a couple of days ago, during the night between Oct 28 and Oct 29 (GMT time, +0000), the credentials of one of our forum administrator were stolen and used to conduct an attack against our wiki, forum, bugzilla installations.
The attacker used these credentials to inject php code into our forum FAQ page as a way to install two backdoor scripts (cache2.php and cache3.php) and gain full access to all the user accounts on our web infrastructure (we used a centralized authentication system based on phpbb). In particular, your username, email and encrypted password (we do not store clear text passwords but phpBB uses salted double MD5, which is considered, to some extent, weak by some experts).
I have been able to successfully analyze the whole incident (the audit took me a couple of days), and take all the countermeasures needed so that it won’t happen again.
In particular, I have improved the alerting system such that it can autonomously and rapidly take action in case of unexpectedly uploaded files to our servers (and much more, btw). The database has been restored from one of our almost-hourly backups.
We apologize for any inconvenience that we may have caused you.
We advise you to change your forum, wiki and bugzilla passwords as soon as possible!
P.S.: we will not change the password for you
and disabling your account will not fix the problem, you need to change your password
. If you don't remember the username associated with your account, please send us a _separate_ and clear email stating your email address and name at website <at> sabayon <dot> org.
Alternatively, visit our Facebook page ( https://www.facebook.com/groups/36125411841/
) or IRC channel (freenode.net #sabayon).
P.P.S.: the attack originated from 18.104.22.168/24, hosted by riseup.net (apparently, they seem to approve this kind of behaviour) which provides vpns and Tor exit nodes. Data seem to have originated from 22.214.171.124 and 126.96.36.199 (according to the X-Forwarded-For field in HTTP requests). If you believe that Internet anonymity is good, well... will you be ready to pay the price of it?