in reply to
Re: What happened?
in thread What happened?
Thanks for the link to a copy of the haxor's newsletter.
There is a really simple reason we owned PerlMonks: we couldn't resist more than 50,000 unencrypted programmer passwords.
That's right, unhashed. Just sitting in the database. From which they save convenient backups for us.
Believe it or not, there is actually debate at perlmonks about whether or not this is a good idea. Let's just settle the argument right now and say it was an idea that children with mental disabilities would be smart enough to scoff at. We considered patching this for you but we were just too busy and lazy.
I'm sure you can figure it out yourselves.
This isn't a bad set of passwords, either. Programmers have access to interesting things. ...
And they also published that servers private ssh key, so that might be used to compromise other servers that trust it (depending on their config). And they published that server's password hashes, which is subject to a brute force attack.
I'm shocked this site hasn't gone off-line for housecleaning. Bad enough to be hacked, glad there's a homepage announcement. Would like to see more repairs. Would like an announcement about how the original exploit, and how subsequent vulnerabilities caused by the info liberated during the breach, have been addressed.
The one time I suspected a server had been hacked- didn't even have firm proof, just a good hunch- I took it off line, wiped the drive, re-installed the OS from CDs, gave all users new passwords, and restored the scripts/executables from known good sources and the data from backups. Pain in the buttocks but it had to be done. That was a small machine with half a dozen users and I know this site is much much bigger and thus more of an issue to take off-line, but please, it has to be done.