Welcome back folks. Please report any bugs you find here. Thank you.

If not yet done, make sure to UPDATE your password here!
Can't log in? Reset your password here.

Want to sent the tech team and admins away for a dinner?

See more
See less

So, WTF happened - a bit of an explanation

  • Filter
  • Time
  • Show
Clear All
new posts

  • So, WTF happened - a bit of an explanation

    Hi, everyone!

    First and foremost, welcome back to RWI! As you've probably noticed, we've moved back to vbulletin, our old stomping grounds. This is due to many issues with XF both with the amenity of the software and various security problems.

    Now, for the meat of the matter: yes, RWI was compromised. An attacker used a sophisticated mysql injection and blind attack to extract a lot of the database; he also compromised a number of administrator accounts and used that access to deface the forums and send out insulting ransom e-mails.

    In addition to that, he harassed RWI staff by creating e-mail accounts to pose as other staff members.

    He is attention seeking and not worth your time; if you see him again, simply ignore him and let me know.

    RWI has been down for a long time and I know that there have been discussions and worries about the down time, but this is why:

    1. We were attempting to do forensics on the break-in to discover who the attacker was. This required us to leave data as-is for a while as we examined the traces left behind. For example, we discovered that one of our application firewalls had been disabled for a while due to a billing incident and had gone undetected.

    2. Due to a mistake in backup procedures we also had to re-examine our backups and see which ones were usable. Users and PMs are properly backed up, but you will notice that some posts from the brand forums are missing for the last five months or so.

    3. The conversion back to vb has been extremely time-consuming due to the lack of tooling and the sheer amount of data on the forums to convert. This has taken up the second largest amount of time.

    Additionally, after the conversion, the staff had to work their asses off to get the forums shipshape so that you guys would be able to come back to a familiar RWI.

    Going forward, we are making the following changes:

    1. We have moved from OVH to a fully managed server with an industry leading host (these guys host a lot of EU government websites and are the best in the biz). Rather than reinventing a number of wheels we can simply have the host do proper backups and full system snapshots.

    2. Staff will be required to have higher security on their accounts including two-factor authentication.

    3. User information will be much more closely-guarded. For example, we are looking into ways to encrypt PMs so that even if the database is compromised, the attacker will not be able to see your private conversations*. Private messages have and will continue to be private here. *this may not be feasible but we will try

    4. We will learn from past mistakes; backups will not be simply automated daily, but will also be checked regularly to ensure that they are available and usable. A security expert has examined and fortified the server -- so much that it may interfere with normal forum usage for a time, so please bear with us as we tweak the rules to allow legitimate posts.

    It will take a while for the dust to settle on the new vbulletin setup, but after a year on XenForo, we've learned that many, many people preferred vbulletin, so we're confident that this will be a great choice going forward, well worth the time investment.

    Let me take this opportunity on behalf of the owners and management to apologize for the downtime we have just come thru. It's been hell for us as well, quite a few people have had little sleep and no recreation time at all over the past eight or so weeks. TBH I've had the easy bit, all I've been doing is selecting 10s of 1000s of buttons for settings, the guys have been coding and creating everything from a custom program that allowed us to convert from XF to vB (thanks Ballz) to people who have stepped up to the plate and given us a hand with graphics for the new custom skin. People have pulled in favors to get us a great price on our new hosting (as eye watering as it still is it's a hell of a lot cheaper than it should be. We are virtually running on the same platform as some of the largest websites in the world) and pretty much performed miracles to get the database back from the dead. No one is quite sure how atgm pasted it it all back together from a series of fragments but he did. atgm is taking his leave of tech admin here, it's time he had a break so DR3M3L has stepped back up to the plate and for that we thank him. Please, DO NOT bother him directly, when you find issues post it in the thread in this section, he will add it to the list.

    We realise there are still quite a few issues including a lot of folk who don't have accessible accounts as yet but we are working on it all in order of priority.

    I would also like to thank all of you, the members and supporters for your patience while we unraveled the mess and got RWI back up and running, without you guys there would be no point.

    There will be a raffle organised just as soon as we hjave the place sorted out and running right to begin to pay back the people who have spent 1000s in the last few weeks to get the place back running and to pay the bills that will now come in. Anyone wishing to make a direct donation please contact myself via PM. Please consider subscribing or upgrading to Patron if you are already a subscriber, we are going to need it. I'm skint and I'm far from being the only one in that position after this. There are also a heap of folk we owe a damn good steak dinner to as a bare minimum for the effort they have put in over this, we have had folk who are not even members here put in 100s of hours for free and/or greatly reduced rates to get us up and running. All of them deserve some reward.

    Thanks and regards, trailboss99

    ************************************************** ********
    People always forget, the correct sequence is rape, pillage THEN burn. sfa437
    ************************************************** *************
    hmm - from what I know of Guanaco all he'll do is try to make the trouble more fun.... greg_r
    ************************************************** ********
    When you say modding, do you mean repeatedly hitting it with a hammer? Mickey Padge

    Mit der Dummheit kämpfen Götter selbst vergebens

  • #2
    Thank you to everyone who helped get us back up and running
    My collection | Who has the best sub? A guide for noobs | List of TDs contact info | Speedmaster moonwatch FOIS | My 6538 vintagising project


    • #3
      Holy crap we are back! Thanks to J and team for making it happen!
      Heading to Bangkok/Thailand? - MBK/Thailand/Bangkok Rep Review
      Lovely Newbies, please watch an introductory video, courtesy of Hitler :
      Rolex Big Crowns - Collection of Rep Pictures across Forums (Compilation Thread)
      Before asking me questions on vintage reps - The Rookie's FAQ to Vintage Reps

      I owe my collection to a great deal of members here at RWI, I am forever in their debt as they parted their art pieces to me. As such, every piece I own in my collection is given first refusal to the original owners. If I sell, it will be on m2m. I am flattered to receive offers but it's unlikely I'll ever sell

      If you PM me, please have the decency to reply when I reply. If you don't I WILL add you to my ignore list.


      • #4
        Ah, back again...

        Ah, but a man's reach should exceed his grasp, or what's a Heaven for?

        If at first you don't succeed, try, try again...


        • #5
          thanks to everyone involved in restoring this great forum!


          • #6
            Welcome back! I actually have no PMs at all, dunno if it works for other people? What about the helpdesk? I've been waiting for a lot of time to open a ticket, huh
            Everything's for sale, I got 5 passports, I'm never going to jail!


            • #7
              Thanks guys, your efforts are much appreciated.


              • #8
                A thank you to everyone who's helped in restoring RWI. Your efforts are much appreciated.


                • #9
                  Thanks to all who worked so hard to get our beloved Forum back on track. Today is a great day.


                  • #10
                    It's been so looooong, but it's always a pleasure to be here. Other forums are okay, but they cannot make up for the time without RWI

                    Thanks for all the staff members who dedicated their time to restorea community like no other on the Internet
                    "Shorty I've been watching you watching me, now tell me what you like more, my watch or me? haha" , (50 cent, U not like me)


                    • #11
                      Yeah about the PMs . . . bad news there i'm afraid, we had them but no way of attaching PMs to people so plum outa luck. However, if you had PM notifications turned on you should have all your PMs in emails.

                      The Help Desk was a plugin and it's not compatible with vB5 so we need to start all over again there. If anyone has any pressing issues PM a sales moderator for assistance. Please don't everyone PM poor old Raddave, spread it around we have plenty.

                      ************************************************** ********
                      People always forget, the correct sequence is rape, pillage THEN burn. sfa437
                      ************************************************** *************
                      hmm - from what I know of Guanaco all he'll do is try to make the trouble more fun.... greg_r
                      ************************************************** ********
                      When you say modding, do you mean repeatedly hitting it with a hammer? Mickey Padge

                      Mit der Dummheit kämpfen Götter selbst vergebens


                      • #12
                        Cheers to the RWI crew
                        TEMPUS FUGIT


                        • #13
                          Thanks for the hard work.


                          • #14
                            Damn good job, folks.

                            its good to be back!

                            so... who does the best sub?


                            • #15
                              I suppose that our buy / sales history is down the pipe as well, am I correct ?
                              If two witches watched two watches
                              which witch would watch which watch?