A.k.a.: Andrew van der Stock
Super Administrator
a suffusion of yellow
Posts: 3121
Threads: 436
Registered: August 26th, 2002
Member Is Offline
Location: Colorado Springs, CO, USA
Theme: UltimaBB Pro Yellow
Mood: In the family again
posted on July 22nd, 2014 at 02:06 PM
Administrivia: Change your passwords
Hi there,
When we had the downtime the other week, we had a break in on our old server. The attackers were very focused on spamming, and there is no evidence
they changed or dumped any information from this forum. They never used a login from this site nor accessed it.
However, they did have PHP access to our old server for nearly two days, and could read and write to my blog files, all of my wife's blog, and they
uploaded files to do the spamming on these other domains.
Despite extensive forensic investigations, and learning the MO of these folks, I can't rule iout that they didn't download data from the forum, even
though I personally think it is very unlikely as the amount of data they took was minimal (a few hundred kb - mostly related to establishing a spam
factory on the old server), they didn't change any files on Aussieveedubbers, and they didn't access any of its urls.
Despite this, I've been giving this some thought over the last couple of weeks, and I would prefer you to consider changing your password here and
anywhere else it is used on the offchance they did manage to get a dump of our members table (unlikely). If you only use your password on this forum,
there is no problems as your account (with the exception of administrators) can't do much to the server, and the attackers can easily register a new
account anyway. I don't know why they'd bother with a standard account,
I use a strong 25 character password maintained within a password manager called Keepass. I've rotated all the passwords used by the system, so the
crooks don't have any access to the new server. I've also made it far more difficult to get between sites in the server. They broke in using a weak
password on my wife's blog, and so I've changed that too. Users have never been able to login to the old or new servers using passwords (we use ssh
keys), which is another reason why I believe they didn't get far, along with detailed forensic file system analysis I did only the old and new
Servers.
So please, if you are at all concerned, please go to UserCP -> edit password and change it there. Make it long (there is no upper limit) and
you'll be safe. If you choose not to change it, I think you'll be fine as long as you don't share the password used here with any other accounts,
particularly your email address. If you do share, I'd recommend change your password at your other accounts before changing them here, but I find
it's easier to just go ahead and change them all.
If you have any questions on this matter, please call me 0451 057 580.
