+- Post4VPS Forum | Free VPS Provider (https://post4vps.com)
+-- Forum: General Chat (https://post4vps.com/Forum-General-Chat)
+--- Forum: General (https://post4vps.com/Forum-General)
+--- Thread: Official Ubuntu forum hacked (/Thread-Official-Ubuntu-forum-hacked)
Official Ubuntu forum hacked - Dudi - 07-18-2016
Someones hacked the official Ubuntu forum. It was based on vBulletin .
Ubuntu hasn't updated the forum with the latest patches.
They ’ve installed ModSecurity, a Web Application Firewall, to prevent further attacks.
And promised to keep their forum up to date in the future.
Source: https://insights.ubuntu.com/2016/07/15/notice-of-security-breach-on-ubuntu-forums/?_ga=1.116363969.633271126.1468833804
RE: Official Ubuntu forum hacked - Vuluts - 08-02-2016
Woooh woooh this will be a big mess if not action emediately, since forum are a powerful tool for everyone to know what are the current updates.
RE: Official Ubuntu forum hacked - Dudi - 08-02-2016
(08-02-2016, 05:17 PM)Vuluts Wrote: Woooh woooh this will be a big mess if not action emediately, since forum are a powerful tool for everyone to know what are the current updates.
Yes, but this is not a big problem for most of users because the attackers can't get access to FTP servers to modify ISOs like they did with Linux Mint ISOs a few months ago.
It's a problem only for those users who use the same passwords at every place which is a very bad behavior.
RE: Official Ubuntu forum hacked - meetdilip - 08-02-2016
From what I heard, the hackers didn't even got passwords as they use SSO. May be all user names and some hashed info. That's all.
RE: Official Ubuntu forum hacked - Dudi - 08-02-2016
(08-02-2016, 06:24 PM)meetdilip Wrote: From what I heard, the hackers didn't even got passwords as they use SSO. May be all user names and some hashed info. That's all.
I thought that it is possible to recover passwords from hashes, but it depends.
RE: Official Ubuntu forum hacked - meetdilip - 08-02-2016
Under the hashes, may be it is just sso login info. Some were saying that it would not help or give the hacker the password which can be tried on other forums.