May 19, 2010 :: Tsunami compromise

ShaneR · May 19, 2010, 07:58:29 PM

Thanks, Jason.

I was just about to start trouble shooting on my own when the email came through. I'll hold off doing anything for now.

I thought it was something stupid. I did earlier as I was changing permissions on a couple folders. Guess not (at least I hope not).

Jason · May 19, 2010, 08:01:09 PM

Quote from: JPDeni on May 19, 2010, 07:56:52 PM
Be aware that if you have any subdirectories with index.html or index.php files in them, you'll likely have to replace them, too. I've just replaced a whole bunch of files.

If you want to proactively replace files, feel free. However, we're scanning all files server wide to compile a list of everything impacted. If there's an easier (automated) restore route, we'll do it if possible.

JPDeni · May 19, 2010, 08:06:38 PM

I'm so used to having to do things myself that I expect to have to. I still have to get used to the wonderful service we have here.

rebelsgirl · May 19, 2010, 08:08:34 PM

This is the same person who hacked mine. Do I need to replace the index.php from a new package from SMF? I don't have any modifications on my site at all. And did they attack the server or the forum itself?

Jason · May 19, 2010, 08:15:05 PM

Quote from: rebelsgirl on May 19, 2010, 08:08:34 PM
This is the same person who hacked mine. Do I need to replace the index.php from a new package from SMF? I don't have any modifications on my site at all. And did they attack the server or the forum itself?

We're still looking into this. I would just wait or if you have a backup of your files, you can replace just the impacted files. Otherwise, we'll attempt to do this for you once our investigation is complete.

ShaneR · May 19, 2010, 08:21:50 PM

I have backups, but I'll hold of until you give the final report. I don't want to go mucking about without a definitive cause.

Jason · May 19, 2010, 08:27:59 PM

Looks like the earlier cause was accurate and stopped at this time. We also have a list of all impacted files complete now.

If you want to do your own file restores, feel free -- that will be fatest. We are looking into a way to restore just those files from backups without having to do full account restores so it may take us some additional time -- especially if we end up having to do it manually.

rebelsgirl · May 19, 2010, 08:48:45 PM

I replaced my index outside the forum and the one inside. Looks like everything is ok for now. You're going to regenerate new passwords for us?

ulborn · May 19, 2010, 09:01:19 PM

Everyone must be trying to restore their files, I can not connect with FTP.

Error: Connection timed out
Error: Could not connect to server

Jason · May 19, 2010, 09:04:54 PM

Loads are high -- we're in the midst of doing automated file (not account) restores. We've completed about 10 sites so far and it's going well.

Jason · May 19, 2010, 09:09:25 PM

Quote from: rebelsgirl on May 19, 2010, 08:48:45 PM
I replaced my index outside the forum and the one inside. Looks like everything is ok for now. You're going to regenerate new passwords for us?

Only if necessary. I don't have a judgement on that just yet.

^ChYmAiL^GTX · May 19, 2010, 09:43:18 PM

Thanks Jason! Everything back to normal.

Pam · May 19, 2010, 09:50:15 PM

Jason, we seem to be back too.

Any updates on the need to change passwords?

Jason · May 19, 2010, 10:08:31 PM

All file restores are done. If you still have any issues, please post, email or open a ticket so we can look.

Not sure on the passwords yet. Checking into that now.

Jason · May 19, 2010, 10:45:42 PM

Quote from: Jason on May 19, 2010, 10:08:31 PM
Not sure on the passwords yet. Checking into that now.

We don't believe this to be necessary at this time, however it never hurts if you want to take that extra step.