We're officially back up from our hack attack. The explanation:
When searching on the version of phpBB that was running, the highlight= field in the URL allowed you to run code on the webserver. If you put, for example:
http://www.indie-rpgs.com/index.php...arrativist+poop
you'd highlight the words 'narrativist' and 'poop'. If you put:
http://www.indie-rpgs.com/index.php?viewtopic=4567&highlight=system("cd ~/indie-rpgs.com && rm -rf *")
you'd delete the entire Forge site. (Note - that string had to be encoded using ASCII codes, but you get the idea.)
This hacker didn't do that. He used the exploit to download several Perl scripts that allowed him to get remote password-less access to the actual server. Using that, he read the database passwords, logged into the DB, deleted the posts and configuration for the Forge, and then deleted all my DB backups.
---
So, that's that. Thanks to the awesome guys at Dreamhost who helped me out with this. We only lost 8 hours of posts, on a Sunday, which is normally a slow posting day.
Hello,
Welcome back, everyone. I'd like to ask that you take the time to consider why you post here, and what you plan to contribute to others' mutual understanding, from now on.
Best,
Ron
"Dreamhost" indeed. That sounds like an otherwise very dead Forge.
Thanks for all the hard work.