How can we make sure it wouldn't happen here? Thanks.Ubuntu Forums is down for maintenance
There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.
What we know
Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Ubuntuforums hacked - How to avoid that here
Ubuntuforums hacked - How to avoid that here
http://ubuntuforums.org/announce.html
Re: Ubuntuforums hacked - How to avoid that here
Once a computer is connected to the internet, the risk is there. Security can be improved, but it cannot be made absolute.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.
Re: Ubuntuforums hacked - How to avoid that here
At the risk of stating the obvious, "we" can't. There is nothing that users of any online system can do to prevent the system itself from being compromised. That's the system administrator's job.ravisista wrote:How can we make sure it wouldn't happen here? Thanks.
- 3ur0(|yd0n
- Posts: 12
- Joined: 2013-06-25 16:44
Re: Ubuntuforums hacked - How to avoid that here
"We" can be used figuratively.
E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.
Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".
It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.
E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.
Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".
It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.
Debian (Jessie) XFCE § Stupid Old Computer § 3GB RAM § Inept Graphics Card - But I Can Play UT GOTY
Re: Ubuntuforums hacked - How to avoid that here
Exactly. My original question was aimed towards the System admins of this forum.3ur0(|yd0n wrote:"We" can be used figuratively.
E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.
Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".
It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.
Re: Ubuntuforums hacked - How to avoid that here
Then the question goes from being misdirected to being both misdirected and moot, since the "sysadmin" hasn't logged in for ~2 months.ravisista wrote:Exactly. My original question was aimed towards the System admins of this forum.
Re: Ubuntuforums hacked - How to avoid that here
By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)ravisista wrote:How can we make sure it wouldn't happen here? Thanks.
- ComputerBob
- Posts: 1181
- Joined: 2007-11-30 04:49
- Location: The Mountains of the Sunshine State
- Been thanked: 1 time
Re: Ubuntuforums hacked - How to avoid that here
While also understanding that the free, open source forum software that this forum uses (phpBB) has also had its share of catastrophic security vulnerabilities in the past, and should always be updated to its newest, most-secure version.cynwulf wrote:By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)ravisista wrote:How can we make sure it wouldn't happen here? Thanks.
ComputerBob - Making Geek-Speak Chic (TM)
ComputerBob.com - Nearly 6,000 Posts and 23 Million Views
My Massive Stroke
Help! (off-topic)
_________________
Your Life Matters
ComputerBob.com - Nearly 6,000 Posts and 23 Million Views
My Massive Stroke
Help! (off-topic)
_________________
Your Life Matters
Re: Ubuntuforums hacked - How to avoid that here
A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.
"Attacked" or "hacked" sounds a lot better than, "we gave everybody admin access and they just took it.
"Attacked" or "hacked" sounds a lot better than, "we gave everybody admin access and they just took it.
Last edited by bw123 on 2013-07-22 21:57, edited 1 time in total.
resigned by AI ChatGPT
Re: Ubuntuforums hacked - How to avoid that here
i guess they still have to pay the bills...bw123 wrote:A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.
Re: Ubuntuforums hacked - How to avoid that here
After all, we're all volunteers who spare some time managing this website and maintaining security threshold. However hackers are people who spend their time trying to perform intrusive methods on compromising websites; compare this feat on hacking Microsoft which is elevated to more layers of firewalls and elaborate system on preventing intruders.
It's what they say: popularity means attention to the public whether malicious or not.
It's what they say: popularity means attention to the public whether malicious or not.
Debian Jessie
Asus Zenbook UX305FA-ASM1
Intel Core M 5Y10; Intel HD Graphics 5300
Asus Zenbook UX305FA-ASM1
Intel Core M 5Y10; Intel HD Graphics 5300