While I'm waiting for a newer version of the CMS to upload (there's thousands of files here) I figured I could do something useful, other than watching files upload, and communicate a bit about what's happened in the last couple of days. Here's an update on what happened, and what we're going to try do to prevent this from happening again.
(Yes, you've heard it all before. Unfortunately hackers are crafty buggers who keep updating their methods.)
First an explanation of what happened:
Somehow - don't know how but I have a suspicion is was through a virus - somebody out there got access, through another person's computer to our files on Obernet's server. With this access, they injected some malicious code into a couple of files that are called to perform tasks on the site fairly regularly, particularly when you log in and stuff like that.
While we could remove the malicious code file by file, the person (I still can't get my head around the fact that this is a HUMAN action) kept coming back and attacking new files.
The only proper solution was to upgrade the site to the newest version of the CMS (content management system, in English it's a bunch of files that communicate with a database to form an online community), and change all our administrative passwords, in the hope this locks them out from gaining access to anything.
And so the site had to be shut down, until these actions could be undertaken.
There have been rumours that a recent banning of a member who violated a few people's privacy and sexually harassed about five of our members is responsible for this attack. This is unverified, but if you have any information about the source of these attacks, I would love to know as I'm fully ready to take legal action at this point.
Once we're back up:
1/ We're going to have to re-introduce the more secure verification methods upon sign up. We'd made it easier to sign up because it seemed like people were getting confused and finding it too hard to check an email for a verification code. Sorry, but we'll have to put this back where it was.
2/ There'll be some additional verification codes required on login (probably something like a CAPTCHA you have to input. You'll see what I mean once it's there).
3/ To start with there will be only our regular forums (we've lost no data) and some pages - the core of the site. The forum is really what drives the site, so focus is getting it back online as fast as possible. All the fancy plugins will be added one by one to ensure they work with the latest version, over time.
4/ I urge you all to update your user profile passwords. PLEASE. A secure password needs to NOT spell a word. It needs to contain letters - both caps and non-caps, numbers, and special characters like @ and $. It may be hard to remember at first so write it down, keep it somewhere safe, but DON'T email it to yourself. If it's findable online, you've changed it for nothing.
5/ Run an anti-virus scan on your computer.
If you don't have a reliable anti-virus program, I can recommend a couple for various systems:
- for Windows, I recommend AVG Free, which can be downloaded (for free, hence the name) here: http://free.avg.com/au-en/download-free-antivirus
- for Mac, while it's less likely you have gotten a virus on your machine somewhere (as most viruses are made to target PC's), it's still recommended you run a scan to pick up anything malicious that's come through your emails. I recommend ClamXav, which you can get here: http://www.clamxav.com/download.php
For all we know, they could have gotten in via YOUR machine. This isn't anybody's fault but the hacker, so we have to try prevent them from doing it again by making sure our systems are as secure as possible.
6/ Obernet will have to have periods of down time for maintenance. This problem could have occurred through our having an older version of the CMS installed. The site wasn't upgraded to newer versions because people complain when things start not working after an upgrade. I beg you all to remember that all volunteers on the site are just that; volunteers who have real lives outside of Obernet. We get paid nothing to do this. Not that we want payment, but the nature of our involvement means that there are sometimes other things that take priority in our lives, before upgrading the site. Prior to any maintenance it's likely that a PM or email will be sent around, advising of the down time. This will ensure that any security vulnerabilities are patched properly before they become a huge problem and the site gets shut down again.
Right, about 50 files to go on the upload, so there's work to be done elsewhere now. Talk to you all properly on the forum soon.
