MDGarcia Posted January 16, 2015 Report Share Posted January 16, 2015 Now that we're finally back online, I wanted to talk a little bit about what happened.  In essence, the server was overrun by zombies. As many of you are aware, we've been attacked a number of times thanks to malicious code. Yesterday afternoon, we received a notice from our service provider stating that our main archive and forum servers were attacking other servers out on the Internet. This specific attack was in danger of getting us shut down as we were violating our ToS. This resulted in shutting down our web services as we moved to investigate what was going on and we found a large number of files that were showing the same kind of infection we battled about two years ago.  The bottom line is that leftover files infected others until the entire server was overrun with the same problem. The entire server was attacking multiple sites. It seemed that the one site that was unaffected was the main story archive, but the forums and blogs were heavily bogged down. That's why we had to take them offline last night and finally brought them back online in the wee hours of the morning.  The forums, due to their complexity, were a far stickier problem and we had to engage Invision Support (thanks to Ryan Ashbrook who was the hero in getting us back online, along with Mark Higgins, Marc Stridgen, and Alan Wagstaff for coordinating the initial support requests). By our powers combined, the forums are now back.  We've taken some additional security steps for our blogs to prevent this kind of code from being injected into our server.  And now after 30 hours of work, I am try not to think about PHP for a while.  MDg     Quote Link to comment Share on other sites More sharing options...
kes7 Posted January 16, 2015 Report Share Posted January 16, 2015 What can we do to help? Â Is there anything we're doing (or not doing) that contributes to our vulnerability? Quote Link to comment Share on other sites More sharing options...
MDGarcia Posted January 16, 2015 Author Report Share Posted January 16, 2015 Make sure you use strong passwords for your archive, forum, and blog logins. Â If you need an idea of how strong your password is, test it out on this website: Â https://howsecureismypassword.net/ Â Several of my security colleagues like it because it tells you how long it'll take to crack your password. Â What happened was that a script was run against a blog and ran it through so many iterations until it finally broke someone's password and was able to gain access to one of the blogs and start modifying files. Â After that, all of the blogs were affected. Â MDg Quote Link to comment Share on other sites More sharing options...
trekfan Posted January 16, 2015 Report Share Posted January 16, 2015 Make sure you use strong passwords for your archive, forum, and blog logins. Â If you need an idea of how strong your password is, test it out on this website: Â https://howsecureismypassword.net/ Â Several of my security colleagues like it because it tells you how long it'll take to crack your password. Â What happened was that a script was run against a blog and ran it through so many iterations until it finally broke someone's password and was able to gain access to one of the blogs and start modifying files. Â After that, all of the blogs were affected. Â MDg That is a handy little site and earns a bookmark. Nice find and will check site-related passwords against it. Quote Link to comment Share on other sites More sharing options...
jespah Posted January 16, 2015 Report Share Posted January 16, 2015 Niiiiceeee Quote Link to comment Share on other sites More sharing options...
M C Pehrson Posted January 16, 2015 Report Share Posted January 16, 2015 Okay, I've strengthened my forums password, but can't find where to change my main site password. Nevermind, I think I got it. Quote Link to comment Share on other sites More sharing options...
MDGarcia Posted January 16, 2015 Author Report Share Posted January 16, 2015 To help prevent this from happening again, the blog will now enforce a password policy. Everyone will have to change their password every quarter and it will have some requirements (length, CAPS, special characters, etc). This policy will be enforced in 120 days.  MDg Quote Link to comment Share on other sites More sharing options...
jespah Posted January 16, 2015 Report Share Posted January 16, 2015 I take it this will be required for Boldly Reading as well? Quote Link to comment Share on other sites More sharing options...
Erin Moriarty Posted January 18, 2015 Report Share Posted January 18, 2015 I've been using Wordpress for probably 6-7 years now and I recently deleted all my installs. Keeping it secure and up-to-date is practically a full time job, and the longer your site exists, the more exploits and hacks are directed your way. I suspect my next blogging endeavor will be a more-static platform. Â Nowadays, too many people use Wordpress, something like 80%+ of all implementations have glaring security holes, and it's the favorite target of script kiddies. Quote Link to comment Share on other sites More sharing options...