Howdy All, A number of weeks ago I made my second attempt to lock down the website and clean it up. As of today approximately 4 weeks have elapsed since Google had us listed as being a problem. On my second attempt I cleaned the site and modified all the passwords, and restricted Nucleus accounts to Oystein and myself.
I locked out all the Nucleus accounts except for the aforementioned ones. An administrator account for the content management system had been created at some point by the attackers. This week I will enable all the regular user accounts. Anyone who is an administrator, I'll request that you contact me directly so I can enable your account, and have you change your passwords to something that wasn't previously used. As part of the cleanup process I extracted all the files for each of our install programs, and opened all the archives we had. Scanned with ClamAv and Norton Anti Virus. There was no malicious content found inside any of these files. Some changes have been made, but one will affect some of the developers/maintainers here. For the time being I have separated the gnubg.org/media directory from the main gnubg.org website. The media directory has been pointing to a hosting provider I have where I made a copy of all the media files. There is a temporary redirection set up that directs any www.gnubg.org/media requests to files.gnubg.org/media . This change was to help limit any damage done to the main site. The side effect is that people who use FTP to update the files in the /media on the original site will not be updating the server with the active media files. If you need to update the new server (files.gnubg.org) please contact me for the FTP account information. I will send Philippe Michel a copy of the credentials needed for that since I know he is one active FTP as of late. A few years ago I acquired the gnubg.com domain when it became available. I had been pointing all web requests from gnubg.com to gnubg.org in the past. I took the contents of gnubg.org as a base and migrated them to my home server, and have been cleaning things up in my spare time. Removing old unneeded files, getting new versions of plugins, a new version of the Wiki with user registration (and captchas - at least a partial deterrent to some script kiddies). gnubg.com/media and gnubg.org/com both point to files.gnubg.com and files.gnubg.org (The latter 2 being the same location). So all the media files for one domain are the same for the other. I did this in the event that there was a breach on gnubg.org. I could direct it to my locked down sandbox at home running gnubg.com . If it ever came to that I'd have better log analysis tools available to me. Eventually the alterations I make to gnubg.com will be moved to gnubg.org. The password changes also locked out the person who Ftps the daily snapshots to the server. Since I don't know who was doing this previously, I created a script on my system that created the daily snapshots and that has been going for a few weeks now. See my followup email sometime later today for more my feelings on these daily snapshots. At this time, I think our site is free of trouble. I'll keep an eye on updated for the software we use, most especially the content management system. -- Michael Petch CApp::Sysware Consulting Ltd. OpenPGP FingerPrint=D81C 6A0D 987E 7DA5 3219 6715 466A 2ACE 5CAE 3304 _______________________________________________ Bug-gnubg mailing list Bug-gnubg@gnu.org https://lists.gnu.org/mailman/listinfo/bug-gnubg