Webservices Downtime and Revival
#1
Welcome back!
We are very sorry for the long time you had to wait until this forum got back.
The wiki will be available in the next days too.
The masterserver for 1.0.4 will continue to remain manually moderated.

All of this has very technical reasons most of you will find very boring;
suffice it to say that there was a big security issue stemming from the sexy-but-unsecure work that had given us the previous main site. The new design was done by RandumKiwi, just like he's been working hard on getting this forum back up.
The initial period of waiting was due to a change in DNS - which took way longer than it really should have - and was required to get finished before we could even start reviving the services.

Since this security issue has compromised the reliability of previous content,
we will not be providing the old threads of this forum.
This is also the reason why you have to create a new account here.

Again - We are very sorry for this inconvenience.
Here's hoping our efforts have ensured that such a catastrophic fail will not happen as easily again.
Thanks given by:
#2
Also, special note: Although it's not necessarily required, as the passwords were encoded, we recommend you change your passwords from their previous entries.

We have put several measures in place for this not to happen again, as you may have noticed, the main site itself (which was what was originally exploited) is now static content, not PHP. We have better logging and intrusion detection systems in place, and the systems themselves, are better (there are many other things we have done to make our systems as secure and recoverable as we can make them, but we can't comment on what they are, for security reasons).

Although we had backups in place, they were all compromised, as this exploit had been going on for a long time without notice.
Thanks given by:
#3
At the request of others, here are a few more facts, but this is the last we may comment on the incident:
  • Yes, email addresses may have been leaked.
  • Yes, forum login passwords may have been leaked. We recommend you change your passwords used on the site, just in case, however, please note: they were encrypted, so it shouldn't matter too much.
  • No, malware wasn't distributed.
  • Yes, security systems in place now are far better than before.
  • Yes, the initial security issue that caused the trouble (as mentioned before above, it was a PHP exploit, executed on an insecurely written page on the main site - not the forum), has not only been removed, but also had several changes put in place to minimise or stop the damage, should such incidents occur in the future (which they won't).
Thanks given by: