We are investigating an issue with the site. Last Updated at 08:30am 22/11/09

It is with great regret that the I have to inform you the site was compromised by an upload vulnerability flaw. This ocurred on Saturday morning. So far it appears to be an injection based attack. This results in code being inserted into our response to present to you a different page than we want.

I have cleared the disks down of suspect files and moved the good backups from Thursday night and before off disk.

I cannot hand on heart state what the compromise has yielded. As a precaution you should update any passwords that share either your username or email. The passwords on the site are encrypted using a one way algorithm. It's good practise not to use the same password on the different sites, but it's all to easy. You should also perform a full system scan if you visited the site since midnight on Friday and 10am on Saturday. When the site returns you will be prompted for a new password.

When the site comes back there will be some changes. This is not the first vulnerability, however it is the first to have caught us. We are not alone, but changes none the less will be made.

Most obvious will be the lack of some images, custom avatars, custom profile pics, signature pics and all avatars. I have scanned all the files and identified compromised ones, however this is a file upload breech. To ensure the safety going forward we'll start again with them. I am toying with disabling uploads untill the new site comes along and things generally have settled down.

You will also find a lot of links and searches say from google will yield a 404. The forums are going to be stripped back to a bare bones install.

Finally time estimates, I'm not rushing this process. It might be that I decide to abandon these servers, always overly cautious. This page will remain with updates as we go, I would like to say sometime today.

I have a site back and running, it was completed at around 2am yesterday. However I'm going to run some more tests today to be totally certain its ok. Little things like email, mixed in some extra mysql servers to allow for hourly backups.

I've decided that the current servers needed a rethink after last weekends outages. This has only added to that pressure, for the moment we'll be on a new temproary setup, it may at times be slower, it 's temporary though.

I do sincerely apologise for this outage. I'd prefer to have the site up sooner than later, but ony when it's ready as it will create more headaches otherwsie.

If you urgently need to get in touch, you can contact us via email; webmaster [at] briskoda dot net