Skip to content

The Warrior Forum Hack: My Analysis

There has been news floating around that The Warrior Forum (a popular forum for online entrepreneurs and a lot of people who want to try to make money online) was hacked. I decided to look into it.

First, I logged in to the forum and could find no posts that would indicate that the forum had been hacked other than that the normal category descriptions were not quite as they were a few days ago. Nevertheless, that’s enough to show me that some major changes had taken place lately, and from past experience, such little things are the last to be restored after a security breach. So while it doesn’t say “yes”, it does say that something happened that required some major restoration work.

Next, I simply searched for “warrior forum hack” and found this very helpful post on the affhelper.com blog (my apologies; I don’t know your name… and if you’ll leave a comment with an email address that only I’ll see, I’ll contact you about something I saw on your blog). The great thing about affhelper is that he captured a screen shot of the hack (there’s a link to the screenshot in his blog post; I won’t link directly to it).

So I did a bit of digging on Snitz Forums, which is the software used to run the forum.

What I found leads me to this conclusion: If you are going to use Snitz Forums software in a business situation, you need to have a system for supporting that software. Here’s why:

Snitz Forums is Open Source software and is covered by the GPL. Now don’t get me wrong; I love Open Source / free software, I use Open Source / free software, and will soon be releasing some Open Source / free software training courses myself. And Snitz Forums seems to be a very vibrant community that’s filled with people who really want to make the software the best it can be. But as I’ve mentioned in the past, if you are using open source / free software, YOU MUST HAVE A PLAN IN PLACE FOR WHEN YOU NEED HELP FIVE MINUTES AGO. Asking for help with a problem on a support forum when your money-making forum has been hacked isn’t going to cut it.

Another problem (which is actually also a blessing) is that the source code is open source and available to anybody who wants it. It’s very easy for anybody (with programming knowledge, of course) to go through the code, discover vulnerabilities, and do something with them. Responsible people report them and create fixes, making the software even better. Miscreants and criminals keep this information to themselves and use it for their own selfish purposes. So while it’s much easier to discover vulnerabilities and exploit them, it’s also easier to discover vulnerabilities and patch them — hence the mixed blessing.

The question, therefore, is this: Who is going to find the vulnerability first? Quite simply, it’s going to be the person with the most motivation. In some cases, it’s criminals looking for new ways to take over boxes, but (thankfully!) there are also lots of good, qualified people who dedicate their spare time to poring over open source software source code, looking for holes. While we owe a debt to them, we also don’t have the right to expect them to be 100% vigilant. In that regard, they are “undependable” from the standpoint that they, not you, get to set their priorities. You have no right to expect them to rearrange their life to solve your problem (at least for free).

The bottom line is that, if you are going to use open source software to operate your Business, you need to have a plan in place to support that software. This is something you can easily get in most cases with commercial software and, if not, you can pay the vendor extra for a support contract. In some cases, you can find somebody who will do the same for open source software. The bottom line is that regardless of the type of software you use, you’d better have somebody to call when something goes wrong that results in your cash flow getting turned off!

There is, however, one huge advantage to open source software: licensing issues. Trying to keep track of licenses for your commercial software can be problematic; with open source, as long as you’re not modifying it and trying to protect your modifications and/or sell it, you’re not going to experience any problems (this is simply my ignorant, uninformed opinion; talk to your lawyer to get the truth…!).

So there it is. The Warrior Forum isn’t going away, and it isn’t going to move away from Snitz Forums, either (sorry, imsimple, you got that one wrong, in my opinion — but it would be nice to move it off the Microsoft platform!). The owner of the Warrior Forum probably has the resources available to fix problems like this — plus he has already made a considerable investment in this software and built a community using it. Changing it now would hurt him. A lot. I don’t think he’ll change it.

So before you decide to use Snitz Forums and “be like the Warriors”, make sure that you do your homework and ensure that the costs you’ll incur to maintain it and keep it secure are costs that you can afford.

Thanks for listening,
Tom

This was written by Administrator. Posted on Tuesday, February 5, 2008, at 11:25 am. Filed under Incidents, News. Bookmark the permalink. Follow comments here with the RSS feed. Post a comment or leave a trackback.

3 Comments

  1. pawel wrote:

    Hey, thanks for the link. I would like to know what you saw on my blog :)

    [Issue passed via email, Pawel... Ciekawy jestem, czy mowisz po Polsku? --Tom]

    Tuesday, February 5, 2008 at 12:47 pm | Permalink
  2. Mark wrote:

    An interesting analysis there Tom! :D

    I’ve never tried out Snitz Forums before, it’s always been phpBB!

    That’s also very kind os you to alert other people of potential problems.

    Thanks
    Mark 8)

    Tuesday, February 5, 2008 at 5:04 pm | Permalink
  3. pawel wrote:

    Hey Tom,

    Tak ja mowie po Polsku :) Przyjechalem do USA w 2000 roku.

    What a small world!

    Tuesday, February 5, 2008 at 6:36 pm | Permalink

Post a Comment

You must be logged in to post a comment.