Creative Commons license icon

Furrybid compromised, now back...

Your rating: None Average: 5 (4 votes)

I received the following email from the FurBid administration account:

Hello,

This is an administrative message from FurBid:

"It'll never happen to us!".

Yep, FurBid got cracked yesterday morning. Some moron got a copy of the l10n
linux worm and it connected to our server, over-writing the index.html file in
every directory that it found.
The worm stole the system's password file and the network interface info, but
did not touch your user data files. The e-mail containing the stolen password,
which the worm generates, was stopped and deleted at the mail server, so that didn't even get out.
That has been fixed and the vulnerability (an old BIND name server) closed. As
part of the recovery, my admin loaded in a backup of the FurBid data files,
taken this afternoon.
Unfortunately, that backup contained auction files from, oh, as far back as
January. The hundreds of messages that got sent out today were the server's
efforts to figure out why the auction count went from 280 to 2,982 in a few
minutes.

All the old auctions are where they belong now, in the trash. After tonight,
any auction notices that you get should be considered valid. You can check in
your View Closed Auctions list
(http://furrybid.transform.to/cgi-bin/auction.pl?1&1&v) to see what auctions
you *REALLY* won, and which were just the garbage being cleaned out.
Oh, and I must stress that this was not the result of a system glitch. We were
deliberately attacked and destroyed, but were restored from back-ups. This worm
randomly targets computers, so as far as we can tell, it was not deliberate. If
anyfur has information to the contrary, we'd love to hear it.

Thank you to everyfur that has offered help with getting the server back
on-line. For now, we're stable again. That old buggy name server, that should
never have been running in the first place, was successfully uninstalled by the
system admin tonight, and should give us no more problems.
Now, hopefully, we can turn all our focus on improving the auction system, with
your suggestions, of course.

Until the next big news event, Aatheus.

Thank you and please tell a friend about us!
Sincerely,
FurBid

Since they sounded like they were finally going to be back up, I went to their site and poked around, just to be sure -- it looks like the site is back up, running and stable. They also had some a blurb on their news page, which basically recapped what their email told me. Just like in their email, they gave a brief explanation for what happened, and apologized for the confusion. They do believe they've cleaned out all the old, previously completed auctions. I was very impressed by their honesty about what happened and their apology -- that sort of thing goes a long way to establishing trust and making up for the downtime.

Now if only we could get the strait scoup on FurryMUCK's recent burst of downtime and problems.

Comments

Your rating: None Average: 5 (4 votes)

I just checked yesterday about them. I can't ping past BBN's Chicago hub in a traceroute to one of furry.org's name servers, so muck.furry.org's unaccessible via normal means. Looks like a rouge backhoe operator got it. ;)

If someone can still pull an IP address to muck.furry.org, or uses the IP address to it, I can try and ping/traceroute it.

Your rating: None Average: 5 (4 votes)

My traceroute using the IP address stops in the same place.

Your rating: None Average: 5 (4 votes)

While I appreciate the service that has been
provided by Furbid, it looks to me like this
is an example of 'you get what you pay for'.
There's a cost in time and effort to maintain
a secure and reliable server, and to develop
and test the auction software itself. Ebay
can afford that; can Furbid?

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <img> <b> <i> <s> <blockquote> <ul> <ol> <li> <table> <tr> <td> <th> <sub> <sup> <object> <embed> <h1> <h2> <h3> <h4> <h5> <h6> <dl> <dt> <dd> <param> <center> <strong> <q> <cite> <code> <em>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This test is to prevent automated spam submissions.
Leave empty.

About the author

Feren (Jason Olsen)read storiescontact (login required)

    a network engineer and Black panther from Chicago, Illinois, interested in furry literature, art, and camaros

    Sometimes network engineer. Sometimes coder. Sometimes ranting editorial writer.