Official Explanation Reveals Wiki was Damaged
The second attack on Sonic Retro was much more damaging than the first, and were it not for a community’s positive and active response, had the potential to be even more severe.
That’s according to Sonic Retro’s official explanation, which was posted this evening to mark the return of the website’s forums and Wiki. Ironically, there are intermittent problems accessing the website this evening, which may be due to an overload of the site’s working databases–the possible product of the Retro community coming back to see what’s happening in droves.
Sonic Retro’s full statement on the matter is below. There are two noteworthy elements in the explanation. The first is that most of our original reporting from Friday regarding Retro’s outage, as it turns out, was correct–the only anomaly being the citation was merely from someone posing as a Retro admin, and not the admin himself. Still, the information stands–many of Sonic Retro’s more than 10,000 wiki images were wiped out as a part of the second attack sustained Friday. The explanation below notes that, as of this publication, only about 15% of those wiki images have been recovered. Textually, Sonic Retro’s wiki is sound.
The second item of note is the reason that percentage is not lower than 15% right now–the main help of community member GerbilSoft, who scanned for lost data via an image download of Retro’s files and the CultNET servers. A pending second image scan may yield even more files. His efforts have warranted a promotion on Sonic Retro to forum administrator. It’s expected further announcements will ask for community members to help in the recovery of those images using GerbilSoft’s methods, and we will pass those along when they are made available.
Here is Sonic Retro’s official announcement regarding the attack, written by forum administrator Tweaker:
At about 11:20AM EST Thursday morning, we found ourselves under attack by an unknown hacker. He deleted the entirety of the forum’s post database, deleted the front page news entries, and proceeded to slowly edit the main page to be branded as a site called “REALLY Sonic.” The page that replaced the site’s main index can be seen here; one of our various retaliation pages can be found here.
After several hours of us deliberating in the staff IRC channel sifting through Apache logs, FTP access logs, and various other logs full of raw numbers and timestamps, we eventually found our culprit—a member by the name of Shibunoa. In addition to his IP being found in the access logs for the server, his useragent—and his apparent use of NetBSD—also helped concrete his involvement in the attack. We don’t know if anyone else was ever involved, but it can be safely assumed that the actual attack was his responsibility.
Once we found out how he got in, we worked on fixing the exploit. This was drx’s job, as the vulnerability was a result of the nature of his “Sonic Dev FTP” service, in addition to Apache’s apparent sentient access over the files on this server. He changed the password to the FTP, but he also made a small oversight—since Shibunoa also knew the URL for the HTTP section of the FTP, he was also able to get the new password listed on this page. While the FTP has since been deleted, the damage was soon to hit us harder than it did the first time.
After restoring backups of all of our lost data, we got hit a second time at the same exact time of day as the first. This time, though, we weren’t as lucky—not only did he delete the SQL for the forums and the wiki, but he also wiped the images directory, taking literally thousands of files hosted on our wiki with it. Normally this wouldn’t be a problem—after all, we had been in the process of making more backups for such an occasion—but Scarred Sun hadn’t finished making a full backup, and only had 1,000 or so of the 10,000+ files that were originally in the directory. In addition, the uploads directory on the forum suffered the same fate. As of now, we’ve managed to re-obtain about 1,500 of the lost files.
In order to combat this potential staggering loss, GerbilSoft stepped up to the plate and downloaded an image of the entire CulTNET HDD, running several diagnostic tools that would hopefully be able to scan the drive for any deleted files that might have still existed on the disc. After hours upon hours of downloading, transferring, and analyzing the disc image, however, it appeared that none of the deleted files existed on the drive any longer. Despite this, however, GerbilSoft’s willingness, effort, and expertise have culminated in him becoming the newest Sonic Retro administrator.
Here’s the bright side to all this—while the WordPress posts no longer exist outside of the realms of Google cache, we have lost absolutely no forum posts or wiki pages. In terms of textual data, everything is still completely intact and will remain so.
Members are encouraged to simply re-upload any avatars or photos that were once present in the uploads directory on the forum, and they are also encouraged—with an ingenious method that Gerbil himself devised—to scan their hard drives for any files that may have once been present on the wiki. More information will be available in a separate announcements thread soon as to how exactly you can help the wiki restoration effort.
Here are the people you should thank for helping get this place back online:
- Xkeeper, who worked his ass off from the start to help combat the hack as it happened and sifted through logs upon logs to help find the culprit.
- drx, who provided a ton of insight and used the access he had to help us figure out what happened and how it happened.
- Saz, who came in to save the day and deliver the exact logs we needed to ultimately identify Shibunoa as the hacker
- Scarred Sun, who had thankfully just made full SQL backups the night before for both the forum and wiki, allowing us to come out completely unscathed when it comes to forum and wiki text.
- nineko, who did his absolute best to help us with both his technical and legal expertise, and whose diligent work on the wiki—and the upcoming restore effort—in both this situation and past situations, has been extremely invaluable.
- GerbilSoft, who worked his ass off—and still is—to help us keep everything as intact as possible, and for being more than willing to help provide technical advisory when we need it.
- GeneHF, for talking as much shit as ever and keeping our spirits up.
- Myself, for beating the shit out of people in #retro and trying to explore as many possibilities as possible in working this situation out. I don’t like tooting my own horn, though, so I’ll let the others speak for me if they want…
All in all, this whole debacle has been completely ridiculous and unnecessary, and we all would have been better off not going through it. Still, we plan on sticking things through and not letting this phase us. With your help, Sonic Retro will come out of this situation completely unscathed—now and in the future.
And for Shibunoa… well, we only have one thing to say to you:
“GAME OVER”
Loading ...
(EDIT and BAN – I’ve had enough of your comments. -T)
Congrats, Gerbilsoft.
I am just glad to have them back^^
And the cycle begins again.
I’ve been following this story for the last few days it’s been newsworthy, and I have to say, I’m glad things are finally coming to a close. With luck, Sonic Retro won’t have to deal with someone like Shibunoa for a long, long time. It’s always a shame when you have that one person who’s more than willing to do what it takes to ruin it for everyone else, just for their own personal gain…
But! Thankfully, even with almost 90% of the files gone, text-wise, everything sounds like it’s in order, and from here, the community can rebuild, yeah? Hopefully, other things will be recovered in due time. But, for now, this is a good start to picking up the pieces, and moving on.
Good luck with future endeavors, Sonic Retro. Keep on, uh… retro-in’.
I’m sure this will happen again a month or two and they will of course pat themselves on the back and say things like “GAME OVER”. I guess the hackers have a lot of continues built up.
Looks like that “Xkeeper” was not a fake.
I believe it was another one of Retro’s “Social Experiments”. You know, the ones that cause drama.
Uh… yes, it was a fake. Do you people read any comments I made? It was probably some overzealous IRC user. And, if I recall, the IPs don’t match to Xkeeper either. Stop pulling assumptions out of your ass, Hedgie.
There you go looking for another scapegoat
rofl
Do you have proof sir?
I didn’t think so. Quit making yourself look like more than an ass than you already are.
*SIGH* I– Ah, never mind. Why do I bother?
@BlackHawk: Hehe, I’ll jump on that same boat.
Good to see Retro back on it’s feet.
Well, we’re up 500 images on that initial total already thanks to a 250MB RAR I’ve sent Gerbil – I’m confident we’ll get most of the data back in time, and replace the rest.
“I believe it was another one of Retro’s “Social Experiments”. You know, the ones that cause drama.”
I believe this was Hedgie’s fault. You know, the guy who was banned.
See, I can pull assumptions out of my ass, too.
Only one word can describe Shibunoa: FAIL
Also, congrats and thanks to all those who helped to restore Sonic Retro.
If it were the responsibility of Chaos Hedgie or Wetflame, I wouldn’t be suprised…after all, they were banned for cash.
olo dirty and vulgar
This is a wonderful example of karma. Corrupt administration suffers from a massive loss of image files.
“Anonymous on August 9th, 2009 11.23 am
If it were the responsibility of Chaos Hedgie or Wetflame, I wouldn’t be suprised…after all, they were banned for cash.”
Except, not really.
Sounds like Bob From Accounting believes the Shoddy excuse presented by Tweaker and Co.
So Bob, ask yourself, if they were to already be banned…why did Tweaker need to wait before offers were presented? By the way SS worded her post, she seems like there was something preventing her from banning the two members outright.
“Tweaker got some money for tough IRL shit and we got our bans done”
Another reason why the TSSZHAET is generally uncalled for. Is Tristan a dick? Sure, at times the butthurt rolls off of the news pages here. But shit like this reveals that, well, generally everybody else who go out of their way to point this out are butthurt dicks themselves. “LOL FUCK U TRISTAN WIKI’S BACK…. OH WAIT DISREGARD THAT I SUCK COCK WIKI IS 15%.” If Tristan really is such a nuisance can’t you, like, take the higher road?
Nevermind all that though. The real dicks though are the REALLY Sonic guys. They’re bitching about a supposed monopoly of fansites. They should just get a MySpace page and shut the fuck up.
@Anonymous – Except it’s a Sonic fansite. Private property at that. If you don’t like Sonic Retro or the way their forum administration runs things then you GTFO.
I don’t give a shit if Tweaker got head from someone and then unbanned them. The idiot who gave head should have known better than bitch and whine about it now by posting a page they made on Frontpage Express.
“So Bob, ask yourself, if they were to already be banned…why did Tweaker need to wait before offers were presented? By the way SS worded her post, she seems like there was something preventing her from banning the two members outright.”
I did. They were gonna be banned anyway. Get it through your thick head.