Change your forum, bugzilla and wiki passwords ASAP!

Discuss all artwork and development - Suggestions needed

Moderator: Moderators

Change your forum, bugzilla and wiki passwords ASAP!

Postby lxnay » Thu Oct 31, 2013 20:30

Dear users,
a couple of days ago, during the night between Oct 28 and Oct 29 (GMT time, +0000), the credentials of one of our forum administrator were stolen and used to conduct an attack against our wiki, forum, bugzilla installations.
The attacker used these credentials to inject php code into our forum FAQ page as a way to install two backdoor scripts (cache2.php and cache3.php) and gain full access to all the user accounts on our web infrastructure (we used a centralized authentication system based on phpbb). In particular, your username, email and encrypted password (we do not store clear text passwords but phpBB uses salted double MD5, which is considered, to some extent, weak by some experts).
I have been able to successfully analyze the whole incident (the audit took me a couple of days), and take all the countermeasures needed so that it won’t happen again.
In particular, I have improved the alerting system such that it can autonomously and rapidly take action in case of unexpectedly uploaded files to our servers (and much more, btw). The database has been restored from one of our almost-hourly backups.

We apologize for any inconvenience that we may have caused you.
We advise you to change your forum, wiki and bugzilla passwords as soon as possible!

P.S.: we will not change the password for you and disabling your account will not fix the problem, you need to change your password. If you don't remember the username associated with your account, please send us a _separate_ and clear email stating your email address and name at website <at> sabayon <dot> org.
Alternatively, visit our Facebook page ( https://www.facebook.com/groups/36125411841/ ) or IRC channel (freenode.net #sabayon).

P.P.S.: the attack originated from 199.254.238.0/24, hosted by riseup.net (apparently, they seem to approve this kind of behaviour) which provides vpns and Tor exit nodes. Data seem to have originated from 67.86.121.13 and 46.35.187.43 (according to the X-Forwarded-For field in HTTP requests). If you believe that Internet anonymity is good, well... will you be ready to pay the price of it?
Image
Join us on IRC (chat.freenode.net #sabayon or WebChat)
Submit bugs to our Bug Tracker
Follow me on Twitter
Add me on Facebook
Add me on Google+
lxnay
Land Owner
 
Posts: 3595
Joined: Thu Oct 13, 2005 23:16
Location: Italy

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby ReemZ » Thu Oct 31, 2013 21:20

lxnay wrote:If you believe that Internet anonymity is good, well... will you be ready to pay the price of it?

lol @ US government style scare tactics :mrgreen:
Handtekening? Zeg...ik ga niet op m'n monitor schrijven!
ReemZ
Old Dear Hen
 
Posts: 701
Joined: Mon Oct 27, 2008 10:50
Location: Here! No, here! Over heeeeeeere!

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby nobicycle » Fri Nov 01, 2013 0:19

"the credentials of one of our forum administrator were stolen"
Out of curiosity and wish to learn from mistakes, how did that happen?

I agree with Reemz about the anonymity issue. We do not need RFID under our skin just because an admin was sloppy with his password. Yes, prepared to pay the price.
nobicycle
Simple Hen
 
Posts: 77
Joined: Fri Nov 20, 2009 13:55

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby ancient mariner » Fri Nov 01, 2013 9:29

Anonymity is a double-edged sword. Sure we'd all love to not be tracked as we go about our lives, but I'm pretty sure we're happy to pay the price as long as it's someone else who pays it.

This is the second attack against a Linux forum that I've heard of in the last couple of days. Pearlinux forum is offline after a recent attack, pear being more-or-less run solo by David Tavares, and he doesn't have spare time to get it back up & running.
ancient mariner
Simple Hen
 
Posts: 47
Joined: Mon Jun 14, 2010 12:20

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby akrep55tr » Fri Nov 01, 2013 11:50

Yesterday or the day before when I logged in the forum I was asked to change my password, and I did. Did you do that or it was a trick of the person who stole the account?
akrep55tr
Young Hen
 
Posts: 32
Joined: Mon Oct 05, 2009 19:14

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby lxnay » Fri Nov 01, 2013 11:55

No, we are also forcing users to change their password. So, it was us, yeah.
Image
Join us on IRC (chat.freenode.net #sabayon or WebChat)
Submit bugs to our Bug Tracker
Follow me on Twitter
Add me on Facebook
Add me on Google+
lxnay
Land Owner
 
Posts: 3595
Joined: Thu Oct 13, 2005 23:16
Location: Italy

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby linuxfluesterer » Sat Nov 02, 2013 19:50

I HAVE changed my password. But though I did, something embarassing happens now the second time here.
I started to reply to a post, a thread here, and when I've finished my text, I've checked it, then I've sent it and then:
I was ordered to relogin with my password!
So, I reloggedin then and all my text, I have written before, was gone, was lost!
Why? This did not happen before.
Can you fix it, pls, Fabio?
Tante grazie.

-Linuxfluesterer (I love KDE ...)
I really hope, that by the Brexit (poor Britain), TTIP will be finally prevented. But don't get tired to talk to your local politician to open eyes for danger to democracy because of TTIP
User avatar
linuxfluesterer
Old Dear Hen
 
Posts: 704
Joined: Thu Sep 20, 2012 19:47
Location: Germany

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby Richlion » Sun Nov 03, 2013 9:54

linuxfluesterer wrote:I HAVE changed my password. But though I did, something embarassing happens now the second time here.
I started to reply to a post, a thread here, and when I've finished my text, I've checked it, then I've sent it and then:
I was ordered to relogin with my password!
So, I reloggedin then and all my text, I have written before, was gone, was lost!
Why? This did not happen before.
Can you fix it, pls, Fabio?
Tante grazie.

-Linuxfluesterer (I love KDE ...)


Check what was written in the first thread...
"The database has been restored from one of our almost-hourly backups"
Richlion
Technological Hen
 
Posts: 393
Joined: Sun Nov 11, 2007 2:19
Location: Manchester

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby linuxfluesterer » Sun Nov 03, 2013 11:41

Richlion wrote:Check what was written in the first thread...
"The database has been restored from one of our almost-hourly backups"

You say "has been". The incident has happened some days ago already.
So, why can I be logged in with remembering me (and my new password)?
Why can I open a thread to reply without being asked for my password (again)?
And why then I'm not asked for password before I write my reply, so that my text is not completely 'forgotten'?

-Linuxfluesterer (I love KDE ...)

Edit: Now that behavior did not happen (I mean, I was NOT asked for username and password, when I sen this post)
I really hope, that by the Brexit (poor Britain), TTIP will be finally prevented. But don't get tired to talk to your local politician to open eyes for danger to democracy because of TTIP
User avatar
linuxfluesterer
Old Dear Hen
 
Posts: 704
Joined: Thu Sep 20, 2012 19:47
Location: Germany

Re: Change your forum, bugzilla and wiki passwords ASAP!

Postby ReemZ » Thu Jan 02, 2014 18:19

Fuck sake, again? Just got told to change my password again or not be able to browse the forum! :evil:
Handtekening? Zeg...ik ga niet op m'n monitor schrijven!
ReemZ
Old Dear Hen
 
Posts: 701
Joined: Mon Oct 27, 2008 10:50
Location: Here! No, here! Over heeeeeeere!

Next

Return to Artwork and Development Suggestions

Who is online

Users browsing this forum: No registered users and 1 guest