Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Ubuntuforums hacked - How to avoid that here

Code of conduct, suggestions, and information on forums.debian.net.
Post Reply
Message
Author
ravisista
Posts: 62
Joined: 2009-02-24 14:03

Ubuntuforums hacked - How to avoid that here

#1 Post by ravisista »

http://ubuntuforums.org/announce.html
Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.
What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
How can we make sure it wouldn't happen here? Thanks.

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: Ubuntuforums hacked - How to avoid that here

#2 Post by edbarx »

Once a computer is connected to the internet, the risk is there. Security can be improved, but it cannot be made absolute.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

User avatar
dasein
Posts: 7680
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Ubuntuforums hacked - How to avoid that here

#3 Post by dasein »

ravisista wrote:How can we make sure it wouldn't happen here? Thanks.
At the risk of stating the obvious, "we" can't. There is nothing that users of any online system can do to prevent the system itself from being compromised. That's the system administrator's job.

User avatar
3ur0(|yd0n
Posts: 12
Joined: 2013-06-25 16:44

Re: Ubuntuforums hacked - How to avoid that here

#4 Post by 3ur0(|yd0n »

"We" can be used figuratively.

E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.

Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".

It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.
Debian (Jessie) XFCE § Stupid Old Computer § 3GB RAM § Inept Graphics Card - But I Can Play UT GOTY

ravisista
Posts: 62
Joined: 2009-02-24 14:03

Re: Ubuntuforums hacked - How to avoid that here

#5 Post by ravisista »

3ur0(|yd0n wrote:"We" can be used figuratively.

E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.

Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".

It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.
Exactly. My original question was aimed towards the System admins of this forum.

User avatar
dasein
Posts: 7680
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Ubuntuforums hacked - How to avoid that here

#6 Post by dasein »

ravisista wrote:Exactly. My original question was aimed towards the System admins of this forum.
Then the question goes from being misdirected to being both misdirected and moot, since the "sysadmin" hasn't logged in for ~2 months.

cynwulf

Re: Ubuntuforums hacked - How to avoid that here

#7 Post by cynwulf »

ravisista wrote:How can we make sure it wouldn't happen here? Thanks.
By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)

User avatar
ComputerBob
Posts: 1181
Joined: 2007-11-30 04:49
Location: The Mountains of the Sunshine State
Been thanked: 1 time

Re: Ubuntuforums hacked - How to avoid that here

#8 Post by ComputerBob »

cynwulf wrote:
ravisista wrote:How can we make sure it wouldn't happen here? Thanks.
By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)
While also understanding that the free, open source forum software that this forum uses (phpBB) has also had its share of catastrophic security vulnerabilities in the past, and should always be updated to its newest, most-secure version.
ComputerBob - Making Geek-Speak Chic (TM)
ComputerBob.com - Nearly 6,000 Posts and 23 Million Views
My Massive Stroke
Help! (off-topic)
_________________
Your Life Matters

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: Ubuntuforums hacked - How to avoid that here

#9 Post by bw123 »

A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.

"Attacked" or "hacked" sounds a lot better than, "we gave everybody admin access and they just took it.
Last edited by bw123 on 2013-07-22 21:57, edited 1 time in total.
resigned by AI ChatGPT

User avatar
Soapm
Posts: 603
Joined: 2012-05-22 04:23
Has thanked: 1 time

Re: Ubuntuforums hacked - How to avoid that here

#10 Post by Soapm »

bw123 wrote:A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.
i guess they still have to pay the bills...

User avatar
G-Known
Posts: 178
Joined: 2012-10-26 04:59
Location: Brooklyn, New York

Re: Ubuntuforums hacked - How to avoid that here

#11 Post by G-Known »

After all, we're all volunteers who spare some time managing this website and maintaining security threshold. However hackers are people who spend their time trying to perform intrusive methods on compromising websites; compare this feat on hacking Microsoft which is elevated to more layers of firewalls and elaborate system on preventing intruders.

It's what they say: popularity means attention to the public whether malicious or not.
Debian Jessie
Asus Zenbook UX305FA-ASM1
Intel Core M 5Y10; Intel HD Graphics 5300

Post Reply