[Noisebridge-discuss] blog.noisebridge.net got hacked
Ronald Cotoni
setient at gmail.com
Fri Dec 9 00:22:29 UTC 2011
If you need help with that or hosting that isn't dreamhost, I can help!
On Thu, Dec 8, 2011 at 2:50 PM, Andy Isaacson <adi at hexapodia.org> wrote:
> On Thu, Dec 08, 2011 at 01:56:35PM -0800, Jake wrote:
> > >> If you're not security conscience and reuse the same password for
> > >> everything, I would highly recommend going around and changing your
> > >> passwords right now. If you're smart and used a unique password for
> > >> this wordpress instance, then you're good.
> >
> > So the login for that is not the same as the wiki login? Or it is?
>
> The www.noisebridge.net wiki is not affected by this compromise. The
> password database is stored and used locally on www.noisebridge.net and
> isn't shared with any other systems.
>
> The original notification was from google; they noticed that the hack
> resulted in a redirect to a .ru site which tries to install malware on
> end user's machines, and they sent mail to *@noisebridge.net to tell us
> about it.
>
> https://www.noisebridge.net/pipermail/rack/2011-December/001249.html
>
> My speculation in that mail about Dreamhost being 0wned turned out to be
> unfounded, the dozens of ancient PHP scripts are a much more likely
> vector.
>
> I'll work with Rubin to make sure the new host for blog.noisebridge.net
> is more securely configured; a fairly small amount of additional effort
> would have prevented this compromise.
>
> In the meantime blog.noisebridge.net is redirecting to
> www.noisebridge.net (and URLs pointing to blog.noisebridge.net are
> currently broken, sorry about that). At least we're not redirecting our
> readers to malware.
>
> -andy
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
--
Ronald Cotoni
Systems Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20111208/1690862e/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list