Aussieveedubbers - Powered by GaiaBB

Administrivia: Change your passwords

vanderaj - July 22nd, 2014 at 02:06 PM

Hi there,

When we had the downtime the other week, we had a break in on our old server. The attackers were very focused on spamming, and there is no evidence they changed or dumped any information from this forum. They never used a login from this site nor accessed it.

However, they did have PHP access to our old server for nearly two days, and could read and write to my blog files, all of my wife's blog, and they uploaded files to do the spamming on these other domains.

Despite extensive forensic investigations, and learning the MO of these folks, I can't rule iout that they didn't download data from the forum, even though I personally think it is very unlikely as the amount of data they took was minimal (a few hundred kb - mostly related to establishing a spam factory on the old server), they didn't change any files on Aussieveedubbers, and they didn't access any of its urls.

Despite this, I've been giving this some thought over the last couple of weeks, and I would prefer you to consider changing your password here and anywhere else it is used on the offchance they did manage to get a dump of our members table (unlikely). If you only use your password on this forum, there is no problems as your account (with the exception of administrators) can't do much to the server, and the attackers can easily register a new account anyway. I don't know why they'd bother with a standard account,

I use a strong 25 character password maintained within a password manager called Keepass. I've rotated all the passwords used by the system, so the crooks don't have any access to the new server. I've also made it far more difficult to get between sites in the server. They broke in using a weak password on my wife's blog, and so I've changed that too. Users have never been able to login to the old or new servers using passwords (we use ssh keys), which is another reason why I believe they didn't get far, along with detailed forensic file system analysis I did only the old and new Servers.

So please, if you are at all concerned, please go to UserCP -> edit password and change it there. Make it long (there is no upper limit) and you'll be safe. If you choose not to change it, I think you'll be fine as long as you don't share the password used here with any other accounts, particularly your email address. If you do share, I'd recommend change your password at your other accounts before changing them here, but I find it's easier to just go ahead and change them all.

If you have any questions on this matter, please call me 0451 057 580.

Thanks
Andrew