About the recent hacking. - Community & Forums Related Discussions
Users browsing this thread:
|
|||
The forums got hacked by Joomla using the well known heartbleed vulnerability.
I updated the server and it seems to be fine now. |
|||
|
|||
What about user data?
Should we change our passwords? |
|||
|
|||
No, the attacker hijacked a cookie to login to my account but it's changed and the vulnerability is gone.
|
|||
|
|||
as a unix sysadmin you should be shameful of yourself for having missed something like this
|
|||
|
|||
k, but I'm no sysadmin.
|
|||
|
|||
If you arent a sysadmin then you should not be running a website especially if you cant bother to update a package after a major vulnerability
|
|||
|
|||
I did update FreeBSD right after they fixed the heartbleed issue in OpenSSL but it looks like my VPS panel failed to reboot the server.
|
|||
|
|||
updating SSL does not require a reboot. idk what's worse, the fact that you didn't check to see if you had properly patched or the fact that you are relying on your VPS panel to reboot a system. either way you should not be trusted with people's account data and running a website if you cant even upgrade a package properly.
since nixers is all about democracy (like dami said yesterday in IRC) then I think we should get a new site admin, someone who knows what theyre doing. |
|||
|
|||
Alright, but it'll have to be someone who's been active on here for some time and that I can trust. I think the best is someone that would just help me.
|
|||
|
|||
I nominate dcat, or dami, they seem to be good and have been nice to me
|
|||
|
|||
Both are already helping me.
|
|||
|
|||
|
|||
the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days.
i feel sorry |
|||
|
|||
|
|||
(20-04-2014, 06:19 AM)berk Wrote: the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days. ;-; |
|||
|
|||
(20-04-2014, 12:31 PM)Lith Wrote:(19-04-2014, 08:36 PM)jmbi Wrote: chill your tits man we all have lives, this is a forum where we ramble about unix, nothing too important is on here. yrmt did fix it and simply made a mistake, now change your passwords and move on. |
|||
|
|||
if this is the attitude taken towards data on the server then I will not be coming here anymore. some people like to know their data is secure, and if you guys think some basic ability to keep data secure isnt worth it, then this place isnt worth it.
|
|||
|
|||
Bye!
|
|||
|
|||
I must say I'm surprised that you did not patched openssl right after heartbleed was discovered. Moreover, we talked about it on IRC. Anyways, I don't think it's worth crying about that. this forum holds no sensible data, and even if yrmt is not really preventive, he is, at least, responsive.
We're all nixers, and this forum is community driven, so if a problem occurs, it's also our fault because no one asked yrmt if he patched openssl. Let's see this as a useful mistake, and chill out |
|||