THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Discuss technical problems and features here
User avatar
rdearman
Site Admin
Posts: 7231
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
Language Log: viewtopic.php?f=15&t=1836
x 23120
Contact:

THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby rdearman » Thu Apr 20, 2017 6:08 am

Sadly I must say the server on which this forum his hosted was hacked. The hackers installed a password harvesting kit. This is a program which sits alongside the normal service but passes password information back to the hackers.

YOU SHOULD CONSIDER YOUR PASSWORD HERE TO BE COMPROMISED.

If you have used your password here on any other place, please go to those other places and change your password. Do not change your password here! If you change your password on the forum before it is uninfected you'll compromise your new password. There are a number of steps to be taken in order to get the forum back to a working and uninfected state. But our primary concern is your security.

In order to disinfect the forum, we'll be moving it to a new dedicated host environment and re-installing the software from scratch from an uninfected source. We'll change all administration passwords, and then we'll change all user passwords to a random string. After this is done, you'll be able to use the forgotten password option to change your password back to something of your choosing.

Over the course of the next few days the site will change to "read only" mode, and then after it has been moved and repaired, your login will fail (most likely) and you'll have to use the change password option.

We apologise for the problems, but please, please, please take this opportunity to change any password on other sites where you've used the same one as here. Security experts recommend changing passwords regularly, so even if you've had a unique password for this site you might want to rotate passwords.
21 x
: 0 / 150 Read 150 books in 2024

My YouTube Channel
The Autodidactic Podcast
My Author's Newsletter

I post on this forum with mobile devices, so excuse short msgs and typos.

User avatar
alexkelbo
Orange Belt
Posts: 160
Joined: Sun Apr 24, 2016 10:42 pm
Location: Germany
Languages: German (N), English (C1), Spanish, Mandarin
x 200
Contact:

Re: THE FORUM HAS BEEN HACKED - PLEASE READ CAREFULLY

Postby alexkelbo » Thu Apr 20, 2017 9:49 am

Thanks for the warning. Maybe also send out an email to all forum members, as many don't read the forum regularly.
2 x

Ingaræð
Orange Belt
Posts: 170
Joined: Sat Nov 26, 2016 9:34 pm
Languages: English (N), German (heritage)
Learning: Russian, French, German, Mandarin, Arabic, Spanish.
Mostly forgotten: Italian, Welsh.
x 377

Re: THE FORUM HAS BEEN HACKED - PLEASE READ CAREFULLY

Postby Ingaræð » Thu Apr 20, 2017 10:37 am

Thanks for the warning!

Stupid question: I'm assuming they have usernames (as part of the login data), but did they also get email addresses?
0 x

User avatar
emk
Black Belt - 1st Dan
Posts: 1619
Joined: Sat Jul 18, 2015 12:07 pm
Location: Vermont, USA
Languages: English (N), French (B2+)
Badly neglected "just for fun" languages: Middle Egyptian, Spanish.
Language Log: viewtopic.php?f=15&t=723
x 6315
Contact:

We're back online!

Postby emk » Thu Apr 20, 2017 10:42 pm

rdearman and I literally worked in shifts all last night to get the forum back online. But we're back!

So here's what you need to know:

  1. rdearman thinks that the attacker got in through an older copy of WordPress that was running on the same server.
  2. The forum has been moved to a brand new server, and the forum's code has been restored from the clean master copy that we make available on GitHub. This means that password stealing code on the old, shared server is no longer present. And there's no WordPress anywhere on the new server, either.
  3. Please change your forum password, and change it on any other sites that used the same password as well.
  4. The new server should have substantially better performance and far fewer database errors.
There are a lot of technical improvements under the hood; rdearman and I have been discussing this migration for quite a while now. We'll talk more about this soon. But it should be much easier to update and maintain the site, and to add new services. On the downside, the new setup costs a bit more—I don't have exact numbers yet, but I'd guess between US$35 and $50/month. If folks want to chip in, we'll figure out the details of that later. We're happy covering the costs for now.

Anyway, I've been working hard to get the site back up, and I need to go and do other stuff for a bit. But please change those passwords. And I'll try to answer questions later this evening for a bit.

Thank you very much for your patience, and our apologies for this incident.
21 x

User avatar
Carmody
Black Belt - 1st Dan
Posts: 1747
Joined: Fri Jan 01, 2016 4:00 am
Location: NYC, NY
Languages: English (N)
French (B1)
Language Log: http://tinyurl.com/zot7wrs
x 3395

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby Carmody » Thu Apr 20, 2017 11:13 pm

I believe that emk and rdearman are incredible!

I still think there should be a way to pay you folks for your incredible efforts!

Thank you; thank you.
9 x

User avatar
aokoye
Black Belt - 1st Dan
Posts: 1818
Joined: Sat Jul 18, 2015 6:14 pm
Location: Portland, OR
Languages: English (N), German (~C1), French (Intermediate), Japanese (N4), Swedish (beginner), Dutch (A2)
Language Log: https://forum.language-learners.org/vie ... 15&t=19262
x 3309
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby aokoye » Fri Apr 21, 2017 1:15 am

rdearman wrote:In order to disinfect the forum, we'll be moving it to a new dedicated host environment and re-installing the software from scratch from an uninfected source. We'll change all administration passwords, and then we'll change all user passwords to a random string. After this is done, you'll be able to use the forgotten password option to change your password back to something of your choosing.

Well done on your and emk's efforts. That said I just wanted to report that users' passwords didn't get changed to a random string. I was able to log in with my old password. Using the forgotten password function when logging in doesn't work - or it didn't work for me as of 6:10pm PST.

Having previously worked (interned) for a software company that has hundreds of millions of users, I really do appreciate all of the work that you both have done, I just wanted to let you know of the potential bug (or pseudo-bug).
2 x
Prefered gender pronouns: Masculine

User avatar
emk
Black Belt - 1st Dan
Posts: 1619
Joined: Sat Jul 18, 2015 12:07 pm
Location: Vermont, USA
Languages: English (N), French (B2+)
Badly neglected "just for fun" languages: Middle Egyptian, Spanish.
Language Log: viewtopic.php?f=15&t=723
x 6315
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby emk » Fri Apr 21, 2017 1:25 am

aokoye wrote:Well done on your and emk's efforts. That said I just wanted to report that users' passwords didn't get changed to a random string. I was able to log in with my old password. Using the forgotten password function when logging in doesn't work - or it didn't work for me as of 6:10pm PST.

Thank you for letting us know that password reset is broken! We haven't expired or randomized the existing passwords yet, partly because we haven't had time, and partly because we want to test that the reset process works. We'll also need some way for people to contact the mods if their email address has changed.

In the meantime, until we figure out phpBB'd primitive password options, we strongly encourage people to change their own passwords. I'll try to find time to write up some instructions with screen shots.

Also, we now have completely automatic daily database snapshots.
3 x

User avatar
rdearman
Site Admin
Posts: 7231
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
Language Log: viewtopic.php?f=15&t=1836
x 23120
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby rdearman » Fri Apr 21, 2017 6:29 am

To change your password, you should be able to do:

User Control Panel -> Profile -> Edit Account Settings -> Change password.

EDIT: I don't believe they took your email address. I've read up on the malware/password harvester program and it is directed at getting administration passwords and server rights. But it certainly served as a warning to me not to use the same password on different websites. So in addition to the stuff emk and I were doing, I was going through all the sites I normally visit and putting in a new, unique password.

Also, just on a side note, shouldn't be any of those stupid SQL-Error messages any more. :)

EDIT by emk (abusing my admin powers): If you somehow get locked out during the password change, please see this page and use the information there to contact me.
11 x
: 0 / 150 Read 150 books in 2024

My YouTube Channel
The Autodidactic Podcast
My Author's Newsletter

I post on this forum with mobile devices, so excuse short msgs and typos.

User avatar
rdearman
Site Admin
Posts: 7231
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
Language Log: viewtopic.php?f=15&t=1836
x 23120
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby rdearman » Fri Apr 21, 2017 6:39 am

One other thing:

The Super Challenge bot has been disabled because we've moved the forum to a new server, but haven't yet moved the SC bot. However, the bot is designed to pickup any messages which it has missed when it is turned back on. So you can keep recording your progress and we'll get that moved as soon as possible.
5 x
: 0 / 150 Read 150 books in 2024

My YouTube Channel
The Autodidactic Podcast
My Author's Newsletter

I post on this forum with mobile devices, so excuse short msgs and typos.

User avatar
Elenia
Black Belt - 1st Dan
Posts: 1888
Joined: Sun Jul 19, 2015 1:22 am
Location: London
Languages: English (N), Swedish (C1), French (Massively Atrophied) German (lowly beginner, somehow learnt to read)


Finnish?!
Language Log: viewtopic.php?t=708
x 3280
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby Elenia » Fri Apr 21, 2017 7:52 am

Thank you both so much!
2 x


Return to “Technical Support and Feature Requests”

Who is online

Users browsing this forum: No registered users and 2 guests