As many of you experienced this morning BA was hacked/defaced by another intrusion. It looked to be part of a larger anit-american campaign, with the Syrian Electronic Army claiming responsibility. If you search on Vbulletin.com you will see hundreds of other VB sites succumbing to this type of attack. As with the first one, it is more of a defacing hack, and there is no evidence that users passwords were compromised. In addition the passwords in the DB are with MD4 with Salt.
Thanks to a rad tip by Matt from http://blendswap.com we reached out to the crew at OSIRT to help us out on the matter. As they had an exact blog post on the hack and offered a service to fix it. (Link to Blog Post)
Increased Security:
Key directories are now password protected. Meaning if somebody gains access to an admin account, or creates one, there is a second level of security to access any of the backend.
Increase the settings on CloudFlare (increase account level). I have a ticket out with them to see if there are any specific settings we could lean on, which would not hinder the good folks on the site. I know the captcha confirmation thing is annoying for some users.
Brad from their team rocked and has given us a clean bill of health. I know this has been said before, but I do feel more confident this time with the help of OSIRT. I may sleep a little restless tonight awaiting how the site does while I slumber… hah
Thank you again for the patience and all of the awesome e-mails coming from folks offering to help. Feels great to know you’ve got our backs and I hope we can return the same feeling!
And thanks to you for bringing the site up once again. And I wish you a good night - this night :).
I think there is one thing coming from the extra secured directories now. I get a password prompt at every page that I request. It requires authentication for the resource “admincp”.
Nice, thanks.
There is a little problem tough with the password protection and the feature row because the folder GCG_uploadedFiles is in admincp. So everytime I change the page it asks for a password. Maybe its better to deactivate it for a while.
Why am I always the first “discoverer” of this problem?
By the way, When I checked BA a while ago and it was closed, I found creepy videos and images about USA and syria and some random politics, Does that mean that BA was being hacked by terriorists or something?
As many of you experienced this morning BA was hacked/defaced by another intrusion. It looked to be part of a larger anit-american campaign, with the Syrian Electronic Army claiming responsibility. If you search on Vbulletin.com you will see hundreds of other VB sites succumbing to this type of attack.
It seems like these days, it’s simply too dangerous to have a website without up to several layers of security and encryption protecting the site code (providing that the hosting service doesn’t handle it for you).
There are people throughout the world who can and will try to hack any website for any reason, so I think the thing to do here is to try to employ the latest security technology so as to prevent the Blender community from going anywhere.
Thanks again for staying on top of things and thanks to Matt for pointing out a solution, the downtime can be frustrating for us users, but not near as much as what is felt by you and Johnathon W.
Actually, this gives me some confidence that the Syrian Electronic Army is not much of a threat. Seriously, annoying Blender Artists? Who are we, in the grand scheme of things? Just the smallest of small potatoes. Not to cast any aspersions on our talented and inspiring community or our hard working admins, but this is like trying to disrupt the parade by running through the crowd on the sidelines tripping random passers-by and causing them to stumble momentarilly. That artist’s bulletin boards get hacked means they are unable to do any damage where it would actually be a problem: emergency systems, power grids, traffic lights… hell, I’ll bet even the local PEP Boys internet based inventory system didn’t hiccup.
Electronic Army??? Bunch of frustrated script kiddies if you ask me.
Electronic Army??? Bunch of frustrated script kiddies if you ask me.
I agree 100%. If those idiots were capable of causing real damage, they certainly wouldn’t attack an artist forum. The Quixel site got nailed as well. They also use vBulletin. Cheers to Wes,Matt and the rest of the guys for not wasting time fixing the problem.
Okay deactivated and working on shoring up that end!
