Mailinglist Archive: opensuse (880 mails)

< Previous Next >
[opensuse] Re: forum nntp server down?
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Wed, 28 Aug 2013 21:06:23 +0000 (UTC)
  • Message-id: <kvlooe$s1$1@ger.gmane.org>
On Wed, 28 Aug 2013 09:25:21 +0100, Dave Howorth wrote:

I'm seeing 'connection refused' from nntp.opensuse.org, and 100% packet
loss from ping. Does anybody know what the problem is?

The forums' web interface was hacked a few days ago, and needed to be
restored from backup as it appeared the database had been compromised. I
don't know all the details of the hack used, but it may have been similar
to he Ubuntu forums hack from a few weeks ago - with a few significant
differences:

1. User passwords were not compromised. Unlike the Ubuntu forums, we
don't store user passwords in the forum database - Access Manager handles
our authentication and doesn't expose user passwords. As a result, the
70,000+ users who have forum accounts do /not/ need to reset their
passwords - though if they want to, they certainly can.

2. Because we provide an NNTP interface that's fed by a gateway,
restoring the database from Friday or Saturday should not result in a
significant loss of messages. Messages that traverse the gateway are
recorded in the database, and if the record isn't there, the gateway
picks up the message on the NNTP side and feeds it back to the web side.
While there's a chance it may miss some messages, we're pretty confident
that at most we may lose 10 minutes of messages from right before the
forums were turned off yesterday morning (around 11 AM MDT). Messages
that are repopulated will receive new timestamps, so while there will
appear to be a "hole" in the posting dates, the content is the important
thing, and that should all be preserved.

3. Our outage lasted less than 24 hours total (NNTP took a little longer
to get back online because of a license issue that came up due to a
change in hardware). We discovered the forums had been compromised
Monday night around 10:00 PM MDT; the web forums were shut down at 11:00
AM MDT yesterday morning to start restoring (between the discovery and
the decision to shut them down, the issues were being investigated by
IS&T).

The hosts were moved to a different network during the recovery process,
so the servers' IP addresses will have changed. If you're for some
reason using a local hosts file entry, you'll want to update it (or just
use DNS instead) to the new addresses.

Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References