Basically, on March 30th, I wanted to make a "lead-up" to our supposed-to-be april fools. Remember when I said that Epic_Stuff was supposed to be promoted on that day? Well, what I did was disable Epic_Stuff's permissions on the board (so he wouldn't be able to do anything bad), promote him to owner, and ban myself, for the reasons of "being an evil dictator". Obviously, this was supposed to be a joke, leading up to Epic_Stuff taking over on April 1st. However, a serious ban had taken place a few days before to a certain user, and that user was MoonlightCapital.
Somehow, he found out how we handle the database and what our password was. He then later on went over to Jamie Dignam, another previous friend of mine, and told him/her to destroy the board. What ended up happening was every post, thread, and user was changed into being a "ClownYoshi" theme. The end result was the April Fools joke was changed into "Wario Washing Woods" theme started by Buntendo, and the forum was shut down temporarely. We only did april fools on the discord, though. It was really nice to see how Huseyin changed things up.
While all this was happening, I was offline for March 31st and April 1st, and left the site to my mods. Since I didn't expect this whole drama to happen, I didn't tell my server admin (JeDa) to be on the lookout. I also didn't do a database backup due to me thinking that I had one from a week ago. While I was gone, the server admin (JeDa) thought that it was a prank made by me, so he didn't do anything. However, once he realised it wasn't, it was a bit too late.
When I returned, I tried to see if I had a newer DB backup, only to get shot down by Explos and co.:
Yeah, true, making backups is important, but you don't need to harass someone just because he didn't take a backup. In fact, he's really hated in the community and everyone wanted him gone and banned. I, however, didn't ban him, because he was right. Although, as I've said above, I've tried to setup a auto-database backup system, but it refused to work with me. It only worked one time, and then failed. The turning point is, however, when a man named Conkerisanut recommended me to talk to a man called Jaku, a really famous computing security guy who even once appeared on a [news station](https://www.nbcchicago.com/on-air/as-seen-on/WEB-gaming-system-hacked-466008713.html). So I went into a DM conversation with him, and gave him all my logs, new SQL and old SQL. We have found out that Jamie, did indeed do a database backup before wrecking everything. He even taught me how to correctly set-up a auto-database backup system. I do have to thank a man called CLF78, who convinced jamie to atleast talk to me. After a long talk, he's handed over the database, and everything was restored.
What this means for you?
Well, little-to-no effect. The only changes is that jamie is now banned off of MMM, as he has previously broken too many rules, but this is the turning point. Other than that, nothing really changed.
What this means for us?
We're going to be improving our security measures.
First off, thanks to jaku, we can now take automatic backups. What's even more important, that they'll stay with us, so in-case anything bad happens, we have the latest backup. At worst, we'll just revert to a backup made the previous day.
Second off, we've realised that another neighboring site has also been affected due to permissions not being correctly setup. Thankfully, he didn't touch the other site, but it was still a huge risk. That can also mean that the other site can easily hack ours if they had the DB. It was fixed as well.
Are all of our data compromised
Well, no. We mainly encrypt most data (passwords) using global and per-user SHA256. Basically, if he were to get your passwords, he'd need to have access to both the local files and the database.
Does "theninja100" have anything to do with this?
This was a complicated matter, seeing as how the whole IPS situation happened. Basically, he has been involved in other affairs relating to destroy the board (in the past). When Jaku looked through our access logs, we found an IP, matching the IPS of theninja1000. Because of all previous affairs and the fact that he sent me a DM around the time of the hack, we assumed it was him. However, as I've learned, both Jamie and theninja1000 share the same IPS. So theninja1000, if you are reading this, I'm terribly sorry for accusing you of hacking us.
1. We're using stronger security.
2. Jamie is now perma-banned.
3. During the time that I didn't know that Jamie had a backup, I've made a poll, talking about random stuff. You guys really want randomized posts, thread ID's and forum ID's. You guys also suggested that I don't allow two threads to have the same name. So I'm going to implement both of them. As such, if you want to request more features, just tell me! I'm always open to finding out how we can improve our site for the users.
That's all about the current situation. If there's a newer situation, I'll let you all know.