+- nixers (https://nixers.net)
+-- Forum: General (https://nixers.net/Forum-General)
+--- Forum: Community & Forums Related Discussions (https://nixers.net/Forum-Community-Forums-Related-Discussions)
+--- Thread: About the recent hacking. (/Thread-About-the-recent-hacking)
About the recent hacking. - yrmt - 18-04-2014
The forums got hacked by Joomla using the well known heartbleed vulnerability.
I updated the server and it seems to be fine now.
RE: About the recent hacking. - towa - 18-04-2014
What about user data?
Should we change our passwords?
RE: About the recent hacking. - yrmt - 18-04-2014
No, the attacker hijacked a cookie to login to my account but it's changed and the vulnerability is gone.
RE: About the recent hacking. - Lith - 19-04-2014
as a unix sysadmin you should be shameful of yourself for having missed something like this
RE: About the recent hacking. - yrmt - 19-04-2014
k, but I'm no sysadmin.
RE: About the recent hacking. - Lith - 19-04-2014
If you arent a sysadmin then you should not be running a website especially if you cant bother to update a package after a major vulnerability
RE: About the recent hacking. - yrmt - 19-04-2014
I did update FreeBSD right after they fixed the heartbleed issue in OpenSSL but it looks like my VPS panel failed to reboot the server.
RE: About the recent hacking. - Lith - 19-04-2014
updating SSL does not require a reboot. idk what's worse, the fact that you didn't check to see if you had properly patched or the fact that you are relying on your VPS panel to reboot a system. either way you should not be trusted with people's account data and running a website if you cant even upgrade a package properly.
since nixers is all about democracy (like dami said yesterday in IRC) then I think we should get a new site admin, someone who knows what theyre doing.
RE: About the recent hacking. - yrmt - 19-04-2014
Alright, but it'll have to be someone who's been active on here for some time and that I can trust. I think the best is someone that would just help me.
RE: About the recent hacking. - Lith - 19-04-2014
I nominate dcat, or dami, they seem to be good and have been nice to me
RE: About the recent hacking. - yrmt - 19-04-2014
Both are already helping me.
RE: About the recent hacking. - jmbi - 19-04-2014
(19-04-2014, 03:06 PM)Lith Wrote: as a unix sysadmin you should be shameful of yourself for having missed something like this
chill your tits man
RE: About the recent hacking. - berk - 20-04-2014
the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days.
i feel sorry
RE: About the recent hacking. - Lith - 20-04-2014
(19-04-2014, 08:36 PM)jmbi Wrote: chill your tits man
I guess I just expected a little better attitude towards security, not "calm your tits man" when a major vulnerability was exploited and unpatched for over a week...on a unix community forum
RE: About the recent hacking. - yrmt - 20-04-2014
(20-04-2014, 06:19 AM)berk Wrote: the funny thing is, I had checked nixers.net for a vulnerability on this page: https://lastpass.com/heartbleed/ and found out that it was vulnerable, and was going to warn yrmt a week ago. but my parents banned me from using the computer for a few days.
i feel sorry
;-;
RE: About the recent hacking. - jmbi - 20-04-2014
(20-04-2014, 12:31 PM)Lith Wrote:(19-04-2014, 08:36 PM)jmbi Wrote: chill your tits man
I guess I just expected a little better attitude towards security, not "calm your tits man" when a major vulnerability was exploited and unpatched for over a week...on a unix community forum
we all have lives, this is a forum where we ramble about unix, nothing too important is on here. yrmt did fix it and simply made a mistake, now change your passwords and move on.
RE: About the recent hacking. - Lith - 20-04-2014
if this is the attitude taken towards data on the server then I will not be coming here anymore. some people like to know their data is secure, and if you guys think some basic ability to keep data secure isnt worth it, then this place isnt worth it.
RE: About the recent hacking. - yrmt - 20-04-2014
Bye!
RE: About the recent hacking. - z3bra - 21-04-2014
I must say I'm surprised that you did not patched openssl right after heartbleed was discovered. Moreover, we talked about it on IRC. Anyways, I don't think it's worth crying about that. this forum holds no sensible data, and even if yrmt is not really preventive, he is, at least, responsive.
We're all nixers, and this forum is community driven, so if a problem occurs, it's also our fault because no one asked yrmt if he patched openssl. Let's see this as a useful mistake, and chill out