Welcome to Ad Astra Star Trek Fanfiction Archive (Forums)

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.

Sign in to follow this  
MDGarcia

Site Outage (January 14-15, 2015)

9 posts in this topic

Now that we're finally back online, I wanted to talk a little bit about what happened.

 

In essence, the server was overrun by zombies.  As many of you are aware, we've been attacked a number of times thanks to malicious code.  Yesterday afternoon, we received a notice from our service provider stating that our main archive and forum servers were attacking other servers out on the Internet.  This specific attack was in danger of getting us shut down as we were violating our ToS.  This resulted in shutting down our web services as we moved to investigate what was going on and we found a large number of files that were showing the same kind of infection we battled about two years ago.

 

The bottom line is that leftover files infected others until the entire server was overrun with the same problem.  The entire server was attacking multiple sites.  It seemed that the one site that was unaffected was the main story archive, but the forums and blogs were heavily bogged down.  That's why we had to take them offline last night and finally brought them back online in the wee hours of the morning.

 

The forums, due to their complexity, were a far stickier problem and we had to engage Invision Support (thanks to Ryan Ashbrook who was the hero in getting us back online, along with Mark Higgins, Marc Stridgen, and Alan Wagstaff for coordinating the initial support requests).  By our powers combined, the forums are now back.

 

We've taken some additional security steps for our blogs to prevent this kind of code from being injected into our server.

 

And now after 30 hours of work, I am try not to think about PHP for a while.

 

MDg

 

 

 

 

Share this post


Link to post
Share on other sites

What can we do to help?  Is there anything we're doing (or not doing) that contributes to our vulnerability?

Share this post


Link to post
Share on other sites

Make sure you use strong passwords for your archive, forum, and blog logins.  If you need an idea of how strong your password is, test it out on this website:

 

https://howsecureismypassword.net/

 

Several of my security colleagues like it because it tells you how long it'll take to crack your password.  What happened was that a script was run against a blog and ran it through so many iterations until it finally broke someone's password and was able to gain access to one of the blogs and start modifying files.  After that, all of the blogs were affected.

 

MDg

Share this post


Link to post
Share on other sites

Make sure you use strong passwords for your archive, forum, and blog logins.  If you need an idea of how strong your password is, test it out on this website:

 

https://howsecureismypassword.net/

 

Several of my security colleagues like it because it tells you how long it'll take to crack your password.  What happened was that a script was run against a blog and ran it through so many iterations until it finally broke someone's password and was able to gain access to one of the blogs and start modifying files.  After that, all of the blogs were affected.

 

MDg

That is a handy little site and earns a bookmark. Nice find and will check site-related passwords against it.

Share this post


Link to post
Share on other sites

Okay, I've strengthened my forums password, but can't find where to change my main site password.

Nevermind, I think I got it.

Share this post


Link to post
Share on other sites

To help prevent this from happening again, the blog will now enforce a password policy.  Everyone will have to change their password every quarter and it will have some requirements (length, CAPS, special characters, etc).  This policy will be enforced in 120 days.

 

MDg

Share this post


Link to post
Share on other sites

I've been using Wordpress for probably 6-7 years now and I recently deleted all my installs. Keeping it secure and up-to-date is practically a full time job, and the longer your site exists, the more exploits and hacks are directed your way. I suspect my next blogging endeavor will be a more-static platform.

 

Nowadays, too many people use Wordpress, something like 80%+ of all implementations have glaring security holes, and it's the favorite target of script kiddies.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this