Hello Everyone,
This is Michael, and I regret to inform you all that last Tuesday we were notified of a potential exploit in MySQL based database servers. Since I am the Database Administrator for this community, it was my job to prepare for such an instance and immediately I took the proper steps to make sure our servers were not vulnerable to this exploit. At the time we currently had eight servers in different datacenters across the United States and Canada using a replication setup to prevent downtime. After checking all of our servers, we were able to determine that 1 out of the eight servers had the exploit. This specific server is for our web hosting for the forums, and this particular server I have no control over. The past couple days have mainly consisted of Halo and me making necessary measures to keep the site secure while we waited for a response from Host1Plus. Our web hosting provider has put us in this situation where the database server provided by them is using a build all the way back from 2014. This reckless action potentially makes the site vulnerable to many exploits. It is with that decision that we have made efforts to configure the website to use a Database Server outside of Host1Plus until this issue is resolved. However, at this time, we recommend that you change your password to the forums and also any passwords that were the same as the one used on here. I am not issuing mandatory password resets, however, if it comes to the point where Host1Plus admits to making a mistake, then I will be sure to issue mandatory password resets ASAP.
This is the reason why on Saturday, Sunday, and Monday that the Forums had some downtime regarding connection to the Database. There may be a bit of a delay on the site too because the Database server takes a couple seconds to send the information needed to load the page.
If I get anymore updates from Host1Plus I will be sure to keep you all posted.
Sincerely,
Michael/AwakenedRage
SIGMA Head Developer
CU Database Administrator