About a month ago I noticed some strange stuff in my access logs here and saw what seemed to be a hacking attempt against my forum software. I immediately fixed the vulnerability by upgrading to the latest version, and kept watching. Hacking attempts continued afterwards, increasingly, although none were having any effect… a few days ago, they were up to a few hundred per day. Yesterday, they almost doubled my traffic…

…and today in the morning my site suddenly went offline. I learned a few hours later that a friend’s forum, hosted on the same server, had been hacked by what is now known as the Santy Worm, and used to launch an outgoing DDOS attack against other servers. Not funny; especially as the provider yanked the whole machine offline while they tried to find out what was going on and what to do.

Still, they responded correctly, if slowly, upgrading their software to a non-vulnerable version and blocking all outgoing connections from the server, which shouldn’t impact anyone as far as I can see. I may seize the occasion and later in the week implement some more changes here…

If you tried to access this site, or download something, during the few hours we were down, my apologies. Hopefully it won’t happen again soon.

Interestingly, this worm used Google as a tool to detect vulnerable websites. That specific search is now supposed to be blocked. Still, I tried some searches and found that I’m third from the top when searching for “viewtopic.php” – one of the search strings perhaps used by the worm – among about 7,910,000. Very strange.