Boards.ie Attack - What Happened? Please post all questions here.

The.Q

MFZ wrote: »

Btw: This email never got to me. And no, there is no such thing as a spam folder.
And yes, password reset did work (apparently).

MFZ

Me neither. I'm back in, tho' so it doesn't matter, but it'd be interesting to know why it didn't get to everyone. Having read a few further posts, I'm a bit clearer on it. I probably missed it on my spam filter.

TouchingVirus

Congratulations to all the boards.ie team for everything they did, the whole annoying punishe

To Dav & Darragh for manning the twitter (even though I do loathe it ) and arranging the media coverage of the issue even though I'd been tweaking for a fix since 11:50 or so

To Ross & Conor who no doubt spent countless hours looking at logs, through filesystems, gathering any evidence, adjusting server policies to minimise the effects of another breach, getting boards back online etc etc - It's tiresome work but from what I see you did a stellar job! I'm very interested to read any technical details you post

And of course to DeV and all the rest of the team for what I consider to be the best response and full disclosure of an event like this since I've been on the internet [this statement makes me feel old now]

DeVore

helimachoptor wrote: »

Dev, of course I understand if you cant share this but do you think this was just a random attack or was Boards.ie specifically targeted for a reason you know of?

Thats impossible to say. I suspect it wasnt targetted in the sense that they set out to do us from the start, but rather that they stumbled over something and took it from there. I really dont want to speculate though as we have very little hard information to hand on that subject. I'll let you know more when I know more myself.

DeV.

Gary ITR

DeVore wrote: »

hard information to hand

Seeing as this thread is serious business I will refrain from commenting on the hard things you have in your hand.....

muffler

Onkle wrote: »

Seeing as this thread is serious business I will refrain from commenting on the hard things you have in your hand.....

The good old ban stick

Dyr

I snorted dismissively at the "fellow user" schtick , funny how after years of having "privately owned site" rammed down our throats when it was time to man up, "fellow user's" was wheeled out.

And boards would have gone up in my estimation if the word "sorry" had been used. It's absence did't really surprise me though

Sarky

You really take it that personally?

K-9

Sarky wrote: »

You really take it that personally?

Some seem to. Boards have been very apologetic about the situation. Don't know what some expect.

Dyr

Sarky wrote: »

You really take it that personally?

Not at all. Wasn't any real skin of my nose. I just thought it the wording said a lot about boards ltd or whatever this entity is now

Posy

I like Boards. Then Boards was gone. Then Boards was back and I had to get a new password. Now I love boards and think the admins and the mods do a great job. I don't understand all the technical stuff, I only know that it's made me more security conscious (which can only ever be a good thing) and realise that absence (of boards) makes the heart grow fonder.
And if people are 'hacked' off with Boards then they can just go and join one of the other major Irish bulletin boards with thousands of memb.. oh, wait.

Overheal

Magenta wrote: »

I don't know if this was already posted but BBC News have quoted you!!!

http://news.bbc.co.uk/2/hi/uk_news/northern_ireland/8476259.stm

Thats ****ing Awesome.

Ladies form an orderly queue, no pushing please.

Posy

Overheal wrote: »

Thats ****ing Awesome.

Yee-haw, you is famous!

Site users have welcomed the return of Boards.ie with one poster noting: "Thank God - my caffeine-free solidarity is over. I had already fallen off my chair in work.

as reported by the Beeb

Overheal

DeVore wrote: »

Official Mode Off.


We're heart-sick about this lads and ladies, we're not happy in the slightest. Its been a horrible experience but what can you do except let everyone know asap. Believe me its a pretty sickening thing to see your website logo on the 6.1 news telling everyone that you have lost 280,000 passwords (when the truth is much more subtle then that, but thats the message that goes across).

Its a very hard thing to do, to decide to actively go out and try to get media to broadcast that we have been hacked when what you REALLY want to do is bury your head and pretend nothing happened.


On the plus side, we took our belief that our way of doing things is better then the "usual" way, and trusted it. Trusted that people would see past the "sorry, our bad" and on to the "they did the right thing". Its tremendously heartening to see the messages of support, it really has cheered us up and kept us determined.

We're really sorry this happened, we couldnt have prevented it but we have taken steps to mitigate its repeat. Thanks for understanding.

DeV.

In fairness DeV, the damage was extremely well contained. Due most in part to disclosing the problem and entering Maintenance mode, alerting all active users to the problem and getting media attention.

Because cmon, only us 'tards who used the same password were at all worried. But beyond that, Boards isnt a financial institution for example. If my bank called me up and told me it compromised all of my account and personal information, Id be sleepless. These were passwords to a [fantastic] message board. My email and my bank is safe, and im sleeping well and so should you folks. Minor hiccup that will be forgotten by the masses by next week.

Cabaal

Bambi wrote: »

Not at all. Wasn't any real skin of my nose. I just thought it the wording said a lot about boards ltd or whatever this entity is now

So boards should say sorry that it was attacked?
Thats like me saying sorry for an idiot running into my car on the way to work

Sherifu

Cabaal wrote: »

So boards should say sorry that it was attacked?
Thats like me saying sorry for an idiot running into my car on the way to work

That depends on how the admin account was compromised. Unless we know the full details of what happened I don't think we can say anything conclusively.

helimachoptor

Bambi wrote: »

I snorted dismissively at the "fellow user" schtick , funny how after years of having "privately owned site" rammed down our throats when it was time to man up, "fellow user's" was wheeled out.

And boards would have gone up in my estimation if the word "sorry" had been used. It's absence did't really surprise me though

What are you on about??

bryaner

Cabaal wrote: »

So boards should say sorry that it was attacked?
Thats like me saying sorry for an idiot running into my car on the way to work

Think he got out for the day

marco_polo

BostonB wrote: »

Thing about master passwords is what happens if a keylogger gets it? or you forget it. Or you lose your phone? An alternative is you come up with a system to make your passwords unique, that you can remember. But of course is someone guesses your system thats broken too. Also its good to clear out your passwords every now and then with CCleaner.

Once place I worked has a system that forced you to change your password regularly, then it tested the one you picked to make sure it wasn't a weak password. If it failed you had to change it.

Another good alternative is Truecrypt + Password safe with different very strong keys for each of them.

I've started using www.passpack.com and the security measures they have in place are outstanding. It's worth a look, anyway.

randylonghorn

Bambi wrote: »

I snorted dismissively at the "fellow user" schtick , funny how after years of having "privately owned site" rammed down our throats when it was time to man up, "fellow user's" was wheeled out.

And boards would have gone up in my estimation if the word "sorry" had been used. It's absence did't really surprise me though

From email:

* We apologise for this inconvenience. We do not want to over stress the problem, however we felt the situation requires full disclosure.

Tom Murphy.

Also:

DeVore wrote: »

We're really sorry this happened, we couldnt have prevented it but we have taken steps to mitigate its repeat. Thanks for understanding.

DeV.

What more do you want?

And as Cabaal pointed out, this was an attack from the outside, not someone in Boards forgetting to feed the hamsters.

GlennaMaddy

Any chance we can have support for OpenID login? I have more faith in Google or Yahoo to keep my password safe more than boards.ie after the recent events.

For me, it would mean one less password to manage, for boards.ie it would be thousands

Conor

GlennaMaddy wrote: »

Any chance we can have support for OpenID login? I have more faith in Google or Yahoo to keep my password safe more than boards.ie after the recent events.

For me, it would mean one less password to manage, for boards.ie it would be thousands

I would love to have this.

Inserting it into vBulletin is non-trivial though.

Dyr

Cabaal wrote: »

So boards should say sorry that it was attacked?
Thats like me saying sorry for an idiot running into my car on the way to work

Sorry is not necessarily an apology and an apology in not an admission of culpability. I work in IT services and I've been in the same situation as boards more than once, so here a quick heads up for anyone who thinks "fault" has any relevance here: It doesn't matter who's fault it is when it was your responsibility. If you have any integrity you accept your responsibility. When you lose your customers data you apologise loud and clear, not because this was your fault but because you were responsible for that data. Your customers have taken a hit just for giving you their custom and you should acknowledge that.

What more do you want?

Good man Randy, I didnt get any e-mail. All I'm commenting on is what was on the frontpage which is what 99% of the world saw on this matter. So If you just show me where those statements were on the front page I'll gladly recant and apologise

Pittens

When you lose your customers data you apologise loud and clear, not because this was your fault but because you were responsible for that data. Your customers have taken a hit just for giving you their custom and you should acknowledge that.

Losing paying customer's free data is not the same as people not being able to log into a free site for a few hours precisely because the people here promptly took action to stop an attack.

We are, most of us, not paying for this.

DeVore

Bambi wrote: »

Good man Randy, I didnt get any e-mail. All I'm commenting on is what was on the frontpage which is what 99% of the world saw on this matter. So If you just show me where those statements were on the front page I'll gladly recant and apologise

--
We apologise for this inconvenience. We do not want to over stress the problem, however we felt the situation requires full disclosure.

Tom Murphy.
--



...was on the message you were redirected to for the 36-odd hours the site was down. (ie the "front page" as people are calling it).


Tom "DeV" Murphy.

Dyr

Err..Was that not in the context of the inconvenience of resetting passwords rather than potentially losing data? Either way my poorly worded promise to randylonghorn means that I must now recant and apologize fully. Which I do.

We are, most of us, not paying for this.

The DPC wouldn't care if you were paying or not and most companies wouldn't either, and rightly so.

randylonghorn

Bambi wrote: »

Err..Was that not in the context of the inconvenience of resetting passwords rather than potentially losing data? Either way my poorly worded promise to randylonghorn means that I must now recant and apologize fully. Which I do.

Well, the paragraph immediately before referred to data, and in particular what data could not possibly have been compromised i.e. credit card / payment details (relevant to subscribers) ...

... though as the paragraph quoted above was the very last paragraph I personally read it as referring to the whole incident, and I suspect that is how it was intended to be read.


(Thanks, DeV, I was 98% sure the text of the email was exactly the same as what was on the front page, but not having a photographic memory I couldn't be 100% certain.)

K-9

-JammyDodger- wrote: »

I've started using www.passpack.com and the security measures they have in place are outstanding. It's worth a look, anyway.

I use lastpass on Firefox as I mentioned previously, forgot to mention an extra layer of protection!

Key Scrambler, started as a Firefox addon I think but has expanded:
http://www.qfxsoftware.com/Download.htm

jimmycrackcorm

For those of us who haven't our original email address, could I suggest that the old database be temporarily used for a separate login / change password process.

Just occurred to me also that perhaps there's some way of tracking an ip-address used from a login or previous posting as part of the validation process?