SQL inject problem

(8:00am, Pacific) It looks like some old pages were open to some drive-by sql injection scripts and some joker stuffed a bunch of crappy javascript into older posts on vulnerable subsites. We're rolling back to our latest backup and patching the old pages, so we should have this fixed up in the next few hours.

update (12:29pm Pacific): The database has been restored up to a point a few hours before the injection attack, but now pb is slogging through hundreds of scripts closing up any possible exploits so it'll be a few more hours before the site is back online. On twitter, people are recommending remedies to combat metafilter withdrawl symptoms.

update (4:07pm Pacific): The slog continues, still cleaning and double checking hundreds of pages, scripts, and templates. It could be a long weekend.

update (10:01pm Pacific): We've brought back the main MetaFilter site and Ask MetaFilter (gold star for pb!). MetaTalk and the rest of the subsites will likely be back online sometime Sunday. I know it's a bummer we don't have MetaTalk in order to discuss it, but it contained some of the cruftiest code on the server and will require extra time to clean up.

update (10:33pm Pacific): MeFi and Ask MeFi are working, but some stuff (favorites, comment activity/history, etc) are throwing errors. THERE WILL BE BUGS. We're working on it, but for now commenting and posting should work.

update (12:24am Pacific): Looks like uptime is an issue with all the new security checks we're doing on the site. I suspect things will be rocky for the next couple days as we optimize queries and attempt to get things speeding along once again.