Stories
Slash Boxes
Comments

SoylentNews is people

Linux Mint Site is Up Again

posted by martyb on Monday February 29 2016, @03:14AM   Printer-friendly
from the older-and-wiser dept.

-- OriginalOwner_ writes:

Clem Lefebvre, the honcho at Linux Mint, has commented in some forum threads February 24 regarding what they were doing for several days while the site was offline.

You're now [behind] HTTPS [at the forum] (that doesn't protect against the kind of attacks we went through, but it helps if you're hacked locally)

[...] We're also behind a global [firewall] and we've got new friends at Sucuri.net who scan our server for malware.

This phpbb is also version 3.1, so you'll see a few differences and some new features compared to the previous forums.

...and later in the day

- The firewall filters a lot of bandwidth and saves a lot of processing dedicated to the constant pounding of DDOS, malware, poking, and all the bad stuff that bots send continuously over the internet. That means less work for the server [which is why it's faster for you now].

[...] The phpbb team reached out to us during the attacks to see how they could help. I asked about updates vs customizations. [Fancy theming is] not a priority right now,

It appears there were things they already had on their list and getting pwned kicked that stuff into gear.

Previous: Mint Cinnamon ISOs Hacked

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Mint Site is Up Again | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by tonyPick on Monday February 29 2016, @02:05PM

    by tonyPick (1237) on Monday February 29 2016, @02:05PM (#311580) Homepage Journal

    it's not that fucking difficult, mint devs, just try it

    Really? It seems there's a lot of "The lazy fools" horror floating around this story, but the Mint team got a single direct download link redirected for one day via a wordpress bug, took everything down as soon as they realised the extent of the issue and shouted about it from the rooftops to alert the users. Hopefully they'll learn a lesson and be smarter in the future, but you think this is somehow a shocking lapse of security?.

    For comparison just last week I'm reading that Nissan's Connected Car App didn't authenticate at all, and you could control other people's LEAF cars with it, and Nissan left it up & running until last week even after having this gaping hole pointed out to them in January.

    Hell, just a couple of stories down I'm reading about multiple ransomware attacks on hospitals, and the total clusterfuck that is medical device security. Now that is something to get angry about.

    But the fact a volunteer project didn't do quite as well as it might providing validating checksums that most folks won't use anyway? That isn't even the worst security issue posted on Soylent. On Sunday the 28th. Afternoon. By martyb.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5