Unexpected downtime, spam emails, server/forum upgrade & mea culpa

past announcements relating to these forums
User avatar
Site Admin
Posts: 1820
Joined: Mon Mar 14, 2005 9:13 pm

Unexpected downtime, spam emails, server/forum upgrade & mea culpa

Post by Samwise » Thu Sep 17, 2015 7:26 pm

Hi, all.

You may (OK, will) have noticed that we were offline over the last 36 hours. Without sugar-coating it, the forum database was compromised. The upshot of which is that the contents of the database user table was stolen, resulting in everyone's username, email address and hashed password being harvested.
What this means (the important bits you should do now):

  • Every user has received a spam email two nights ago (Tues 15th Sept) with the subject "Fw: important". This is an obvious spam attempt, so if it wasn't caught up in your spam filter please delete it and DO NOT follow the link.
  • You may receive further email spam attempts in the future. Be on the lookout for these and delete them.
  • You should update your *. / STH forum password to a new password, through the User Control Panel's Profile / Edit account settings tab.
  • The forum does not store your actual password, only a salted hash of it. However, it is possible for tables to be constructed which can be used to identify hashes of notoriously weak passwords (e.g. dictionary words). Therefore, if you use your *. / STH password on any other system, you may find it prudent to consider updating it on those other systems too.
What this also means (continue operation clean-up):

The breach was a result of letting our underlying server software get out-of-date. We were three minor upgrades of the forum software behind, but I postponed the last forum upgrades because the underlying versions of PHP, the database and the operating system itself were all getting very old and would have broken the upgraded forum software. Unfortunately, the old version of the operating system we were running made it very hard to do an in-place upgrade of the OS. We've been well aware that a migration to a brand-new server was required, but due to the complexity of some of the sites we run that live on the same server as this forum, I have been putting it off. This breach - which was undoubtedly the result of an automated malicious software scan - is a result of that laziness, and I'll have to hold my hand up to it. :/

Our glorious hosts have supplied us with a bang-up-to-date new server which the forum has now been migrated to - and absolutely no responsibility can be attributed to them for the intrusion. We were warned long ago to work on this! Following the migration we have upgraded the forum to the very latest release, which has also for the first time forced us to abandon a lot of the forum modifications which had historically been applied and made forum upgrades such a pain. We are currently running with the default prosilver theme which the software comes with, and was an option on the old forum. Sticking with this will make upgrading slightly easier, but adding a theme by itself doesn't cause too much pain so we'll have a discussion about whether to stick with this or try a new one, down the line. It should work for everyone for now, though.

I will spend the remainder of the week getting the remaining sites up and running, one-by-one, so if you can bear with me on that, that'd be great.

I would like to give each and every member a humble apology - your details should have been secured, and I personally take responsibility for failing to act on this sooner. :/

All membership fees will be refunded for the whole year, and if you see me at a retro event this year, feel free to claim your free drink. ;)

*. / STH admin


Return to “archived announcements”