Stories
Slash Boxes
Comments

SoylentNews is people

Linux Mint Site is Up Again

posted by martyb on Monday February 29 2016, @03:14AM   Printer-friendly
from the older-and-wiser dept.

-- OriginalOwner_ writes:

Clem Lefebvre, the honcho at Linux Mint, has commented in some forum threads February 24 regarding what they were doing for several days while the site was offline.

You're now [behind] HTTPS [at the forum] (that doesn't protect against the kind of attacks we went through, but it helps if you're hacked locally)

[...] We're also behind a global [firewall] and we've got new friends at Sucuri.net who scan our server for malware.

This phpbb is also version 3.1, so you'll see a few differences and some new features compared to the previous forums.

...and later in the day

- The firewall filters a lot of bandwidth and saves a lot of processing dedicated to the constant pounding of DDOS, malware, poking, and all the bad stuff that bots send continuously over the internet. That means less work for the server [which is why it's faster for you now].

[...] The phpbb team reached out to us during the attacks to see how they could help. I asked about updates vs customizations. [Fancy theming is] not a priority right now,

It appears there were things they already had on their list and getting pwned kicked that stuff into gear.

Previous: Mint Cinnamon ISOs Hacked

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Mint Site is Up Again | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday February 29 2016, @05:32AM

    by Anonymous Coward on Monday February 29 2016, @05:32AM (#311444)

    Some blog posts by Clem:

    Mint's WordPress problems [linuxmint.com]

    We found an uploaded php backdoor in the theme directory of a wordpress installation, which was 1 day old and had no plugins running. The theme was new but most importantly I think we had lax file permissions on this.

    All the software the Linux Mint site was using was outdated [linuxmint.com]

    Our phpbb version was outdated. We were also contacted by the PHPBB team after they learnt of the attacks to see if they could help us in any way.

    .
    Softpedia says
    Linux Mint Forum Database Compromised for at Least a Month Before Announcement [softpedia.com]

    It turns out that they were warned about this breach on January 16 when Pieter Vlasblom left a tweet for them with an image to prove it. They didn't respond, and on February 21 the Linux Mint team was revealing the existence of hacked ISOs.

    There is a good possibility that they simply don't check their Twitter account all that often and they just didn't see the warning. In any case, it looks like the forum breach, at least, happened a while back, leaving the users exposed for more than a month.

    -- OriginalOwner_ [soylentnews.org]

  • (Score: 3, Interesting) by Runaway1956 on Monday February 29 2016, @06:31AM

    by Runaway1956 (2926) Subscriber Badge on Monday February 29 2016, @06:31AM (#311459) Homepage Journal

    Lax security. Things that make you go "hmmmmm". If no one cares very much about security on the site, maybe they aren't very focused on security in their OS.

    Don't get me wrong, I actually like Mint Debian Edition. I've run it, and not had problems with it. But, something like this makes me think that running Debian directly might be safer.

    But, this is common throughout the computing world anyway. A lot of people demand convenience and speed, and are willing to neglect security in their quest for fast and easy. That has always been a common theme on Microsoft OS's - maintain backward compatibility, make things easy, at the cost of security. Ehhhh - Maybe the Mint team has learned a lesson that will stick.

    --
    Abortion is the number one killed of children in the United States.

    • (Score: 0) by Anonymous Coward on Monday February 29 2016, @08:09AM

      by Anonymous Coward on Monday February 29 2016, @08:09AM (#311471)

      neglect security in their quest for fast and easy

      My impression is that Clem isn't willing to delegate|call in a specialist|spend money when he's clearly out of his depth.
      Maybe it's as simple as him trying to wear too many hats at once.

      Maybe the Mint team has learned a lesson that will stick.

      Hope so. {Fingers crossed}

      -- OriginalOwner_ [soylentnews.org]