What happened to our 1500 Pledges?

We got hacked earlier this evening, causing us to lose all of the pledges we gained since the last database backup (and thank the gaming gods I even had the wherewithal to make that backup).  Oh, and I suppose I should say we got hacked again.  See, this has been a daily battle for us.  Here’s the back story.

Before the site had officially launched, and through means I still don’t understand, word about GAB got to Wil Wheaton, who blogged about the pledge and “launched” us overnight, racking up the first few hundred pledges and thousands of visitors to the site.  I’ll refer to this as the point of no return, because GAB became a thing, whether the site was ready for it or not.

With the first 200 pledges, came a half dozen hackers finding different ways of exploiting the pledge.  For the past few weeks, this has continued, and the number of attempted and completed hacks has increased into the hundreds.  Attacks have ranged from the simple (making grotesque images pop up in the signatures page, as you see below) to the elegant (making it impossible for new pledgees to sign), but all of the attacks had a few things in common: they were expected, they were childish, and they were temporary and easy enough to fix.

VERY NSFW/TRIGGER! HOVER TO VIEW THE HACKED SIGNATURES PAGE AT YOUR OWN RISK:

This was the result of a hack on the signatures page.

But tonight that all changed.

I finally figured out how to code a preventative measure to all the exploits that had been happening, so I released an update the site and thought I was done swatting all the annoying mosquitos and would finally be able to focus my time more productively. I was wrong.

Apparently my fighting back by increasing the security provoked the hackers to up their game as well.  Within an hour came another attack on a new level, obliterating the core of the site by deleting the database holding all the pledges and dropping our score from 1500 to zero.  Very sad.

While I was able to recover some of the pledges thanks to an incomplete backup, any attempts I’ve made to restore the site have been met by repeated attacks and takedowns, effectively silencing me and the 1500 people who have signed the pledge.

I’m asking that instead of signing the pledge, folks take to indiegogo and support our project, giving us the ability to improve the site and fight back against these misguided children.  As a fan on Facebook said, “they need the IndieGoGo – they’re going to need the level of security you normally find at research corporations just to stay afloat with the savage attacks they’re going to receive.”

You can also show your support by sharing the image below.

GAB-HACKED

We’re trying our hardest to get the pledge up and running as quickly as possible, but we appreciate your patience and support.  We’re not going to give up, or even be dissuaded by these attacks.  If anything, they have hardened our resolve: it’s more clear now than ever that this organization is needed.

glhf,

Gamers Against Bigotry

  • Pingback: Weekly Roundup: Sourcecode is Sexist. « Cyber Femmes

  • Wimblethorpe

    why are you trying to insult them, aren’t we trying to bring an end to all of that

    • http://samuelkillermann.com/ Samuel Killermann

      Wimblethorpe, do you mean the “childish” references, or the “Hackers” Movie references? In either case, I’m just trying to play along a bit and talk some smack. GAB is about ending bigotry, not ending 90s movie jokes.

      But maybe I was out of line. I am obviously rather emotionally enrapt in this entire debacle. What do you think?

      • Juliet

        Personally, I think you’re fine. Your “smack” was pretty mild and your post as a whole was IMO straightforward, civil, un-rant-y, and normal. You’ve made it clear GAB isn’t against all insults, smack talking, or swearing, but against a rather specific and insidious form of harassment and bigotry.

        That other stuff is difficult to manage and often context-dependent anyway. If people want to demonstrate even greater awareness and responsibility with their language, communication, and attitude, that’s great (I actively pursue this myself), but it’s not necessary to be always nice, polite, or emotionally neutral.

  • http://twitter.com/al2o3cr Matt Jones

    At risk of sounding like a bit of a jerk, you need to RUN directly away from phpPETITION. Not because of the usual “OMG PHP SUX” nonsense, but based on the code linked from here:

    http://forums.thedailywtf.com/forums/p/8783/166390.aspx

    there’s two or three apps worth of WTFs in there; mostly style (who the heck puts IF and ELSE in all-caps?! and who reinvents mysql_real_escape_string IN EVERY FILE), but there’s a SQL injection in confirm.php (thanks to mysql_db_query) that’s big enough to drive a truck through. Or, in this case, to drop a database. :(

    Feel free to ping me on Twitter if you need an extra set of eyes to keep this from happening again.

    • http://samuelkillermann.com/ Samuel Killermann

      Yikes. Well that’s reassuring. I used it because it was the only helpful resource I could use as a guide (having never done this stuff before). I added security measures, but I’m wondering if you have specific pointers for other things I need to do. I’ll DM you.

      Thanks, Matt!

      • steveorevo

        Are you running WordFence? Also may want to talk to the guys at http://sucuri.net/. Lastly, sounds like you qualify for a “good cause” charity project if you need the help. Our advanced WP group chooses a cause to donate our free time too.

  • Pingback: Gamers Against Bigotry site hacked by crusading racists « BeefJack - The Gamer's Sauce

  • Pingback: Gamers Against Bigotry site hacked by crusading racists « BeefJack - The Gamer's Sauce

  • Pingback: 2 – Video Gamers: site against bigotry repeatedly taken down | Long Looking LLC

  • thatoneguy

    Dude you better move to a different OS. They got exploits all up in yo OS

    • http://samuelkillermann.com/ Samuel Killermann

      OS? Care to elaborate?

  • http://twitter.com/charlesstover Charles Stover

    This will probably get you guys more popularity as a result. But I honestly can’t see myself donating to the IndieGoGo fund when you don’t know how they exploited your website.

    • http://samuelkillermann.com/ Samuel Killermann

      Yeah, it likely will. It’s a really negative way to get the word out there, though, so it’s unfortunate for that reason.

      And I am not equipped to figure out how they exploited the site, and, more importantly, how even more clever people might exploit it in the future. That’s why I’m going to hire someone who is :)

  • Pingback: Gamers Against Bigotry pledge site hacked with 1,500 signatures lost | VG247

  • Pingback: Gamers Against Bigotry Succumb to Hacker Attacks, Launch IndieGoGo Drive |

  • zoden

    hahahahahahha

  • Pingback: Gamers Against Bigotry hacked repeatedly by computer-savvy bigots | Lousy Canuck

  • someone

    HahA, I love hacking you

  • http://www.facebook.com/malice936 Malcomb Bell

    At the risk of sounding like a douche I’m going to say something shocking. I believe what you’re trying to do is a good thing, and a bad thing all at the same time =/

    People are entitled to their opinions, and freedoms. While you all may not like “bigotry” (no offense but that’s really vague) others may not care. I personally could be considered a bigot for the simple fact that I think the general majority of humanity could burn in hell without me shedding a single tear, HOWEVER I have my reasons for feeling that way. It isn’t grounded in any sort of racism, or anti-religious views, but more in the simple fact that as a whole humanity is a bunch of terrible beings that are destroying the planet, killing each other, killing innocent animals, and most importantly of all do this without even realizing it most of the time. So again what your doing is a good thing because you’re trying to bring peace to gamers, however at the same time you’re essentially saying that a persons views are wrong just because they don’t happen to be the same as yours. Either way I just thought I would show you both sides of the story instead of letting some idiots give bigots like my self a bad name ;p

HIGH SCORE 000005525PLEDGES

The Pledge:

As a gamer, I realize I contribute to an incredibly diverse social network of gamers around the world, and that my actions have the ability to impact others. In effort to make a positive impact, and to create a community that is welcoming to all, I pledge to not use bigoted language while gaming, online and otherwise.

Bigoted language includes, but is not limited to, slurs based on race? (e.g, "chink," "nigger," "wetback"), ethnicity? (e.g., "kyke," "polock"), gender? (e.g., "cunt," "bitch," "tranny"), religion? (e.g., "dirty jew," "papist"), sexual orientation? (e.g., "gay," "fag[got]," "dyke"), and disability? (e.g., "retard[ed]").

Read more about the pledge, including what is and isn't included, and the overall purpose here.

Read why you shouldn't use the word "rape" casually here.

Sign the Pledge