Sabayon Community

[lxnay]

Dear users,
a couple of days ago, during the night between Oct 28 and Oct 29 (GMT time, +0000), the credentials of one of our forum administrator were stolen and used to conduct an attack against our wiki, forum, bugzilla installations.
The attacker used these credentials to inject php code into our forum FAQ page as a way to install two backdoor scripts (cache2.php and cache3.php) and gain full access to all the user accounts on our web infrastructure (we used a centralized authentication system based on phpbb). In particular, your username, email and encrypted password (we do not store clear text passwords but phpBB uses salted double MD5, which is considered, to some extent, weak by some experts).
I have been able to successfully analyze the whole incident (the audit took me a couple of days), and take all the countermeasures needed so that it won’t happen again.
In particular, I have improved the alerting system such that it can autonomously and rapidly take action in case of unexpectedly uploaded files to our servers (and much more, btw). The database has been restored from one of our almost-hourly backups.

We apologize for any inconvenience that we may have caused you.
We advise you to change your forum, wiki and bugzilla passwords as soon as possible!

P.S.: we will not change the password for you and disabling your account will not fix the problem, you need to change your password. If you don't remember the username associated with your account, please send us a _separate_ and clear email stating your email address and name at website <at> sabayon <dot> org.
Alternatively, visit our Facebook page ( https://www.facebook.com/groups/36125411841/ ) or IRC channel (freenode.net #sabayon).

P.P.S.: the attack originated from 199.254.238.0/24, hosted by riseup.net (apparently, they seem to approve this kind of behaviour) which provides vpns and Tor exit nodes. Data seem to have originated from 67.86.121.13 and 46.35.187.43 (according to the X-Forwarded-For field in HTTP requests). If you believe that Internet anonymity is good, well... will you be ready to pay the price of it?

[ReemZ]

If you believe that Internet anonymity is good, well... will you be ready to pay the price of it?

lol @ US government style scare tactics

[nobicycle]

"the credentials of one of our forum administrator were stolen"
Out of curiosity and wish to learn from mistakes, how did that happen?

I agree with Reemz about the anonymity issue. We do not need RFID under our skin just because an admin was sloppy with his password. Yes, prepared to pay the price.

[ancient mariner]

Anonymity is a double-edged sword. Sure we'd all love to not be tracked as we go about our lives, but I'm pretty sure we're happy to pay the price as long as it's someone else who pays it.

This is the second attack against a Linux forum that I've heard of in the last couple of days. Pearlinux forum is offline after a recent attack, pear being more-or-less run solo by David Tavares, and he doesn't have spare time to get it back up & running.

[akrep55tr]

Yesterday or the day before when I logged in the forum I was asked to change my password, and I did. Did you do that or it was a trick of the person who stole the account?

[lxnay]

No, we are also forcing users to change their password. So, it was us, yeah.

[linuxfluesterer]

I HAVE changed my password. But though I did, something embarassing happens now the second time here.
I started to reply to a post, a thread here, and when I've finished my text, I've checked it, then I've sent it and then:
I was ordered to relogin with my password!
So, I reloggedin then and all my text, I have written before, was gone, was lost!
Why? This did not happen before.
Can you fix it, pls, Fabio?
Tante grazie.

-Linuxfluesterer (I love KDE ...)

[Richlion]

I HAVE changed my password. But though I did, something embarassing happens now the second time here.
I started to reply to a post, a thread here, and when I've finished my text, I've checked it, then I've sent it and then:
I was ordered to relogin with my password!
So, I reloggedin then and all my text, I have written before, was gone, was lost!
Why? This did not happen before.
Can you fix it, pls, Fabio?
Tante grazie.

-Linuxfluesterer (I love KDE ...)

Check what was written in the first thread...
"The database has been restored from one of our almost-hourly backups"

[linuxfluesterer]

Check what was written in the first thread...
"The database has been restored from one of our almost-hourly backups"

You say "has been". The incident has happened some days ago already.
So, why can I be logged in with remembering me (and my new password)?
Why can I open a thread to reply without being asked for my password (again)?
And why then I'm not asked for password before I write my reply, so that my text is not completely 'forgotten'?

-Linuxfluesterer (I love KDE ...)

Edit: Now that behavior did not happen (I mean, I was NOT asked for username and password, when I sen this post)

[ReemZ]

Fuck sake, again? Just got told to change my password again or not be able to browse the forum!