Furrybid compromised, now back...
I received the following email from the FurBid administration account:
This is an administrative message from FurBid:
"It'll never happen to us!".
Yep, FurBid got cracked yesterday morning. Some moron got a copy of the l10n
linux worm and it connected to our server, over-writing the index.html file in
every directory that it found.
The worm stole the system's password file and the network interface info, but
did not touch your user data files. The e-mail containing the stolen password,
which the worm generates, was stopped and deleted at the mail server, so that didn't even get out.
That has been fixed and the vulnerability (an old BIND name server) closed. As
part of the recovery, my admin loaded in a backup of the FurBid data files,
taken this afternoon.
Unfortunately, that backup contained auction files from, oh, as far back as
January. The hundreds of messages that got sent out today were the server's
efforts to figure out why the auction count went from 280 to 2,982 in a few
All the old auctions are where they belong now, in the trash. After tonight,
any auction notices that you get should be considered valid. You can check in
your View Closed Auctions list
(http://furrybid.transform.to/cgi-bin/auction.pl?1&1&v) to see what auctions
you *REALLY* won, and which were just the garbage being cleaned out.
Oh, and I must stress that this was not the result of a system glitch. We were
deliberately attacked and destroyed, but were restored from back-ups. This worm
randomly targets computers, so as far as we can tell, it was not deliberate. If
anyfur has information to the contrary, we'd love to hear it.
Thank you to everyfur that has offered help with getting the server back
on-line. For now, we're stable again. That old buggy name server, that should
never have been running in the first place, was successfully uninstalled by the
system admin tonight, and should give us no more problems.
Now, hopefully, we can turn all our focus on improving the auction system, with
your suggestions, of course.
Until the next big news event, Aatheus.
Thank you and please tell a friend about us!
Since they sounded like they were finally going to be back up, I went to their site and poked around, just to be sure -- it looks like the site is back up, running and stable. They also had some a blurb on their news page, which basically recapped what their email told me. Just like in their email, they gave a brief explanation for what happened, and apologized for the confusion. They do believe they've cleaned out all the old, previously completed auctions. I was very impressed by their honesty about what happened and their apology -- that sort of thing goes a long way to establishing trust and making up for the downtime.
Now if only we could get the strait scoup on FurryMUCK's recent burst of downtime and problems.