Stories
Slash Boxes
Comments

SoylentNews is people

posted by NCommander on Monday May 18 2015, @10:00AM   Printer-friendly
from the standing-by-our-principles dept.

Normally, when I make a post on SoylentNews, it's to talk about some exciting new feature, our future, or something similar.

Unfortunately though, on rare occasions, I have to make announcements like this one. Sometime between May 12-13th, one of our email accounts was breached. The account ("test1") was left over from go live, over a year and half ago, and had a very weak password protecting it. We believe that an automated password guesser was able to find and access the account. Once breached, the account was used to send a significant amount of spam until we deleted the affected account on the 14th May 2015.

As a result of the compromise, several spam services have blacklisted our mail server; we're currently working to try and get ourselves cleared whenever we become aware of one of these blocks. We do not believe any user information or sensitive data was compromised; the account in question was simply a virtual dovecot account with no corresponding UNIX account attached to it.

mechanicjay was primarily responsible for handling this and cleaning up the mess, and I wish to personally thank him and the rest of the sysops team for their handling of this issue. We are looking at taking steps to prevent a reoccurence such as using fail2ban and the like. Unfortunately, most IDS systems like fail2ban are incompatible with IPv6 which we use extensively internally within our network.

A sysops meeting is being scheduled to discuss this and other changes we're making to the infrastructure.

I will update this article (or post a new one) with additional information should it become available,
NCommander

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Funny) by Anonymous Coward on Monday May 18 2015, @01:08PM

    by Anonymous Coward on Monday May 18 2015, @01:08PM (#184504)

    Actually I just hacked your Anonymous Coward account, and now I can post as you! ;-)

    Starting Score:    0  points
    Moderation   +5  
       Funny=5, Total=5
    Extra 'Funny' Modifier   0  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Monday May 18 2015, @01:10PM

    by Anonymous Coward on Monday May 18 2015, @01:10PM (#184506)

    Are you a Cypherpunk?

    • (Score: 0) by Anonymous Coward on Monday May 18 2015, @02:05PM

      by Anonymous Coward on Monday May 18 2015, @02:05PM (#184536)

      I am the Supreme Ultimate Cypherpunk EleventyOne of all time!

      I have hacked ALL the AC accounts, and NOW all your AC are belong to ME!!

      Now bow down and pay tribute to me. I want all of your 'one' bits sacrificed to my Honor and Glory. Since I am feeling generous, I will let you keep your puny 'zero' bits.

  • (Score: 0) by Anonymous Coward on Monday May 18 2015, @05:16PM

    by Anonymous Coward on Monday May 18 2015, @05:16PM (#184640)
    I'm a completely different AC and I agree with this post!
    • (Score: 1, Funny) by Anonymous Coward on Monday May 18 2015, @09:10PM

      by Anonymous Coward on Monday May 18 2015, @09:10PM (#184818)

      HAHAHA, DISREGARD THAT, I SUCK COCKS