Email as a result of what happened).

Martin chose to clean up his PHP as a result of a security analysis I did -- once the code was fixed, I was more than happy to re-enable the site.

Hope this helps shed some light on how/why the site "came back".
Back to top
 
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send Topic Print