Jump to content







Photo

Malware Spam Attack 2013-04-19


  • Please log in to reply
41 replies to this topic

#21 cuza

cuza

    Vintage

  • Member - Gold

  • PipPipPipPipPipPipPip
  • 732 posts
  • Location:Somewhere in Oregon

Posted 20 April 2013 - 15:19

Kudos. Your competent handling of the spam attack was exemplary.

cuza

#22 dobemom

dobemom

    NOS (New Old Stock)

  • Member - Silver

  • PipPip
  • 13 posts
  • Flag:

Posted 20 April 2013 - 17:33

Many thanks and much appreciation for strightening things out and in such a short amount of time. :thumbup:

#23 aenjin

aenjin

    Mint

  • Member - Gold

  • PipPipPipPip
  • 96 posts

Posted 20 April 2013 - 20:43

Thanks for all your hard work keeping this place great.

#24 Belles-lettres

Belles-lettres

    Rare

  • Member - Gold

  • PipPipPipPipPip
  • 169 posts
  • Location:Blue Ridge of Virginia
  • Flag:

Posted 20 April 2013 - 23:50

What a shame you have to devote so much energy to defeating these criminals... but your efforts are greatly appreciated.

Russ
first fountain pen: student Sheaffer, 1956
next fountain pen: Montblanc 146 circa 1990
favourite ink: Noodler's Zhivago
favourite pen: Waterman No. 12
most beautiful pen: Conway Stewart 84 red with gold veins, oh goodness gracious


#25 pmhudepo

pmhudepo

    Collectors Item

  • Member - Gold

  • PipPipPipPipPipPipPipPip
  • 1,447 posts

Posted 21 April 2013 - 10:09

Thank you so much for all the effort you put into keeping this site running smoothly. Much appreciated!

journaling / tinkering with pens / sailing / photography / software development


#26 LameJane

LameJane

    Mint

  • Member - Gold

  • PipPipPipPip
  • 55 posts

Posted 21 April 2013 - 10:35

If code was injected, are you sure that no personal data (password data in particular) was accessed?

#27 Wahl

Wahl

    Antique

  • Member - Gold

  • PipPipPipPipPipPipPipPipPip
  • 2,988 posts
  • Location:Spain
  • Flag:

Posted 21 April 2013 - 17:19

Good job, much appreciated !

#28 fotographik

fotographik

    Qui s'y frotte s'y pique

  • Member - Gold

  • PipPipPipPipPipPip
  • 308 posts
  • Location:Gatineau, PQ
  • Flag:

Posted 21 April 2013 - 17:46

Kudos to the admin team....good work.Posted ImagePosted Image

François (Frank) P.

Currently inked: Parker 51/Quink Blue-Black; TWSBI 580 1.1mm/Noodler's Black Swan in Australian Roses.


#29 wimg

wimg

    Stip Etruria nut :)

  • FPN Admin

  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 20,900 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 21 April 2013 - 18:49

If code was injected, are you sure that no personal data (password data in particular) was accessed?

Yes, we are sure.

They used a leak which is supposed to be there in order for the software to work properly, but all they can do is execute their own code in standalone mode, nothing else. And that is used to just (try and) send emails. Last time we also stopped sending emails except by our own approved email accounts, so they didn't even manage to send any emails either. Just that we saw a few strange pop-ups, and slowing down of the system. IOW, it wasn't inserted into the database, but into a writable folder.

The new version of the board software takes care of these things automatically by adding another layer of security, so we have put an expedited program in place to upgrade asap - two attacks like this in a fairly short period of time is just too much. This does mean that we will lose our nice skins for the time being however, but considering the amount of time it takes to fix the results of these attacks, and the downtime that it brings with it, this is what we now really have to do, we cannot wait any longer.

In short, we are working on moving across to a newer version of our board software as fast as we can, and will make some announcements when we are at the point we are sure we can move up safely and as quick as possible - hopefully between now and two weeks, and sooner if we can.

HTH, warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#30 wimg

wimg

    Stip Etruria nut :)

  • FPN Admin

  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 20,900 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 21 April 2013 - 18:52

Thank you all for your kind words, much appreciated!

We are now well on the way with a fast track program to upgrade our software to prevent this things from happening. More announcements to follow.

Warmest regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#31 inkstainedruth

inkstainedruth

    Museum Piece

  • Member - Gold

  • PipPipPipPipPipPipPipPipPipPipPip
  • 6,559 posts
  • Flag:

Posted 22 April 2013 - 01:38

:yikes:
Wow, now I'm glad I didn't have time to log in on Friday (I spent most of the day with my hands in marzipan), then was out of town for the weekend.
Thanks for getting stuff back on line ASAP. Hopefully once the upgrades get done it won't be too long to get the skins back as well (I've gotten very used to looking at mine :rolleyes:).
As to nikoskard's question, I can only think of two possible answers:
1) it was practice for attacking a much more strategic site; or
2) some people are just vandals, the same way those who have nothing better to do than spray-paint graffiti tags (years ago, I was on a trip to Italy with my parents, and my brother, dad and I climbed up into the dome of St. Peter's Basilica in the Vatican, and some guy was writing his name on the wall -- in a CHURCH, no less... :blink:).
Ruth Morrisson aka inkstainedruth

"It's very nice, but frankly, when I signed that list for a P-51, what I had in mind was a fountain pen."

#32 SamCapote

SamCapote

    Got Warm Milk?

  • Member - Gold

  • PipPipPipPipPipPipPipPipPipPip
  • 4,198 posts
  • Location:USA (CT)
  • Flag:

Posted 23 April 2013 - 01:41

Man!!! If it's not one thing it's another. Sorry this forum takes so much of your time and energy, but know that it is appreciated. I keep checking for the Iridium donor thing so I can help out.
With the new FPN rules, now I REALLY don't know what to put in my signature.

#33 pokermon

pokermon

    Vintage

  • Member - Gold

  • PipPipPipPipPipPipPip
  • 567 posts
  • Location:Los Angeles, California, USA
  • Flag:

Posted 23 April 2013 - 05:32

Good job on handling the mess admin team. Can't say enough how much the community here appreciates the hard work you guys put in to keep this place awesome!
-Tommy
Pen blog of current inventory

Enjoy life, and keep on writing!
-Tommy

#34 Sasha Royale

Sasha Royale

    Museum Piece

  • Member - Gold

  • PipPipPipPipPipPipPipPipPipPipPip
  • 9,304 posts
  • Flag:

Posted 23 April 2013 - 06:06

Thanks for a great job !

Now, let's hunt them down and kill them.

Auf freiem Grund mit freiem Volke stehn. 
Zum Augenblicke dürft ich sagen: 
Verweile doch, du bist so schön ! 


#35 wimg

wimg

    Stip Etruria nut :)

  • FPN Admin

  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 20,900 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 23 April 2013 - 10:10

Man!!! If it's not one thing it's another. Sorry this forum takes so much of your time and energy, but know that it is appreciated. I keep checking for the Iridium donor thing so I can help out.

Hi Sam,

I am afraid that will have to wait now until after the board software upgrade, which now is #1 priority. We have everythign at the ready for it, barrign th econfiguration set up. However, with two attacks in about a month and a half, we need to get the board software sorted (read: upgraded) first. And this happens to be a lot of work, unfortunately, in a preparatory sense, and from an execution POV as well.

Warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#36 wimg

wimg

    Stip Etruria nut :)

  • FPN Admin

  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 20,900 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 23 April 2013 - 23:34

Ok, split off a new malware topic to CF.

If you can't find your post here anymore, please check the Community Feedback forum, where we will try to gather as much information as possible.

Warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#37 carlos.q

carlos.q

    Collectors Item

  • Member - Gold

  • PipPipPipPipPipPipPipPip
  • 1,387 posts
  • Location:On a hill in Puerto Rico
  • Flag:

Posted 24 April 2013 - 01:32

Just to inform that today I have had 2 separate incidents where I click on one of the "Recent Topics" and I am redirected to a porn site. If I go back and click it again I am taken to the proper thread. It seems that some kind of malware remains.

Edit: just read the CF thread, and it seems I am not the only one with this.. Hmmm... problem. :blush:

Edited by carlos.q, 24 April 2013 - 01:40.


#38 wimg

wimg

    Stip Etruria nut :)

  • FPN Admin

  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 20,900 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 24 April 2013 - 10:00

Update:

We were already convinced of this, but it is confirmed: we are 100% sure now it s not FPN. Apart from the extra checks we did ourselves yesterday, the server hosting admins worked through the night to do more and very extensive server scans and checks, including checking of log files and monitoring traffic from and to FPN. The verdict: We are squeaky clean.

Anything linking to a source unexpectedly outside of FPN, is not caused by anything on or from FPN - it appears to be a cacheing and/or DNS replication problem, IOW, completely outside of FPN control.

As far as cacheing is concerned, please do clear your caches and temp files, while not being logged in to any site, just a blank browser screen. Once done, close the browser, and start again. Also, assuming you all already use anti-virus programs etc., I'd suggest you start using a firewall program as well if you don't do so already. If you don't, I'd suggest ZoneAlarm, http://www.zonealarm.com, which has two free versions available, one firewall + antivirus, and one firewall only, which are extremely effective and very easy to setup and use - highly recommended.

If it still happens after clearing your browser caches and temp files, I am afraid the DNS replication servers in your specific path to FPN are compromised. In such cases, it is best to contact your ISPs about this.

HTH, warm regards, Wim

the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#39 jacksterp

jacksterp

    Vintage

  • Member - Gold

  • PipPipPipPipPipPipPip
  • 400 posts
  • Location:NC
  • Flag:

Posted 28 April 2013 - 04:37

This is one of my most favorite places on the internet. I don't understand what happened - but I'm glad you got it fixed.

 

Thanks to everyone for their hard work and dedication!


Fool me once, shame on you.
Fool me twice; damn
There goes that fox again.

#40 YeOlCaptain

YeOlCaptain

    Mint

  • Member - Silver

  • PipPipPipPip
  • 58 posts
  • Location:California
  • Flag:

Posted 27 November 2013 - 00:37

thanks






[Sponsored Content]