Quote: --- Original message by: MatthewDratt
This is not good for either community.
Of course it was someone who was childish who did it, right?
For those who don't know:
All right, so here's the deal.
First of all, only the forum.halo.click front page was compromised. Anything else hosted on the halo.click domain is fine. The worst-case scenario is that the attackers had full database access, which primarily means email addresses, password hashes, and IP addresses. Passwords are salted and hashed according to the method that IP.Board 3 uses. This means that it's extremely unlikely that your passwords were compromised, but if you used the same password elsewhere (which you really shouldn't have done in the first place, by the way), then it can't hurt to change them. As far as email addresses go, just be on the lookout for spam/phishing attempts. We would never send you a legitimate email asking for your password or any other personal information.
Now, here's the thing about halo.click. The site was operated completely by darkc0de, and despite us (the other people involved in the ElDewrito project) asking him multiple times for FTP access to the server, he refused to give it to us. The problem, then, is that he actually got arrested a couple of months ago (for something he did a few years ago, don't ask) and is going to be in jail for a few years. He didn't give us any sort of advance notice about this, and we didn't find out until we were told by someone who knows him personally. So we are completely unable to manage the server internals aside from the limited amount of control he gave us over the forums. This is the same reason why the mail server has been broken for so long - we can't do anything about it.
On top of all of that, dark told us that he had a legitimate license for IP.Board when he set up the site. We just now found out that he lied to us and that the license was actually a nulled version of IP.Board, so we haven't been receiving any security updates from IPS. This is probably how the attackers found the site and got access to it.
We will try to do what we can to fix the issue, but chances are we might not be able to do much. Therefore, halo.click is no longer being supported by us and we will be moving everything to a new server.
We are very sorry for any trouble this might have caused.
The point I am makin HO needs to learn their lesson and stop acting childish. Look how many they kept doing inapporpiate stuff to us? No1dead right now logged into HMF and checking what we up to. Look i love halo ce community because we always show respective manners when new members join in. We dont approve HO eldorito because after what they did.
They nearly took this over but luckily their site went down. And shockfire and limited need to control themself and they are mentioning HMF everyday in IRC because when i log in they always talk bad stuff about us and they have no damn freaking clue who i am in IRC.