Jump to content


Photo

Malware Spam Attack 2013-04-19


  • Please log in to reply
41 replies to this topic

#1 Admin

Admin

    The FPN Admin Team

  • Admin

  • PipPipPipPipPipPipPip
  • 475 posts

Posted 19 April 2013 - 22:35

Dearest Members & Visitors to the little Fountain Pen Nut house on the digital prairie,

As you may have noticed, we had some weird pop-ups around 13:00 UTC / 08:00 EDT. This was caused by a spam code injection into the board software, and we took immediate action to locate it and remove it before anybody here could be harmed by it. We had to bring the board offline to do so, just in case.

Furthermore the lines were very slow, and it appears that was possibly caused by a DDoS attack, not so much on FPN, but on other servers, apparently having an effect on our line speed as well.

Anyway, around 17:30 UTC / 12:30 EDT, the slowness was resolved, and a scan had been initiated by the server hosting team by that time already, while we were looking for very specific changes to the software, and taking the standard measures we normally do in these cases.

At 20:45 UTC / 15:45 EDT, the problem was located by the scanning software, almost 6 hours after initiating it, and fixing started.

At 21:00 UTC / 16:00 EDT the fix had been carried out, and we started refreshing the server software, to make doubly sure nothing else could be affected by this.

At 23:45 UTC / 18:45 EDT the software refresh had been done, and final checks and recaching were carried out.

At 24:00 UTC / 19:00 EDT after a final reboot, we are live again.

Considering the type of problem encountered, we will put the board software upgrade forward now, even if this means losing some functionality of the board temporarily. The new software is capable of dealing with this type of attack very effectively, while our current software can't.

What we will temporarily lose, is our beautiful skins. We will do our utmost, however, to get those back as quickly as possible.

Warm regards,
The FPN Admin Team
This account is unmanaged.
Please direct questions and comments to FPN Admin email, or directly to admin Wim (wimg).
 
Thank you very much in advance.
 
Warm regards,
The FPN Admin Team

#2 RMN

RMN

    Museum Piece

  • Moderators

  • PipPipPipPipPipPipPipPipPipPipPip
  • 7,030 posts
  • Location:the Netherlands
  • Flag:

Posted 20 April 2013 - 00:20

Well done, my friends

That was a hectic day for you, aside from your normal daytime jobs...

Thanks for your diligence in these matters. :thumbup:


D.ick

Freedom exists by virtue of self limitation. :


#3 CS388

CS388

    Collectors Item

  • Member - Gold

  • PipPipPipPipPipPipPipPip
  • 1,348 posts
  • Location:London UK

Posted 20 April 2013 - 00:54

Hectic times!

Good work, all. It's much appreciated.

Many thanks.

#4 Russ

Russ

    Antique

  • Member - Gold

  • PipPipPipPipPipPipPipPipPip
  • 1,791 posts

Posted 20 April 2013 - 01:11

Thank you for so much work done so quickly and well ! ! !

#5 sargetalon

sargetalon

    The answer to life, the universe, and everything

  • Premium - Ruby

  • PipPipPipPipPipPipPipPipPip
  • 1,501 posts
  • Location:Philadelphia, PA
  • Flag:

Posted 20 April 2013 - 01:23

Great job getting the board back up and thank you for keeping us up to date along the way.

PELIKAN 100N, M101N Brown Tortoise, M101N Lizard, 120 (I), 120 (II), 130 Ibis, 140, 140, 140, M75, M75, M100, M100, M100, M100, M100, M150, M150, M150, M150, M150, M150, M150, M150, M150, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M200, M205, M205, M205, M205, M205, M205, M205, M205, M215, M215, M215, M215, M250, M250, M250, M250, M250, M250, M481, M481, 400, 400NN, 400NN, M400, M400, M400, M405, M405, M425, M600, M600, M640, M800, M800

 

THE PELIKAN'S PERCH - Where the flock comes to roost

 

 


#6 sexauerw

sexauerw

    Antique

  • Member - Gold

  • PipPipPipPipPipPipPipPipPip
  • 1,543 posts
  • Location:Pacific Northwet, USA

Posted 20 April 2013 - 01:24

Thank you for your quick and effective response to this attack.

Bill Sexauer
PCA+++Logo+small.jpgBlk+Pen+Society+Icon.jpgCP04_Black_Legend%2C_Small.jpg
PCA Member since 2006


#7 penultress

penultress

    Extremely Rare

  • Member - Gold

  • PipPipPipPipPipPip
  • 253 posts
  • Flag:

Posted 20 April 2013 - 01:33

Thank you for the quick response! Highly appreciated.

#8 Inkheart

Inkheart

    Scribbler

  • Member - Gold

  • PipPipPipPipPipPipPip
  • 461 posts
  • Location:Michigan
  • Flag:

Posted 20 April 2013 - 01:45

I'd noticed other forums and even games with issues today, and guessed there were attacks on multiple servers. It sounds like you folks were all over this problem; thanks so much for all your time and effort in making FPN a safe place!

Lovely to have it back! :clap1:
~April


One ought, every day at least, to hear a little song, read a good poem,
see a fine picture, and, if it were possible, to speak a few reasonable words.

~Johann Wolfgang von Goethe

#9 sumgaikid

sumgaikid

    Don't mess with the kitteh......

  • Member - Gold

  • PipPipPipPipPipPipPipPipPipPip
  • 3,712 posts
  • Location:Tampa,FL
  • Flag:

Posted 20 April 2013 - 01:52

Thanks for getting things back up again! :thumbup:


John

Irony is not lost on INFJ's--in fact,they revel in it.

#10 Joe in Seattle

Joe in Seattle

    Antique

  • Member - Gold

  • PipPipPipPipPipPipPipPipPip
  • 2,805 posts
  • Location:Seattle, Washington
  • Flag:

Posted 20 April 2013 - 02:07

Thank you, Wim. Once again, you saved the day.
"how do I know what I think until I write it down?"

#11 Horseknitter

Horseknitter

    Vintage

  • Member - Gold

  • PipPipPipPipPipPipPip
  • 472 posts
  • Location:Northeast Texas
  • Flag:

Posted 20 April 2013 - 02:10

You are all an amazing group of volunteers. We are so happy to have William and all the rest!! :cloud9:

#12 bhorsoft

bhorsoft

    Dipped Only

  • Member - Bronze

  • Pip
  • 6 posts
  • Location:Acworth
  • Flag:

Posted 20 April 2013 - 04:03

Many thanks. I know what a pain in the keyster this kind of stuff is and I get paid to do it. Your volunteer efforts are greatly appreciated. Thanks for putting in the long day today and every day.
Sometimes its not the speed but the direction...

#13 basterma

basterma

    Vintage

  • Member - Gold

  • PipPipPipPipPipPipPip
  • 763 posts
  • Location:Beijing
  • Flag:

Posted 20 April 2013 - 07:06

Thanks for the effort.

#14 Lorna Reed

Lorna Reed

    Voluntary Verger

  • Member - Gold

  • PipPipPipPipPipPipPipPipPip
  • 1,719 posts
  • Location:Coventry, England
  • Flag:

Posted 20 April 2013 - 07:18

Thanks for all the hard work. I really appreciated the way we were kept informed of progress, with all the updates. Well done. :clap1: :clap1: :clap1: :clap1: :clap1: :clap1: :clap1: :clap1:
Whatever is true,whatever is noble,whatever is right,whatever is pure,whatever is lovely,whatever is admirable - if anything is excellent or praiseworthy - think about such things.
Philippians 4.8

#15 Sandeman

Sandeman

    NOS (New Old Stock)

  • Member - Silver

  • PipPip
  • 21 posts
  • Location:Near the west coast
  • Flag:

Posted 20 April 2013 - 07:20

Many thanks for the great work and very quick response, highly appreciated. :clap1: :thumbup:

#16 nikoskard

nikoskard

    Mint

  • Member - Gold

  • PipPipPipPip
  • 90 posts
  • Location:Athens, Greece
  • Flag:

Posted 20 April 2013 - 12:50

Nice job guys. Posted Image
I will never understand those attacks, especially when these are targeting innocent forums.Posted Image
Pelikan : M805 Souveran Black-Blue-Silver (F), Ductus 3110 (F), Classic Taupe M205 (F) Faber Castell : E-Motion Croco Brown (F), Loom Orange (M) Lamy : Vista (EF) Pentel : Tradio Nature (M)

#17 nigelg

nigelg

    Extremely Rare

  • Member - Gold

  • PipPipPipPipPipPip
  • 390 posts
  • Location:Test Valley, UK
  • Flag:

Posted 20 April 2013 - 12:59

Thanks for all the hard work and the updates. :thumbup:
Yesterday is history.
Tomorrow is a mystery.
Today is a gift.
That's why it's called the present

#18 Wolverine1

Wolverine1

    Donor Pen

  • Member - Gold

  • PipPipPipPipPipPipPipPipPipPip
  • 3,422 posts
  • Location:Wolverine-land, Ann Arbor, MI, USA

Posted 20 April 2013 - 13:19

Thanks for the update, and THANK YOU for all the good work you all have done in order to restore FPN!!!!:):):)

#19 arrow king

arrow king

    Mint

  • Member - Gold

  • PipPipPipPip
  • 76 posts
  • Flag:

Posted 20 April 2013 - 13:26

Two thumbs up! :thumbup: :thumbup:

#20 Pens Woods

Pens Woods

    Rare

  • Member - Gold

  • PipPipPipPipPip
  • 117 posts
  • Location:Pennsylvania
  • Flag:

Posted 20 April 2013 - 13:41

Posted Image Thanks admin. team for your quick response to the invasion, as well as your diligence and persistence in solving the matter!

Pete
There are a thousand thoughts lying within a man
that he does not know until he takes up his pen to write.
Thackeray

#21 cuza

cuza

    Vintage

  • Member - Gold

  • PipPipPipPipPipPipPip
  • 732 posts
  • Location:Somewhere in Oregon

Posted 20 April 2013 - 15:19

Kudos. Your competent handling of the spam attack was exemplary.

cuza

#22 dobemom

dobemom

    NOS (New Old Stock)

  • Member - Silver

  • PipPip
  • 13 posts
  • Flag:

Posted 20 April 2013 - 17:33

Many thanks and much appreciation for strightening things out and in such a short amount of time. :thumbup:

#23 aenjin

aenjin

    Mint

  • Member - Gold

  • PipPipPipPip
  • 96 posts

Posted 20 April 2013 - 20:43

Thanks for all your hard work keeping this place great.

#24 Belles-lettres

Belles-lettres

    Rare

  • Member - Gold

  • PipPipPipPipPip
  • 169 posts
  • Location:Blue Ridge of Virginia
  • Flag:

Posted 20 April 2013 - 23:50

What a shame you have to devote so much energy to defeating these criminals... but your efforts are greatly appreciated.

Russ
first fountain pen: student Sheaffer, 1956
next fountain pen: Montblanc 146 circa 1990
favourite ink: Noodler's Zhivago
favourite pen: Waterman No. 12
most beautiful pen: Conway Stewart 84 red with gold veins, oh goodness gracious


#25 pmhudepo

pmhudepo

    Collectors Item

  • Member - Gold

  • PipPipPipPipPipPipPipPip
  • 1,290 posts

Posted 21 April 2013 - 10:09

Thank you so much for all the effort you put into keeping this site running smoothly. Much appreciated!

journaling / tinkering with pens / sailing / photography / software development


#26 LameJane

LameJane

    Mint

  • Member - Gold

  • PipPipPipPip
  • 55 posts

Posted 21 April 2013 - 10:35

If code was injected, are you sure that no personal data (password data in particular) was accessed?

#27 Wahl

Wahl

    Antique

  • Member - Gold

  • PipPipPipPipPipPipPipPipPip
  • 1,823 posts
  • Location:Spain
  • Flag:

Posted 21 April 2013 - 17:19

Good job, much appreciated !

#28 fotographik

fotographik

    Qui s'y frotte s'y pique

  • Member - Gold

  • PipPipPipPipPipPip
  • 306 posts
  • Location:Gatineau, PQ
  • Flag:

Posted 21 April 2013 - 17:46

Kudos to the admin team....good work.Posted ImagePosted Image

François (Frank) P.

Currently inked: Parker 51/Quink Blue-Black; Lamy NexxM/Noodler's Navajo Turquoise, TWSBI 580 1.1mm/Noodler's 54th Massachusetts.


#29 wimg

wimg

    Stip Etruria nut :)

  • Admin

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 18,720 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 21 April 2013 - 18:49

If code was injected, are you sure that no personal data (password data in particular) was accessed?

Yes, we are sure.

They used a leak which is supposed to be there in order for the software to work properly, but all they can do is execute their own code in standalone mode, nothing else. And that is used to just (try and) send emails. Last time we also stopped sending emails except by our own approved email accounts, so they didn't even manage to send any emails either. Just that we saw a few strange pop-ups, and slowing down of the system. IOW, it wasn't inserted into the database, but into a writable folder.

The new version of the board software takes care of these things automatically by adding another layer of security, so we have put an expedited program in place to upgrade asap - two attacks like this in a fairly short period of time is just too much. This does mean that we will lose our nice skins for the time being however, but considering the amount of time it takes to fix the results of these attacks, and the downtime that it brings with it, this is what we now really have to do, we cannot wait any longer.

In short, we are working on moving across to a newer version of our board software as fast as we can, and will make some announcements when we are at the point we are sure we can move up safely and as quick as possible - hopefully between now and two weeks, and sooner if we can.

HTH, warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#30 wimg

wimg

    Stip Etruria nut :)

  • Admin

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 18,720 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 21 April 2013 - 18:52

Thank you all for your kind words, much appreciated!

We are now well on the way with a fast track program to upgrade our software to prevent this things from happening. More announcements to follow.

Warmest regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever