• We did not send an email asking for donations - please read this post.

Important: We did not send an email asking for donations - scam alert

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
926
Reaction score
1,784
Credits
1,207
Earlier today an email was sent out to our members stating that we now accept donations via cryptocurrency in exchange for upgraded member perks. This email is a scam, do not send anything to the addresses listed in the email.

Someone was able to gain access to the administrator area of the forum using a weak password from one of our administrators, then used the built-in email tool to send out bulk emails requesting donations.

The site also wasn't rendering during this time. We've restored from a previous backup. If you have any questions, please respond below, send me a private message here or reach out via email ([email protected]).

Thank you,
Rob
 


KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
7,427
Reaction score
6,401
Credits
60,224
It's great to see it back online. Crap happens and any posts missing can be recreated by those seeking help. Without an extremely expensive backup process, restoring from backups is going to result in lost data.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
7,427
Reaction score
6,401
Credits
60,224
LOL Me too! Well, anything public facing that changes. If it's a static site, I just keep backups every two weeks.

Remember folks, an untested backup is not a backup!

I've seen it go much, much worse... We lost a day's worth of posts. We'll manage.
 

Bartman

Well-Known Member
Joined
Mar 14, 2022
Messages
639
Reaction score
550
Credits
4,475
I checked my email today and didn't find any emails from Linux.org with today's Oct 20th 2022 date but had a few from yesterdays date.

I didn't bother to open any of them just dumped them figured it wasn't worth taking a risk.

Thanks @Rob

Cheers
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
5,162
Reaction score
4,322
Credits
30,420
Interesting.
Obviously the email entitled 'New Linux.org Role + Updates!' was not sent by @Rob ....it was sent by someone who gained access to ...." able to gain access to the administrator area of the forum using a weak password from one of our administrators, then used the built-in email tool to send out bulk emails requesting donations."

With this level of expertise in play, is it a valid consideration that member info was stolen?

Is there any sign that this happened...or could have happened?

I would prefer to know now ......rather than get a surprise later..... @Rob
 
Last edited:

Brickwizard

Well-Known Member
Joined
Apr 28, 2021
Messages
3,162
Reaction score
2,048
Credits
23,540
Shame we lost a days work, but its a small price to pay,
@Rob thanks for jumping on it so quickly
This email is a scam, do not send anything to the addresses listed in the email.
Hardly surprising with the growing ranking of the site over the last year or so, as we know no site is completely invulnerable to malicious attacks

I must admit I was cursing a Firefox update which I had run immediately before the site collapsed, it wasn't till I ran my Parrot installation [ different browser] I realised there was a problem
 

bengan

New Member
Joined
Aug 8, 2018
Messages
1
Reaction score
3
Credits
6
Thanks for the quick response to this scam. I wondered about the email and started looking into it this morning (UTC+1). Nothing donated so far to the addresses, as far as I can see.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,996
Reaction score
3,642
Credits
36,416
@Rob I think it would be a good idea to have the admin accounts use two-factor authentication, I actually use it for my account here as well since it's an option. That way if they get your password if you have a weak one they won't be able to login since the second factor is still needed. And if possible it may be a good idea to limit admin access to white listed ip adresses.
 
Last edited:

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
1,286
Reaction score
1,073
Credits
9,233
Thanks @Rob for all you do that many will never see. Hope the one who did this will be rewareded by being banished from all forums some day. In any event, it is good to have the forum back up and running. Again thank you!
 

Terminal Velocity

Active Member
Joined
Oct 13, 2021
Messages
227
Reaction score
139
Credits
1,657
I received this message yesterday, It's for Rob
Screenshot from 2022-10-20 23-46-46.png
 
  • Like
Reactions: Rob

Brickwizard

Well-Known Member
Joined
Apr 28, 2021
Messages
3,162
Reaction score
2,048
Credits
23,540
I saw that last night just before the site went down, another "polite" message :mad:
 
  • Like
Reactions: Rob

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
1,286
Reaction score
1,073
Credits
9,233
Yep, had that message here also. :( Also got the email.
 
Last edited:
  • Like
Reactions: Rob

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
7,427
Reaction score
6,401
Credits
60,224
Now I feel left out. I didn't get an email or a notice.

I have done some sleuthing and (just to eliminate a few ideas) there aren't any current XenForo exploits out there. Well, if there are some nobody is offering to sell them.
 
  • Like
Reactions: Rob

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,996
Reaction score
3,642
Credits
36,416

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,996
Reaction score
3,642
Credits
36,416
@Rob has our e-mail addresses been compromised, do I need to change my e-mail address so that I don't get future spam? I know this message was sent through the board forums but not sure if this person who had admin access also made a database dump?
 

Brickwizard

Well-Known Member
Joined
Apr 28, 2021
Messages
3,162
Reaction score
2,048
Credits
23,540
Looks like it came from an American Hacker [or from another country that doesn't speak English]
 

bob466

Well-Known Member
Joined
Oct 22, 2020
Messages
652
Reaction score
461
Credits
4,784
I didn't get any of those emails...what a shame
m0103.gif
I tried several times yesterday to logon but couldn't...hope everything is fixed for now.
m1705.gif
 
  • Like
Reactions: Rob

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
7,427
Reaction score
6,401
Credits
60,224
hope everything is fixed for now.

So far, everything looks okay. We did lose some data, but nothing too terribly important.
 
  • Like
Reactions: Rob
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Staff online

Members online


Top