Like Ra in latex catsuit, latex mask and high heels
Like Ra's Naughty Playground

speerise
SPEERISE Black Tank Yoga Unitard Women Ballet Sleeveless Full Body Tight Jumpsuit Dance Costumes Bodysuit Free Shipping
$210.47-33%

otouch
Male Masturbation Cup Vagina Egg Penis Massage Adult Toys for Men Glans Exercise Sexy Blowjob Toy Stretchy Silicone 2023 Hotsell
$154.81

ultrathin pantyhose
summer style Ultrathin sexy women tights stockings Lace Top Sheer Thighs High mesh Stockings High Quality Pantyhose black,red902
$4.71

msemis
Womens Lingerie Open Crotch Panties Glossy Patent Leather Thongs Underwear Sheer Lace Patchwork Briefs Bowknot Low Waist Sexy
$8.47

tiaobug sissy
Tiaobug Mens Pure Lace Butterfly Embroidery Crotchless Sissy Briefs See-through Mesh Panties Low Waist Night Underwears or Swims
$5.69-40%

temorish
Hot sale! fashion women customize Sexy purple latex stocking for women rubber stocking
$47.19-6%

2024 chastity
2024 Newest Basket Style Male Chastity Device with 4 Penis Rings,Sissy Cock Cage Chastity Lock,BDSM Sex Toys For Man Gay
$31.45-48%



To view Aliexpress you might need to switch your mobile browser to the Desktop version.

If you would like to use search functions, view hidden archives or play games, please consider registering.


Site performance, Server errors, outages and tunings
OK, it's very weird, but some attachments indeed disappeared. I compared the files on the server and in my backup, and the difference is huge. I haven't checked the database yet - currently I'm backing up the latest changes and uploading what is missing.

I hate when such things happen... Who does not...
Reply
Sooooo... It happened between Dec 16 and Dec 20. More than 3000 images were deleted from both the database and the disk. I do not know how to do this without knowing the admin password. So, it's either me (e.g. by installing a wrongly written plugin) or a hack.

All files and database entries are being restored from the backup at the moment.
Reply
It was a hack via a remote xmlhttp.php vulnerability. I'm not sure if this bug is fixed yet. At least 5000 files were removed.

I'm reporting the security vulnerability to MyBB admins and installing patches with some related security fixes.
Reply
BTW, the user from whose computer the site was "hacked" is well-known dan2010. I'm not saying that it was him directly, possibly it was a virus.
Reply
Latest update - it was a plugin that was uploading multiple files. Deleted for the time being ...
Reply
More than 10,000 images have been reuploaded. Please let me know if some links to the images are still broken.
Reply
I'm always asking myself for the motivation for such a "hack"...I mean, I know the theory how to do an sql injection and so on, but why on earth does someone hack a forum like this and simply deletes some pics? Really strange.

Good, you have a backup! 😊
Reply
Looks like you had some fun...
Good job finding it out, keeping you backups in good shape, restoring all the shizzle.
Thanks.
Reply
I think it was not a hack, but more a coincidence. The plugin may contain a bug but shouldn't the forum access control prevent deleting attachments uploaded by other users?

This is what I send to the MyBB developers:

I think this is what happened - the user was ripping the site with a software that supports javascript and "clicks" on all buttons in all possible combinations. We had this issue before when a user with admin rights was backing up all attachments uploaded to the production inventory database. And wget "clicked" on the "delete" button as well.

But in this case the user does not have elevated rights and that shouldn't have happened.
Reply
Yes, backup rules! 😁

BTW, about the amount of affected files. Every uploaded image "consists of" two files and one database record. Hence 10,000+ uploaded files (5,000 real images). Some attachments were removed by the users during all the years, so they are not in the database backup, but still in the attachment backup. The difference between two DB backups was more than 3,000 lines, what means the amount of the live files is between 3,000 and 5,000.

Just for the record, this is the current statistics:

No. Uploaded Attachments 12,880
Attachment Space Used 2.87 GB
Estimated Bandwidth Usage 634.63 GB
Average Attachment Size 233.35 KB
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Site rendering on Apple devices Like Ra 85 11,058 13 Aug 2023, 17:25
Last Post: Like Ra
Site access blocked from some public places Like Ra 10 4,954 12 Aug 2023, 23:54
Last Post: Like Ra
How to improve the site navigation Like Ra 10 6,754 03 Aug 2023, 23:27
Last Post: Like Ra
Performance problems Like Ra 0 7,134 11 Sep 2006, 00:04
Last Post: Like Ra