# Hack and aftermath



## GuitarsCanada (Dec 30, 2005)

OK boys, its been hell and I do mean hell. 10 years of my life passed before me the last few days. Bare with me I have literally weeks of work here to do to get us back to where we were and there may be some things we never get back. I will monitor the pages and pick up the errors and repair them as we go. For the first few days we will encounter lots of errors so be patient.

We were attacked by a group out of Syria, this was confirmed by our providers. We have blocked that particular IP but we may not be totally safe yet. I have lots of work to do in that area as well. 

Hang in there with me. I will be at it all day and night


----------



## zontar (Oct 25, 2007)

Thanks....


----------



## mhammer (Nov 30, 2007)

So, are we supposed to live in fear of every nation with colleges that offer Cisco certification courses now?

Jeez, hard enough trying to hold the reins on a bunch of mouthy reprobates like all of us, let alone trying to defend our pithy comments from outside interference.

My sympathies, and deepest respect, bro. We'll live. Just make sure YOU stay healthy, and don't lose sleep on our account.


----------



## -ST- (Feb 2, 2008)

Hi Scott,

Good to hear from you and to be back here again.

Please let us know if there's anything we can do to help (e.g. testing and error reporting) or ... The big Kahuna thing.


----------



## marcos (Jan 13, 2009)

Thank you Scott. Freekin hackers.


----------



## sulphur (Jun 2, 2011)

Thanks for your efforts Scott!


----------



## bw66 (Dec 17, 2009)

Thanks, Scott!

Take your time, we'll get by.


----------



## GuitarsCanada (Dec 30, 2005)

Be advised that anything after the 13th is gone. That includes new members, posts or anything that was put up here. We cannot recover that. I will sort through any of the subscriptions that were taken out by new members between the 13th and today


----------



## Spike (May 31, 2008)

I just tried to reply with quote to bw66 but it didn't work. My sentiments exactly though - Thanks & take your time. 
Very glad to see the site up and running again. The whole ordeal must have caused you a lot of stress. 
I for one will be patient if it takes some time to get back to where we were. I wouldn't want you breaking your back on our account.


----------



## GuitarsCanada (Dec 30, 2005)

Spike said:


> I just tried to reply with quote to bw66 but it didn't work. My sentiments exactly though - Thanks & take your time.
> Very glad to see the site up and running again. The whole ordeal must have caused you a lot of stress.
> I for one will be patient if it takes some time to get back to where we were. I wouldn't want you breaking your back on our account.


Testing this quote feature


----------



## mrmatt1972 (Apr 3, 2008)

Thanks for working so hard to get it back. Strange this would be a target isn't it?


----------



## greco (Jul 15, 2007)

Is there anything we (as GC members) can do to help?

Many thanks again for all that you are doing and for all that you have had to do recently.

Cheers

Dave


----------



## Jim DaddyO (Mar 20, 2009)

Thanks Scott, good to see you are back. How is the coffee supply holding out?


----------



## GuitarsCanada (Dec 30, 2005)

greco said:


> Is there anything we (as GC members) can do to help?
> 
> Many thanks again for all that you are doing and for all that you have had to do recently.
> 
> ...


Probably nothing at this point. Once I get all these main issues resolved I will probably ask for input on any small errors etc. But I have lots to do right now on the totally screwed up stuff. It's going to take time, no way around it. But getting back the database was the main thing. To be very honest if that database could not be restored I most likely would have just let it go. No way I want to start all over again from scratch.


----------



## Stratin2traynor (Sep 27, 2006)

Thanks for all of your efforts. I can't believe these hackers choose our site! Damn them to hell!!

I'm glad to see the site back up. I wasn't expecting it to be up this soon. Nice work!


----------



## davetcan (Feb 27, 2006)

Outside of financial help is there anything else we can do to make it easier to keep this place secure? I've no idea what 




GuitarsCanada said:


> Probably nothing at this point. Once I get all these main issues resolved I will probably ask for input on any small errors etc. But I have lots to do right now on the totally screwed up stuff. It's going to take time, no way around it. But getting back the database was the main thing. To be very honest if that database could not be restored I most likely would have just let it go. No way I want to start all over again from scratch.


----------



## Guitar101 (Jan 19, 2011)

I just upgraded my membership from Supporting Member to Gold. My way of saying thanks for all your hard work. It's not much but it's something.


----------



## GuitarsCanada (Dec 30, 2005)

davetcan said:


> Outside of financial help is there anything else we can do to make it easier to keep this place secure? I've no idea what


Not sure Dave. This one was tricky. They got in through an exploit in the software and created several admin accounts, from there they got into the code. There were several vb sites hit, at least 10 that I know of. I am not aware of any that had all the files deleted like we did. Most just published notices and announcements using the admin system. For some reason these cowards chose to delete everything in the system. That's why its going to take a lot of work. All we got back here is the vb system, all the little hacks and modifications I have done over the years are gone.


----------



## soldierscry (Jan 20, 2008)

Just wondering how big the database is? Is it possible to do some off site backups twice a month to help with any future hacks? I would offer my hard drive space for this.


----------



## Intrepid (Oct 9, 2008)

Whoa, now that sucks. I echo everyone else's comments. Take your time as we are a very patient and cordial group. If there is anything the membership can do (or myself personally) including some funding, please let us know. Btw, at the time we got hacked I had 48,000 points so you can now put me back in my original position. LOL.


----------



## GuitarsCanada (Dec 30, 2005)

soldierscry said:


> Just wondering how big the database is? Is it possible to do some off site backups twice a month to help with any future hacks? I would offer my hard drive space for this.


They are gzip files, but this one is getting big. 1.3 gig now and growing


----------



## TWRC (Apr 22, 2011)

That's some hard work and dedication right there! Thank you Scott for bringing this top notch forum / community back online!


----------



## soldierscry (Jan 20, 2008)

That's not too bad. My offer stands I would be will to download a copy of the database twice a month and store it in case this happens again. Let me know if you're interested.

I'm on the east coast. If we can get someone in central and western Canada to do the same thing ( on different dates). It would really help if this or any other issue happens to the website again.


----------



## greco (Jul 15, 2007)

Guitar101 said:


> *I just upgraded my membership from Supporting Member to Gold.* My way of saying thanks for all your hard work. It's not much but it's something.


Scott...is the membership subscription part of the GC forum functioning OK now?

I'd like to do the same as Guitar101 as it seems like an easy way to be of some help.

Cheers

Dave


----------



## davetcan (Feb 27, 2006)

Looks like we lost about a week and halfs worth of data so my feedback score should likely be up around 200 by now :food-smiley-004: 



Intrepid said:


> Whoa, now that sucks. I echo everyone else's comments. Take your time as we are a very patient and cordial group. If there is anything the membership can do (or myself personally) including some funding, please let us know. Btw, at the time we got hacked I had 48,000 points so you can now put me back in my original position. LOL.


----------



## bluesguitar1972 (Jul 16, 2011)

Hey, happy to see it up and running again. Sorry you lost some of your hard work, but still, it's good to see it up and running again. Thanks!
Derrick


----------



## Rumble_b (Feb 14, 2006)

Very glad the site is back. If it was gone forever of course I wouldn't be happy but I would understand. Don't work to hard Scott, and thanks for saving the site.


----------



## GuitarsCanada (Dec 30, 2005)

greco said:


> Scott...is the membership subscription part of the GC forum functioning OK now?
> 
> I'd like to do the same as Guitar101 as it seems like an easy way to be of some help.
> 
> ...


Yes, its functioning fine. But don't feel obligated to send any cash. Shit happens. BTW no fears on any financial data being compromised over this. The subs are all handled via PayPal and no financial data is ever stored here


----------



## GuitarsCanada (Dec 30, 2005)

Not sure what to do about the avatars, looks like they are gone. If some of you want to see if you can upload a new one and let me know if that works


----------



## -ST- (Feb 2, 2008)

Hi Scott,

Can you see my avatar?

(used the option to link to it).


----------



## Mooh (Mar 7, 2007)

Thanks Scott!

Peace, Mooh.


----------



## fredyfreeloader (Dec 11, 2010)

intrepid said:


> whoa, now that sucks. I echo everyone else's comments. Take your time as we are a very patient and cordial group. If there is anything the membership can do (or myself personally) including some funding, please let us know. Btw, at the time we got hacked i had 48,000 points so you can now put me back in my original position. Lol.


yeah and your full of bs and i don't mean brown sugar either. Lol


----------



## bluzfish (Mar 12, 2011)

No soup for YOU!!!!!


----------



## Hamstrung (Sep 21, 2007)

That was a tough couple of days for sure I have no doubt. Sorry it happened to you Scott. You do a great job providing this place and it was missed for short time it was down (though it didn't feel short!)


----------



## Guitar101 (Jan 19, 2011)

greco said:


> I'd like to do the same as Guitar101 as it seems like an easy way to be of some help.
> Cheers
> Dave


Along with trying to help in my small way Greco, I also had an ulterior motive. I want to be able to upload pics directly to GC.


----------



## Intrepid (Oct 9, 2008)

fredyfreeloader said:


> yeah and your full of bs and i don't mean brown sugar either. Lol


Okay, okay, maybe we're not all that cordial.


----------



## dodgechargerfan (Mar 22, 2006)

GuitarsCanada said:


> Not sure Dave. This one was tricky. They got in through an exploit in the software and created several admin accounts, from there they got into the code. There were several vb sites hit, at least 10 that I know of. I am not aware of any that had all the files deleted like we did. Most just published notices and announcements using the admin system. For some reason these cowards chose to delete everything in the system. That's why its going to take a lot of work. All we got back here is the vb system, all the little hacks and modifications I have done over the years are gone.


Jeez!

As a vB owner myself, this is scary stuff.
I downloaded a backup of my site the moment I understood what went on here.
My host keeps backups too, but they don't guarantee them.

I hate that this happened, but I'm glad things are back up and running.
Good work and thanks!!


----------



## dodgechargerfan (Mar 22, 2006)

GuitarsCanada said:


> Not sure what to do about the avatars, looks like they are gone. If some of you want to see if you can upload a new one and let me know if that works


Yeah, if they were stored in the file system and got deleted, they're gone unless there's a backup.

My stomach is churning just thinking about what you're going through....and what I'd do in the same situation.


----------



## urko99 (Mar 30, 2009)

Thanks for the update and all the hard work your going through to get us back on line. If there is anything I can do to help this great forum, let me know...John


----------



## Ship of fools (Nov 17, 2007)

So this must be a backup if you can't get anything from the 13th onwards, I know you said Syria but I have to wonder if they might have expolited something from vbulletin. We know that they have many backdoors that allow entry in case they are ever blocked by an attack ( which would make more sense ) I can only imagine how fustrating it must have been Scott, even re-loading an older back up takes crap loads of work to set it all out especially after the recent updates and all.
ship is happy againoh and its my birthday which I guess was lost also, so a happy day I did have. My grand kids calle dand did a rap birthday for me along with beat bops, trey coool


----------



## GUInessTARS (Dec 28, 2007)

Glad the site is back up, 
I am not very computer literate, I can't imagine the time and effort that must have gone into the building and rebuilding of all that data.
I appreciate the effort and brains.
When you get this train back on the rails, could you help me make my VCR stop blinking 12:00?
-Another Dave

- - - Updated - - -

Glad to see the site is back up, 
I am not very computer literate, I can't imagine the time and effort that must have gone into the building and rebuilding of all that data.
I appreciate the effort and brains.
When you get this train back on the rails, could you help me make my VCR stop blinking 12:00?
-Another Dave


----------



## Intrepid (Oct 9, 2008)

GUInessTARS said:


> Glad the site is back up,
> I am not very computer literate, I can't imagine the time and effort that must have gone into the building and rebuilding of all that data.
> I appreciate the effort and brains.
> When you get this train back on the rails, could you help me make my VCR stop blinking 12:00?
> ...


That's a great post.
That's a great post.
That's a great post.
That's a great post.
That's a great post.



Oh Oh, I guess a few more bugs to iron out.


----------



## Rex Lannegan (Mar 2, 2006)

Great job getting the site back up so quickly!


----------



## Robert1950 (Jan 21, 2006)

*bloody assad syrians !!!*


----------



## ElectricMojo (May 19, 2011)

You have all my respect, that must have been one stressful couple of days. Take your time. Thanks for all your work.


----------



## Lincoln (Jun 2, 2008)

Really glad and relieved to see GC back up and running again! I was afraid it was the end. With 10 years worth of your hard work gone in a heart beat it would have been so easy for you to say "screw it, I'll take up kniting". (or drinking)

Why this site?? What could be more lovable and harmless than a group of Canadian guitar players?


"you don't know what you've got until it's gone"


----------



## Chito (Feb 17, 2006)

Good job Scott! I can just imagine all the work that needed to be done. A big thank you to you, the work you're doing here is greatly appreciated.


----------



## Milkman (Feb 2, 2006)

What possible reason would a hacker out of Syria have to F#%k with a Canadian guitar site?


Did one of our political threads rub someone the wrong way?

I figured it's been a shitty few days Scott. Hang in there.


----------



## dodgechargerfan (Mar 22, 2006)

dodgechargerfan said:


> Yeah, if they were stored in the file system and got deleted, they're gone unless there's a backup.


They seem to be coming back. So, good stuff.

Mine is back and I didn't upload it again.


----------



## bw66 (Dec 17, 2009)

dodgechargerfan said:


> Mine is back and I didn't upload it again.


I don't see it.

I had to re-upload mine.


----------



## Tarbender (Apr 7, 2006)

Very happy it's back. Good work Scott.


----------



## bolero (Oct 11, 2006)

wow, nice work getting it back up


how did they get in? they must have just shotgun blasted a whole slew of random IP's & brute forced the password to the site?

I cant see them deliberately targeting a guitar forum


----------



## keto (May 23, 2006)

dodgechargerfan said:


> They seem to be coming back. So, good stuff.
> 
> Mine is back and I didn't upload it again.


I don't see it either. Might just be your cache.


----------



## cheezyridr (Jun 8, 2009)

thanks for all you do scott. this place is a canadian institution, an important part of the internet. imo, canada should designate it a national...thing of some sort? i re-upped on my scrip to show my appreciation for all the hard work from those involved. 
my people will sing songs of your bravery to the spirits around our fire


----------



## Mooh (Mar 7, 2007)

Scott,

I find it interesting that while you seem to be an internet forum God, omniscient, omnipotent, omnipresent, you still haven't figured out when to toss in the towel. 

Man, I would have chosen despair and defeat before choosing to resurrect the site, no matter how much we worship the place.

Bless you.

(Sorry for the religious analogies, I know it's not your thing, but it's Sunday morning don'tchaknow. I'm just trying to tell you you've been fucking awesome about all this.)

Peace, Mooh.


----------



## dodgechargerfan (Mar 22, 2006)

bolero said:


> wow, nice work getting it back up
> 
> 
> how did they get in? they must have just shotgun blasted a whole slew of random IP's & brute forced the password to the site?
> ...


I'm guessing a few search strings on google indicated that this site runs on vBulletin software. Then they just exploited a weakness in the software.

I'm working hard to lock down my forum and I haven't really had any attempts made o mine...yet. At least nothing beyond some initial scans and probes...as far as I know.


----------



## dodgechargerfan (Mar 22, 2006)

keto said:


> I don't see it either. Might just be your cache.


Ah! I can see them in Tapatalk... But not in a web browser.

So, yeah. Cache.


----------



## GuitarsCanada (Dec 30, 2005)

dodgechargerfan said:


> Ah! I can see them in Tapatalk... But not in a web browser.
> 
> So, yeah. Cache.


Interesting, that must be in some kind of cache. I had to start again with all new folders, attachments etc. Now some of that would have been on the back-up but for lots of it the folders got wiped out


----------



## dodgechargerfan (Mar 22, 2006)

Yeah. I'm not sure. 
It seems there are more avatars that I can see than not. So, I just took it as the ones I can't see just don't actually have an avatar.

I can see mine in Tapatalk and I didn't re-upload, but that's not hard to believe as mine would be in my Tapatalk client as part of my account list.

I'm going to upload something though to cover off the web browser side of things.

Good job getting things going again, Scott. I have an idea what I takes and I don't envy you. If I can help, just let me know.


----------



## GuitarsCanada (Dec 30, 2005)

dodgechargerfan said:


> Yeah. I'm not sure.
> It seems there are more avatars that I can see than not. So, I just took it as the ones I can't see just don't actually have an avatar.
> 
> I can see mine in Tapatalk and I didn't re-upload, but that's not hard to believe as mine would be in my Tapatalk client as part of my account list.
> ...


Yep, make sure to take all precautions. Throw a .htaccess on your admincp folder as well


----------



## dodgechargerfan (Mar 22, 2006)

Yep. I have one on my mod folder as well.

I'm putting a utility in place that will flag multiple failed login attempts and then block the IP address. This is a server level thing, rather than a vB thing. 
It can cut down on traffic and processor resources as well, because they get blocked out and then move on.


----------



## GuitarsCanada (Dec 30, 2005)

dodgechargerfan said:


> Yep. I have one on my mod folder as well.
> 
> I'm putting a utility in place that will flag multiple failed login attempts and then block the IP address. This is a server level thing, rather than a vB thing.
> It can cut down on traffic and processor resources as well, because they get blocked out and then move on.


Send me some details on how and what you used to create your .htaccess files via PM. I am having trouble on the paths


----------



## dodgechargerfan (Mar 22, 2006)

GuitarsCanada said:


> Send me some details on how and what you used to create your .htaccess files via PM. I am having trouble on the paths


Done.
6 7 8 9 10 Characters...


----------



## Budda (May 29, 2007)

Scott, I am very greatful that you could restore the site. This is one of two sites I go to most often outside of crackbook. 

Forum on mobile looks to be doing ok.


----------



## Milkman (Feb 2, 2006)

I'm running on an iPad 2 and it seems pretty good. I think my avatar is showing.


----------



## keto (May 23, 2006)

Milkman said:


> I'm running on an iPad 2 and it seems pretty good. I think my avatar is showing.


Yessir it is.


----------



## Milkman (Feb 2, 2006)

Good.

LOL, I'm frigging addicted to this place.

Thanks for the effort Scott. Smoke a doob.


----------



## bluzfish (Mar 12, 2011)

Ha, ha, ha, that's the spirit. One reggae show, at sound check, a bunch of the entourage filled a big garbage can lid with marijuana in the middle of the arena, lit it and stood around it deep breathing the smoke. After all this, I wish we could all do the same!


----------



## Guest (Sep 29, 2013)

I like the canadian flag for the tab/bookmark.


----------



## sulphur (Jun 2, 2011)

Ha, I like the flag button too, I had to reload the site on my toolbar to get it.


----------

