Thanks for the link to a copy of the haxor's newsletter.
There is a really simple reason we owned PerlMonks: we couldn't resist more than 50,000 unencrypted programmer passwords.
That's right, unhashed. Just sitting in the database. From which they save convenient backups for us.
Believe it or not, there is actually debate at perlmonks about whether or not this is a good idea. Let's just settle the argument right now and say it was an idea that children with mental disabilities would be smart enough to scoff at. We considered patching this for you but we were just too busy and lazy.
I'm sure you can figure it out yourselves.
This isn't a bad set of passwords, either. Programmers have access to interesting things. ...
And they also published that servers private ssh key, so that might be used to compromise other servers that trust it (depending on their config). And they published that server's password hashes, which is subject to a brute force attack.
I'm shocked this site hasn't gone off-line for housecleaning. Bad enough to be hacked, glad there's a homepage announcement. Would like to see more repairs. Would like an announcement about how the original exploit, and how subsequent vulnerabilities caused by the info liberated during the breach, have been addressed.
The one time I suspected a server had been hacked- didn't even have firm proof, just a good hunch- I took it off line, wiped the drive, re-installed the OS from CDs, gave all users new passwords, and restored the scripts/executables from known good sources and the data from backups. Pain in the buttocks but it had to be done. That was a small machine with half a dozen users and I know this site is much much bigger and thus more of an issue to take off-line, but please, it has to be done.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||