Ubuntu Forums has been hacked!

本帖最後由 samiux 於 2013-7-22 19:44 編輯

http://ubuntuforums.org/announce.html

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
What we know

    Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
    The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
    Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Progress report

    2013-07-20 2011UTC: Reports of defacement
    2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.

If you're using Ubuntu and need technical support please see the following page for support:

    Finding Help.

If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:

    The Ubuntu subreddit
    The Ubuntu Community on Google+
    Ubuntu Discourse


The defacement page is .

An article about this incident.

The source code of the defacement page is here.

It seems that the vbulletin is tweaked during the recent update/upgrade of the Ubuntu Forums and leads to this attack success.  Please refer to this.

The attacker stated at here that s/he would not deal with the database he which get as it is kill time to process such a huge database.

2buntu.com stated that attackers gain root access to the server.

Samiux

Update reason : update the content of original site
                        add the defacement page
                        add the article link
                        add the source code link
                        add the request of Ubuntu for upgrading the forums
                        add attacker's statement about the database that he downloaded
                        add Nathan Osman's blog (2buntu.com)

本帖最後由 samiux 於 2013-7-21 22:25 編輯

I write an article about this, please see here.

Samiux

TOP

呢類 hacking 係咪都係要靠 source 果邊有 patch 先防到..?
server side 例如 firewall 都冇計..?

TOP

呢類 hacking 係咪都係要靠 source 果邊有 patch 先防到..?
server side 例如 firewall 都冇計..? ...
kirafung 發表於 2013-7-22 15:18


First of all, the web application programmers should have good security code practice.  They should code with security in mind.

Secondly, before the web application launching, it needs to do penetration test or audit in order to find out potential vulnerabilities.  If find, fix them before production.

Thirdly, the web application should do penetration test (or audit) every year (or twice a year) or so.  Meanwhile, the web server(s) should be well patched too.

In addition, firewall do nothing on this kind of attack.  May be Web Application Firewall (WAF) can do the job, but the web application needs to do penetration test every year at least.  Be keep in mind that WAF can also be bypassed very easily by skilled attackers.

If you can do the captioned things, the attack vector will be lesser.

Samiux

TOP

First of all, the web application programmers should have good security code practice.  They shoul ...
samiux 發表於 2013-7-22 15:50



    多謝分享...

TOP

The Ubuntu Forum is resumed in this early morning.  Congrats!

I wrote a review for her resume at here.

Samiux

TOP