Page 1 of 1

Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 17:15
by ravisista
http://ubuntuforums.org/announce.html

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.
What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.


How can we make sure it wouldn't happen here? Thanks.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 17:21
by edbarx
Once a computer is connected to the internet, the risk is there. Security can be improved, but it cannot be made absolute.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 17:24
by dasein
ravisista wrote:How can we make sure it wouldn't happen here? Thanks.

At the risk of stating the obvious, "we" can't. There is nothing that users of any online system can do to prevent the system itself from being compromised. That's the system administrator's job.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 18:04
by 3ur0(|yd0n
"We" can be used figuratively.

E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.

Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".

It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 18:12
by ravisista
3ur0(|yd0n wrote:"We" can be used figuratively.

E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.

Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".

It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.


Exactly. My original question was aimed towards the System admins of this forum.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 18:44
by dasein
ravisista wrote:Exactly. My original question was aimed towards the System admins of this forum.

Then the question goes from being misdirected to being both misdirected and moot, since the "sysadmin" hasn't logged in for ~2 months.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 20:33
by cynwulf
ravisista wrote:How can we make sure it wouldn't happen here? Thanks.

By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 21:09
by ComputerBob
cynwulf wrote:
ravisista wrote:How can we make sure it wouldn't happen here? Thanks.

By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)

While also understanding that the free, open source forum software that this forum uses (phpBB) has also had its share of catastrophic security vulnerabilities in the past, and should always be updated to its newest, most-secure version.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 21:38
by bw123
A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.

"Attacked" or "hacked" sounds a lot better than, "we gave everybody admin access and they just took it.

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-22 21:53
by Soapm
bw123 wrote:A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.


i guess they still have to pay the bills...

Re: Ubuntuforums hacked - How to avoid that here

PostPosted: 2013-07-25 03:50
by G-Known
After all, we're all volunteers who spare some time managing this website and maintaining security threshold. However hackers are people who spend their time trying to perform intrusive methods on compromising websites; compare this feat on hacking Microsoft which is elevated to more layers of firewalls and elaborate system on preventing intruders.

It's what they say: popularity means attention to the public whether malicious or not.