Short story: Security on evilzone

[Stackprotector]

One day Factionwars implemented a Google custom search function into the forum software as a experiment.


A few days later, at a stunning time of 6 in the morning, 2 administrators called ande and bluechill found out about the feature and thought we were compromised. They thought someone implemented a malicious google custom search in our site .


So the 2 admins started crawling trough every log the linux system possess and go trough every file to see where a possible hacker got trough (Which is in the first place very unlikely). They went on for hours. And when the admin Factionwars comes online after a good night of sleep the admin ande asked him if he implemented the google custom search. Yep, he did. Ande is happy, so is the security.


And they lived happily ever after.

[WirelessDesert]

Nice. Good job Factionwars, good job.

[proxx]

It would have been the first hacker to implement a "google search" maliciously.
Fuck sweet.

[bluechill]

No so the problem is EvilZone gets enough views a month that it might be worth it to do because of ad revenue you would get hence why we were concerned because it looked like the person who did this, Factionwars, had touched *other* files as well and his login times weren't quite consistent with the modification because of an error in how the server was keeping file times vs ssh login times...

Basically we didn't have the protections we needed to truly figure out whether it was an admin or not who did this but now we do after this scare

Also it was only 12am my time when I messaged you so nbd on my part.

[ande]

Funny story bro

[kenjoe41]

Nice. Good job Factionwars, good job.

NO, thanks to the admins who are always alert. We have faith in you guys.

[ande]

I always enjoy an all-nighter digging through insane amounts of logs   ...