Clay.io is under attack...

[Raiper34]

WHat do you think about this? I have got there all my games, so i am scared...

[AllanRW]

Yeah, seems its been hacked. But probably it will be back soon, just wait...

[austin]

Woke up to a nightmare. Problem resolved. Looking into why it happened and how to make sure it never happens again. Sorry everyone!

[Ezelia]

what hapened exactly ? didn't saw anything

[austin]

Redirection was injected into a file that routes our content. Redirected to what looks like a bitcoin miner.

[GrimPanda]

Glad you got this sorted, Austin. Clay.io is a valuable service.

[austin]

Again, I apologize for this happening. After having some time to look into it, here's a bit of a mini post mortem:

 

An individual used an exploit in the forum software we're using (Vanilla Forums) to upload a php file. He then used that file to prepend a header() redirect to a php file that serves as a router. It redirected to a malicious file that I can only assume was some sort of bitcoin miner (the site URL implied that it was bitcoin related). Vanilla Forums released a security update a few weeks ago (http://vanillaforums.org/discussion/25668/dec-2013-security-update-2-0-18-10-and-2-1b2), but unfortunately we had not upgraded (installing the update now).

 

Lessons learned: be smarter with file permissions and more careful with 3rd party software.

[dev]

Hacks & attacks happen to anyone. I like the way this was handled, kudos to Austin! 

[Chris]

Its somehow always the forums... >_<

How about outsourcing the forums on a different server, or - if you have root access to your server, put the board software in a separate folder and map that folder in apache to a specific subdomain. That should prevent leaking data from the board over to the rest of the project.

[fatalfluff]

Thanks for being so open about this.. some other Vanilla users *ahem* had not installed their updates, neither