The forums got hacked by Joomla using the well known heartbleed vulnerability.

I updated the server and it seems to be fine now.

What about user data?
Should we change our passwords?

No, the attacker hijacked a cookie to login to my account but it's changed and the vulnerability is gone.

as a unix sysadmin you should be shameful of yourself for having missed something like this

k, but I'm no sysadmin.

If you arent a sysadmin then you should not be running a website especially if you cant bother to update a package after a major vulnerability

I did update FreeBSD right after they fixed the heartbleed issue in OpenSSL but it looks like my VPS panel failed to reboot the server.

updating SSL does not require a reboot. idk what's worse, the fact that you didn't check to see if you had properly patched or the fact that you are relying on your VPS panel to reboot a system. either way you should not be trusted with people's account data and running a website if you cant even upgrade a package properly.

since nixers is all about democracy (like dami said yesterday in IRC) then I think we should get a new site admin, someone who knows what theyre doing.

Alright, but it'll have to be someone who's been active on here for some time and that I can trust. I think the best is someone that would just help me.

I nominate dcat, or dami, they seem to be good and have been nice to me

Both are already helping me.

(19-04-2014, 03:06 PM)Lith Wrote: as a unix sysadmin you should be shameful of yourself for having missed something like this

chill your tits man

the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days.

i feel sorry

(19-04-2014, 08:36 PM)jmbi Wrote: chill your tits man

I guess I just expected a little better attitude towards security, not "calm your tits man" when a major vulnerability was exploited and unpatched for over a week...on a unix community forum

(20-04-2014, 06:19 AM)berk Wrote: the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days.

i feel sorry

;-;

(20-04-2014, 12:31 PM)Lith Wrote:

(19-04-2014, 08:36 PM)jmbi Wrote: chill your tits man

I guess I just expected a little better attitude towards security, not "calm your tits man" when a major vulnerability was exploited and unpatched for over a week...on a unix community forum

we all have lives, this is a forum where we ramble about unix, nothing too important is on here. yrmt did fix it and simply made a mistake, now change your passwords and move on.

if this is the attitude taken towards data on the server then I will not be coming here anymore. some people like to know their data is secure, and if you guys think some basic ability to keep data secure isnt worth it, then this place isnt worth it.

Bye!

I must say I'm surprised that you did not patched openssl right after heartbleed was discovered. Moreover, we talked about it on IRC. Anyways, I don't think it's worth crying about that. this forum holds no sensible data, and even if yrmt is not really preventive, he is, at least, responsive.

We're all nixers, and this forum is community driven, so if a problem occurs, it's also our fault because no one asked yrmt if he patched openssl. Let's see this as a useful mistake, and chill out