I know the site has been down for a few days...what happened Martin?
~~NGD

I was curious too, nice to have it back up though.

Bryan

Monday evening I noticed something was wrong, my mail box was receiving returned mails, reason being the receiver was unknown. By the time I discovered it I had received 400 or so mails, but the total number went as high as 3000 during the evening. No, I hadn't sent 3000 mails :-)

It turned out that the mails were sent from my Parodius Network (nesworld) account which made it even stranger as I never use that account for mail and have a forwarder to my regularly used account at a danish internet provider.

So I contacted Jeremy who runs the Parodius Network and it turned out that around 18000 mails had been sent from my account. We decided to shut down the site immediately and Jeremy went to investigate the logs.

It turns out that a hacker had discovered an exploit in a PHP script of mine and had used it to install some tools to send spam mails among other things.

At first I was a bit shocked to see the attack and as we didn't know how it had happened, I told Jeremy to just leave the site dead, but I guess he refused :-)

He found the exploited PHP and helped out a lot to get the site back on track. It took me a few days to clean up the rest of the PHPs for possible exploits and Thursday we were finally able to bring the site back online.

I never should've "left" the plain HTML days, then this never would have happened  :-)

Yes indeed, anyways glad it's up again.

spam bitches >:(

Thanks for the update Martin.  I was getting worried the site was going to be lost forever.  
~~NGD

So if Jeremy didn't fixed the site and cleaned things up you would of left the site for dead?
dead as: no new site but gone forever.

Dutch nes gamer wrote on 14. Feb 2009 at 10:36:

So if Jeremy didn't fixed the site and cleaned things up you would of left the site for dead? dead as: no new site but gone forever.

Yes, that was my first reaction to the attack.

Keep in mind that we had no idea of how they "got in" at that time and I wasn't (still isn't) prepared for a full rewrite of the site, it's just too much work.

Dutch nes gamer wrote on 14. Feb 2009 at 10:36:

So if Jeremy didn't fixed the site and cleaned things up you would of left the site for dead? dead as: no new site but gone forever.

I'm Jeremy.  :P  I should clarify something: I didn't "fix the site" -- Martin actually fixed the site.  I wasn't going to "turn NESWORLD back on" until the security holes in the PHP code got fixed -- I simply cannot risk a recurrence of what happened (I'm surprised many DNSBLs haven't blacklisted us from sending Email as a result of what happened).

Martin chose to clean up his PHP as a result of a security analysis I did -- once the code was fixed, I was more than happy to re-enable the site.

Hope this helps shed some light on how/why the site "came back".