The Wget Wgiki was brought down by the security vulnerability identified here: http://moinmo.in/SecurityFixes/CVE-2012-6081
IMPORTANT: Any number of attackers over the last 6 months will have had access to the hashed password stores. Anyone with less-than-very-strong passwords may have had their passwords revealed to any number of people. IF YOU ARE USING THE SAME OR SIMILAR PASSWORD ELSEWHERE, PLEASE IMMEDIATELY CHANGE THEM AS A PRECAUTION. While the version of MoinMoin (the wiki software used by the Wgiki) was good and patched, and did not suffer from the exploit described there, it would appear that the version I was using 6 months ago, on a different provider's VPS, did suffer from the vulnerability, and around that time a shell access kit was installed to the wiki. It is unknown to what purposes it may have been put since then, and I no longer have logs from then (or from that server). Any time between July and now, it would have been possible for people to execute arbitrary shell code on the server, as the web server's uid/gid. As of about noon Pacific Time on May 6, someone decided to run "rm -fr *" using this shell access. Since a wiki needs to be server-modifiable, all of the Wgiki's contents were deleted. Three other sites I host on the VPS were similarly impacted; all will be recoverable. An additional two sites were not modifiable by the server, and thus escaped harm. A backup of the website's data exists, as of its state on Apr 19, and the site will be restored from this data (it is in fact the same data that was used to migrate the Wgiki to its new location, around that time). Changes made since then will be lost. I had recently cleared a large number of spammy users and pages out from the wiki, I will have to repeat this work, and plan to do so before restoring the site's functionality, so it may take a little time. Given the potential for some password information to have leaked (if someone was able to fetch and crack the hashes), all preexisting user accounts will be destroyed; new ones will be required if you wish to make modifications to the site. Yours, Micah Cowan
