Someone finally waltzed into one of our awful forum script's giant, gaping security holes. Unless you are actually a terrible poster that deserved to be banned, I guess!
Yeah, that was my research and investigation that showed it up. Turns out there was a Fusetalk vulnerability that the Bannings page wasn't locked down (which was confirmed by a simple Secunia query a few days later), and any registered user could come in and ban anyone else. I've got the entire hilarious chat log which demonstrated the ability to ban random people, Ty included:
Shifty: ahahahahahahahahaha
Shifty: i'm in your ban lists
Shifty: can't see anything though
Shifty: as in "there's no banned users" which is hard to believe
Peeack: aahahah
S-U-P-E-R: hrm
Peeack: that it is
Peeack: well i'm off for a while, i have two OS's to install on this pc!
S-U-P-E-R: i have a hunch that there's at least two seperate banlists
S-U-P-E-R: like it'll track ones done through the on-page pulldowns separately from the ones through the admin panel
Shifty: and now i caused a rails error
Shifty: ah
S-U-P-E-R: HOWEVER, i don't know this for sure
Shifty: that's probabl why, as i'm running this from the forums main page
Shifty: urg, admin login page.
Shifty: can't get past you just yet
Infernal Monkey: hahahah
Shifty: lets see if i can ban someone randomly
Shifty: awesome, i just banned PIAC from somewhere
S-U-P-E-R: ahahah are you serious
Shifty: reason: FREE KEVIN
Shifty: yeah, see if you can track it down
Shifty: because i can basically cruise to and do just that
Infernal Monkey: hahahahahahhaha
Berto2K: hahaha
S-U-P-E-R: ahahah holy ****
S-U-P-E-R: the pulldown menu banlist was cleared
Shifty: did i do that?
S-U-P-E-R: maybe that happened when the server moved
S-U-P-E-R: and yeah, piac is the only one on it
Shifty: hahahahaha do i win the internet?
Shifty: ****, i'm getting a beer for that
Shifty: who else deserves a ban?
S-U-P-E-R: i don't think you did
S-U-P-E-R: every active poster and admin
S-U-P-E-R: do it and maybe we can get the new forum up this week so "this doesn't happen again"
Shifty: ban someone noteworthy?
S-U-P-E-R: every active poster and admin
S-U-P-E-R: just camp out the online user list and ban everyone that logs on
Infernal Monkey: looooool
S-U-P-E-R: and i'll not know about it
S-U-P-E-R: p.s. i have warned the entire staff several times of exploits
Shifty: oh, but that's cos you'll get banned to oh wait surprised ruined
S-U-P-E-R: that's fine i don't care
S-U-P-E-R: besides i think i have parachute accounts
Shifty: GP has been banned
Infernal Monkey: yes!
S-U-P-E-R: hahahahahahahahahahah holy ****
S-U-P-E-R: i can't login to the admin page anymore
S-U-P-E-R: double lollllllllllllllllllllllllllll
Hybrid Hunter: LOL
Infernal Monkey: NWR quality internets
Shifty: and that was an easy effort
S-U-P-E-R: how long did this take you, like 30 minutes to destroy the forum
Hybrid Hunter: can they trace it to you shifty?
Infernal Monkey: hahahahahahhaahha
S-U-P-E-R: who gives a **** what are they gonna do
Shifty: it took me two minutes of reading scripts and then i went straight to the page
Hybrid Hunter: blame australia
S-U-P-E-R: banning *!*@*.au
Infernal Monkey: they'll chuck publisher press releases at you shifty, watch out
Shifty: acutally, lets see if i even need a login to do this
Shifty: yeah, i need to supply a login
S-U-P-E-R: make sure you get every admin
Shifty: hahahaha
S-U-P-E-R: i'm going to be the first person that gets aimed about this by the other staff
After that it degenerated into chaos once RABicle and PIAC heard about their unbannings...
So yes, that was why the forums were down. At least it was acted on promptly and resolved quickly. Thanks staffers!