It would seem someone has uploaded a php script and abused the file site to delete all the files and replace them with a new index.html filled with banners. Yes it has been hacked.
However this has been fixed. It also came to light that the actual folder the files were being stored was being used in order to fuel the torrent tracker in CADownloader. This is not what I object to, what I do object to is that nobody asked if they could do this.
Either way the folder is no longer inside the public html folder, access requires a shell account or use of the modified file site scripts, so normal users will not be affected, CADownloader will need amending after a discussion, and malicious script kiddies jobs are slightly harder.
In other news, some improvements have been made to the internals of the download site. the php scripts have been modified to allow partial downloading, so pause and resume will now work correctly, as will programs such as getright or flashget, which support multiple download sections to speed up transfers.
I’m also in the process of replacing the internals of the upload form after several people reported issues with certain files.
May I thank the people at dreamhosts for serving this site to the public, and may I thank http://lesterchan.net/ for providing the scripts that got the file site started to begin with. Anyone using the scripts available there may note that they are not vulnerable to what happened to me, unless they add in an upload script, since uploading is not native to the script.
Also, I notice some files on darkstars could not be found on other sites. If users could help by uploading any files, and if other file hosts could contact me to help restore as many files as possible.
One reply on “File Site Tragedy and Improvements”