About the recent hacking. - Community & Forums Related Discussions

Users browsing this thread:
yrmt
Grey Hair Nixers
The forums got hacked by Joomla using the well known heartbleed vulnerability.

I updated the server and it seems to be fine now.
towa
Members
What about user data?
Should we change our passwords?
yrmt
Grey Hair Nixers
No, the attacker hijacked a cookie to login to my account but it's changed and the vulnerability is gone.
Lith
Long time nixers
as a unix sysadmin you should be shameful of yourself for having missed something like this
yrmt
Grey Hair Nixers
k, but I'm no sysadmin.
Lith
Long time nixers
If you arent a sysadmin then you should not be running a website especially if you cant bother to update a package after a major vulnerability
yrmt
Grey Hair Nixers
I did update FreeBSD right after they fixed the heartbleed issue in OpenSSL but it looks like my VPS panel failed to reboot the server.
Lith
Long time nixers
updating SSL does not require a reboot. idk what's worse, the fact that you didn't check to see if you had properly patched or the fact that you are relying on your VPS panel to reboot a system. either way you should not be trusted with people's account data and running a website if you cant even upgrade a package properly.

since nixers is all about democracy (like dami said yesterday in IRC) then I think we should get a new site admin, someone who knows what theyre doing.
yrmt
Grey Hair Nixers
Alright, but it'll have to be someone who's been active on here for some time and that I can trust. I think the best is someone that would just help me.
Lith
Long time nixers
I nominate dcat, or dami, they seem to be good and have been nice to me
yrmt
Grey Hair Nixers
Both are already helping me.
jmbi
Long time nixers
(19-04-2014, 03:06 PM)Lith Wrote: as a unix sysadmin you should be shameful of yourself for having missed something like this

chill your tits man
berk
Long time nixers
the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days.

i feel sorry
Lith
Long time nixers
(19-04-2014, 08:36 PM)jmbi Wrote: chill your tits man

I guess I just expected a little better attitude towards security, not "calm your tits man" when a major vulnerability was exploited and unpatched for over a week...on a unix community forum
yrmt
Grey Hair Nixers
(20-04-2014, 06:19 AM)berk Wrote: the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days.

i feel sorry

;-;
jmbi
Long time nixers
(20-04-2014, 12:31 PM)Lith Wrote:
(19-04-2014, 08:36 PM)jmbi Wrote: chill your tits man

I guess I just expected a little better attitude towards security, not "calm your tits man" when a major vulnerability was exploited and unpatched for over a week...on a unix community forum

we all have lives, this is a forum where we ramble about unix, nothing too important is on here. yrmt did fix it and simply made a mistake, now change your passwords and move on.
Lith
Long time nixers
if this is the attitude taken towards data on the server then I will not be coming here anymore. some people like to know their data is secure, and if you guys think some basic ability to keep data secure isnt worth it, then this place isnt worth it.
yrmt
Grey Hair Nixers
Bye!
z3bra
Grey Hair Nixers
I must say I'm surprised that you did not patched openssl right after heartbleed was discovered. Moreover, we talked about it on IRC. Anyways, I don't think it's worth crying about that. this forum holds no sensible data, and even if yrmt is not really preventive, he is, at least, responsive.

We're all nixers, and this forum is community driven, so if a problem occurs, it's also our fault because no one asked yrmt if he patched openssl. Let's see this as a useful mistake, and chill out
BANGARANG, MOTHERFUCKER