Thursday, May 10, 2012

Stupid Hackers

Yep, we've been punked as it were. So here's the scoop....

The hacker did manage to log into the server using the root account so basically, the entire server had been compromised. Anything on the server can have been downloaded or save by the hacker including e-mail addresses, AQ mail, and even the passwords files. Passwords are encrypted using a one-way encryption algorithm so there's no way the hacker would have gotten your plain-text password, but for those of you familiar with the Cracking Passwords page (premium members only), imagine having the power to run this page and see exactly which accounts the passwords match. In theory, the hacker could do this. Since AQ doesn't have any sensitive information like social security numbers or credit card numbers, I'm not going to require anyone to change their passwords--but it wouldn't hurt. And as far as I can tell, the hacker did not access the database, but I can't be 100% certain of that either.

I restored the database from backups that ran at about 3:00 this morning (Pacific time)--if you sent an AQ mail, listed finds, listed plants, or anything after that time but before the hacker struck, they've been lost. Assume they didn't go through.

A couple of database tables didn't get saved last night--one being the locations table. I had to use backups from Sunday for that table, so it's a bit more out of date than the other tables. Three events and 188 boxes had references to locations that weren't in the backups, and they're currently all pointing to "no location specified." If you've recently edited the location of a box or added a custom location for a box since last Sunday, you'll want to check if it's still in place. Most should still be place--only locations "new to AQ" weren't saved. For instance, if you added a box to "Seattle, WA" (which AQ has known about for years), it's pointing to a location AQ had already stored years ago. It's locations like parks, addresses, and such that have never been used by anyone until you added it that would have been lost. Sorry about that. I've fixed it so the locations are properly stored nightly, but there's not much I can do to retroactively fix that.

The other tables that didn't get saved last night relate to the listings for the trip planner. If you added or modified a listing since last Sunday, those have been lost. Sorry about that, but I don't think it'll affect very many of you since not many people play with that page on a day-to-day basis.

And finally, images don't get saved on a nightly basis, and I forgot to backup any new images uploaded before I restored the server to a pre-hacked version. If you've uploaded images since Sunday, you'll need to do that again. 

I've taken a few precautions on the server to (hopefully!) avoid this kind of attack again, but honestly, there are no guarantees. There's no such thing as a 100% secure server and as sad as it is, eventually, someday, this kind of thing is likely to happen again. You'd be surprised at the number of "attacks" that happen on AQ every day. I use the term "attack" hesitantly--most of them are pretty weak and harmless--but there are dozens of "suspicious" activities that AQ detects every single day from all over the world. And to be perfectly honest, while I know a little about security for a server, it's not my specialty or my strength. I can just do my best. And I do know how to learn and improve with age and experience. =)

Sorry for all the trouble this caused!

11 comments:

Debbie St.Amand said...

Good save, Ryan! Give me 4 years, and I'll have a kid who's majored in computer forensics. Maybe he can help you out then. But first, he has to pass algebra!

Jeanne said...

Ryan, you did an amazing job getting AQ up and running again as quickly as you did. And I think you've done a wonderful job preventing any hacking before now.

Anonymous said...

After reading The Code Book by Simon Singh, I've felt a lot more comfortable about my online passwords. For now.

Anonymous said...

Did anything like this ever happen on the old server?

Anonymous said...

Kudos to you Ryan. Thanks for all your hard work to get AQ up and running again.

Sahalie

Anonymous said...

Thank you so much for the quick "save" and all you do for us. There is no need to apologize!
Red Bird

Anonymous said...

Like most people, we have many outside activities and interests. Besides other interests,with AQ there is a sense of community, family with those we have never met, a dearly loved hobby/obsession that is a wonderfully progressive and even improving website to pursue seeking pieces of rubber hidden in lock n locks and tupperware. When an intruder takes away our ability to communicate with "family", catch up on news, peek in and see what is happening in the AQ world.... it is very frustrating and a sense of violation when an outsider decides to interrupt our community. Thank you so much for all you do for the letterboxing community and AQ "family". Your speed of bringing us back on line was amazing. Kudos Ryan!

Wendy

Anonymous said...

I'm thinking this would not have happened with the old Virginia server. But then again, maybe I'm just being a "homer"!!!

DC Stones

Birchmoon said...

I had three of the 188 and just now realized it, when I noticed they weren't showing up on my new boxes widget. Oh brother! Also took me awhile to figure out why I was getting new mails on an old stamp offer... I hope I've fixed all the little problems now, lol. Darn hackers.

Anonymous said...

Thank you Ryan for all that you do.
- Team Mac

Anonymous said...

Thank you, Ryan, for all your hard work and dedication!