Stories
Slash Boxes
Comments

SoylentNews is people

posted by NCommander on Monday May 18 2015, @10:00AM   Printer-friendly
from the standing-by-our-principles dept.

Normally, when I make a post on SoylentNews, it's to talk about some exciting new feature, our future, or something similar.

Unfortunately though, on rare occasions, I have to make announcements like this one. Sometime between May 12-13th, one of our email accounts was breached. The account ("test1") was left over from go live, over a year and half ago, and had a very weak password protecting it. We believe that an automated password guesser was able to find and access the account. Once breached, the account was used to send a significant amount of spam until we deleted the affected account on the 14th May 2015.

As a result of the compromise, several spam services have blacklisted our mail server; we're currently working to try and get ourselves cleared whenever we become aware of one of these blocks. We do not believe any user information or sensitive data was compromised; the account in question was simply a virtual dovecot account with no corresponding UNIX account attached to it.

mechanicjay was primarily responsible for handling this and cleaning up the mess, and I wish to personally thank him and the rest of the sysops team for their handling of this issue. We are looking at taking steps to prevent a reoccurence such as using fail2ban and the like. Unfortunately, most IDS systems like fail2ban are incompatible with IPv6 which we use extensively internally within our network.

A sysops meeting is being scheduled to discuss this and other changes we're making to the infrastructure.

I will update this article (or post a new one) with additional information should it become available,
NCommander

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday May 18 2015, @01:53PM

    by Anonymous Coward on Monday May 18 2015, @01:53PM (#184529)

    Why choose to be pioneers on IPv6 when so many
    security principles and tools that experienced admins
    use to secure things are not applicable on IPv6?
    It reminds me of the days when much software wouldn't
    run on 64-bit hardware, due to developers writing
    bugs that were masked on 32-bit platforms. That took
    a good 10 years to sort out, 64-bit being common now.
    But I don't think IPv6 will be common before I retire.

  • (Score: 3, Interesting) by NCommander on Monday May 18 2015, @02:02PM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Monday May 18 2015, @02:02PM (#184535) Homepage Journal

    Because when it got to the point I would have to setup NAT to properly interface off-site servers with ours, I said "fuck it", and put IPv6 entries and saved everyone a lot of headache, vs having to deal with a spilt DNS setup, or other madness. End-to-end routability is a good thing, and has drastically reduced the amount of pain we have to do to make everything talk to everything.

    --
    Still always moving
    • (Score: 0) by Anonymous Coward on Monday May 18 2015, @02:21PM

      by Anonymous Coward on Monday May 18 2015, @02:21PM (#184548)

      Why not use a VPN?

      • (Score: 2) by NCommander on Monday May 18 2015, @03:40PM

        by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Monday May 18 2015, @03:40PM (#184591) Homepage Journal

        Same problem. Bridging two 192.168.x.x networks proved to be too much hassle. NAT is a hack on the best of days, and for DNS to work, I would have had to populate it with internal addresses which in turn would complicate other issues. My general opinion is if NAT can be avoided, it should be avoided.

        --
        Still always moving
        • (Score: 0) by Anonymous Coward on Monday May 18 2015, @06:30PM

          by Anonymous Coward on Monday May 18 2015, @06:30PM (#184687)

          Why is the infrastructure for this site so convoluted? It's not a particularly complex site, even when including the wiki, IRC, and other offerings.

          • (Score: 1) by Frost on Monday May 18 2015, @08:06PM

            by Frost (3313) on Monday May 18 2015, @08:06PM (#184766)

            IPv4 address pressure is causing lots of problems for servers everywhere. Unless you can run your entire site on one host you're going to have to deal with such craziness at some point.