THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Discuss technical problems and features here
User avatar
rdearman
Site Admin
Posts: 2311
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
French (studies), Italian (studies), Mandarin (studies),
Esperanto TAC (Only god knows why), Finnish (only in it for the cookies)
Language Log: viewtopic.php?f=15&t=1836
x 4619
Contact:

THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby rdearman » Thu Apr 20, 2017 6:08 am

Sadly I must say the server on which this forum his hosted was hacked. The hackers installed a password harvesting kit. This is a program which sits alongside the normal service but passes password information back to the hackers.

YOU SHOULD CONSIDER YOUR PASSWORD HERE TO BE COMPROMISED.

If you have used your password here on any other place, please go to those other places and change your password. Do not change your password here! If you change your password on the forum before it is uninfected you'll compromise your new password. There are a number of steps to be taken in order to get the forum back to a working and uninfected state. But our primary concern is your security.

In order to disinfect the forum, we'll be moving it to a new dedicated host environment and re-installing the software from scratch from an uninfected source. We'll change all administration passwords, and then we'll change all user passwords to a random string. After this is done, you'll be able to use the forgotten password option to change your password back to something of your choosing.

Over the course of the next few days the site will change to "read only" mode, and then after it has been moved and repaired, your login will fail (most likely) and you'll have to use the change password option.

We apologise for the problems, but please, please, please take this opportunity to change any password on other sites where you've used the same one as here. Security experts recommend changing passwords regularly, so even if you've had a unique password for this site you might want to rotate passwords.
22 x

User avatar
alexraasch
Orange Belt
Posts: 139
Joined: Sun Apr 24, 2016 10:42 pm
Location: Germany
Languages: German (N), English (C1), Spanish (int.), Mandarin (beg.)
x 156

Re: THE FORUM HAS BEEN HACKED - PLEASE READ CAREFULLY

Postby alexraasch » Thu Apr 20, 2017 9:49 am

Thanks for the warning. Maybe also send out an email to all forum members, as many don't read the forum regularly.
3 x
Mandarin
: 362 / 1000 1000 Characters
: 30 / 30 : 21 / 30 : 00 / 30 Pimsleur 1-3
: 149 / 149 : 070 / 151 : 000 / 301 HSK 1-3

Spanish
: 1705 / 1705 : 957 / 1645 Memrise A1, A2

Ingaræð
Yellow Belt
Posts: 88
Joined: Sat Nov 26, 2016 9:34 pm
Location: United Kingdom
Languages: English (N)
Studying: German (?), French (?), Russian (beg.).
Previously studied (beg.): Italian, Welsh.
Wishlist: Hungarian, most other European languages, Mandarin, Hebrew.
Language Log: viewtopic.php?f=15&t=4993
x 184

Re: THE FORUM HAS BEEN HACKED - PLEASE READ CAREFULLY

Postby Ingaræð » Thu Apr 20, 2017 10:37 am

Thanks for the warning!

Stupid question: I'm assuming they have usernames (as part of the login data), but did they also get email addresses?
0 x
: 38 / 100 Russian without Toil

User avatar
emk
Brown Belt
Posts: 1125
Joined: Sat Jul 18, 2015 12:07 pm
Location: Vermont, USA
Languages: English (N), French (B2+)
Just for fun (beginner): Middle Egyptian, Spanish.
Language Log: viewtopic.php?f=15&t=723
x 3460
Contact:

We're back online!

Postby emk » Thu Apr 20, 2017 10:42 pm

rdearman and I literally worked in shifts all last night to get the forum back online. But we're back!

So here's what you need to know:

  1. rdearman thinks that the attacker got in through an older copy of WordPress that was running on the same server.
  2. The forum has been moved to a brand new server, and the forum's code has been restored from the clean master copy that we make available on GitHub. This means that password stealing code on the old, shared server is no longer present. And there's no WordPress anywhere on the new server, either.
  3. Please change your forum password, and change it on any other sites that used the same password as well.
  4. The new server should have substantially better performance and far fewer database errors.
There are a lot of technical improvements under the hood; rdearman and I have been discussing this migration for quite a while now. We'll talk more about this soon. But it should be much easier to update and maintain the site, and to add new services. On the downside, the new setup costs a bit more—I don't have exact numbers yet, but I'd guess between US$35 and $50/month. If folks want to chip in, we'll figure out the details of that later. We're happy covering the costs for now.

Anyway, I've been working hard to get the site back up, and I need to go and do other stuff for a bit. But please change those passwords. And I'll try to answer questions later this evening for a bit.

Thank you very much for your patience, and our apologies for this incident.
22 x

User avatar
Carmody
Blue Belt
Posts: 567
Joined: Fri Jan 01, 2016 4:00 am
Location: NYC, NY
Languages: English (N)
French (A2)
Language Log: http://tinyurl.com/zot7wrs
x 951

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby Carmody » Thu Apr 20, 2017 11:13 pm

I believe that emk and rdearman are incredible!

I still think there should be a way to pay you folks for your incredible efforts!

Thank you; thank you.
10 x

User avatar
aokoye
Brown Belt
Posts: 1057
Joined: Sat Jul 18, 2015 6:14 pm
Location: Portland, OR
Languages: English (N), German (B2), Swedish (beginner), Dutch (beginner), French (beginner)
Language Log: viewtopic.php?f=15&t=2935
x 1552
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby aokoye » Fri Apr 21, 2017 1:15 am

rdearman wrote:In order to disinfect the forum, we'll be moving it to a new dedicated host environment and re-installing the software from scratch from an uninfected source. We'll change all administration passwords, and then we'll change all user passwords to a random string. After this is done, you'll be able to use the forgotten password option to change your password back to something of your choosing.

Well done on your and emk's efforts. That said I just wanted to report that users' passwords didn't get changed to a random string. I was able to log in with my old password. Using the forgotten password function when logging in doesn't work - or it didn't work for me as of 6:10pm PST.

Having previously worked (interned) for a software company that has hundreds of millions of users, I really do appreciate all of the work that you both have done, I just wanted to let you know of the potential bug (or pseudo-bug).
3 x
Prefered gender pronouns: Masculine

User avatar
emk
Brown Belt
Posts: 1125
Joined: Sat Jul 18, 2015 12:07 pm
Location: Vermont, USA
Languages: English (N), French (B2+)
Just for fun (beginner): Middle Egyptian, Spanish.
Language Log: viewtopic.php?f=15&t=723
x 3460
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby emk » Fri Apr 21, 2017 1:25 am

aokoye wrote:Well done on your and emk's efforts. That said I just wanted to report that users' passwords didn't get changed to a random string. I was able to log in with my old password. Using the forgotten password function when logging in doesn't work - or it didn't work for me as of 6:10pm PST.

Thank you for letting us know that password reset is broken! We haven't expired or randomized the existing passwords yet, partly because we haven't had time, and partly because we want to test that the reset process works. We'll also need some way for people to contact the mods if their email address has changed.

In the meantime, until we figure out phpBB'd primitive password options, we strongly encourage people to change their own passwords. I'll try to find time to write up some instructions with screen shots.

Also, we now have completely automatic daily database snapshots.
4 x

User avatar
rdearman
Site Admin
Posts: 2311
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
French (studies), Italian (studies), Mandarin (studies),
Esperanto TAC (Only god knows why), Finnish (only in it for the cookies)
Language Log: viewtopic.php?f=15&t=1836
x 4619
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby rdearman » Fri Apr 21, 2017 6:29 am

To change your password, you should be able to do:

User Control Panel -> Profile -> Edit Account Settings -> Change password.

EDIT: I don't believe they took your email address. I've read up on the malware/password harvester program and it is directed at getting administration passwords and server rights. But it certainly served as a warning to me not to use the same password on different websites. So in addition to the stuff emk and I were doing, I was going through all the sites I normally visit and putting in a new, unique password.

Also, just on a side note, shouldn't be any of those stupid SQL-Error messages any more. :)

EDIT by emk (abusing my admin powers): If you somehow get locked out during the password change, please see this page and use the information there to contact me.
12 x

User avatar
rdearman
Site Admin
Posts: 2311
Joined: Thu May 14, 2015 4:18 pm
Location: United Kingdom
Languages: English (N)
French (studies), Italian (studies), Mandarin (studies),
Esperanto TAC (Only god knows why), Finnish (only in it for the cookies)
Language Log: viewtopic.php?f=15&t=1836
x 4619
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby rdearman » Fri Apr 21, 2017 6:39 am

One other thing:

The Super Challenge bot has been disabled because we've moved the forum to a new server, but haven't yet moved the SC bot. However, the bot is designed to pickup any messages which it has missed when it is turned back on. So you can keep recording your progress and we'll get that moved as soon as possible.
6 x

User avatar
Elenia
Brown Belt
Posts: 1403
Joined: Sun Jul 19, 2015 1:22 am
Location: London
Languages: English (N), Swedish (???), French (Massively Atrophied) German (lowly beginner, somehow learnt to read)


Finnish?!
Language Log: viewtopic.php?t=708
x 1913
Contact:

Re: THE FORUM HAS BEEN HACKED (AND FIXED, AND MOVED TO A NEW SERVER) - PLEASE READ CAREFULLY

Postby Elenia » Fri Apr 21, 2017 7:52 am

Thank you both so much!
2 x


Return to “Technical Support and Feature Requests”

Who is online

Users browsing this forum: No registered users and 1 guest