[Bug-gnubg] GNUBG.ORG website status UPDATE

[Michael Petch]

Howdy All,

A number of weeks ago I made my second attempt to lock down the website
and clean it up. As of today approximately 4 weeks have elapsed since
Google had us listed as being a problem. On my second attempt I cleaned
the site and modified all the passwords, and restricted Nucleus accounts
to Oystein and myself.

I locked out all the Nucleus accounts except for the aforementioned
ones. An administrator account for the content management system had
been created at some point by the attackers. This week I will enable all
the regular user accounts. Anyone who is an administrator, I'll request
that you contact me directly so I can enable your account, and have you
change your passwords to something that wasn't previously used.

As part of the cleanup process I extracted all the files for each of our
install programs, and opened all the archives we had. Scanned with
ClamAv and Norton Anti Virus. There was no malicious content found
inside any of these files.

Some changes have been made, but one will affect some of the
developers/maintainers here. For the time being I have separated the
gnubg.org/media directory from the main gnubg.org website. The media
directory has been pointing to a hosting provider I have where I made a
copy of all the media files. There is a temporary redirection set up
that directs any www.gnubg.org/media requests to files.gnubg.org/media .
This change was to help limit any damage done to the main site.

The side effect is that people who use FTP to update the files in the
/media on the original site will not be updating the server with the
active media files. If you need to update the new server
(files.gnubg.org) please contact me for the FTP account information. I
will send Philippe Michel a copy of the credentials needed for that
since I know he is one active FTP as of late.

A few years ago I acquired the gnubg.com domain when it became
available. I had been pointing all web requests from gnubg.com to
gnubg.org in the past. I took the contents of gnubg.org as a base and
migrated them to my home server, and have been cleaning things up in my
spare time. Removing old unneeded files, getting new versions of
plugins, a new version of the Wiki with user registration (and captchas
- at least a partial deterrent to some script kiddies).

gnubg.com/media and gnubg.org/com both point to files.gnubg.com and
files.gnubg.org (The latter 2 being the same location). So all the media
files for one domain are the same for the other. I did this in the event
that there was a breach on gnubg.org. I could direct it to my locked
down sandbox at home running gnubg.com . If it ever came to that I'd
have better log analysis tools available to me. Eventually the
alterations I make to gnubg.com will be moved to gnubg.org.

The password changes also locked out the person who Ftps the daily
snapshots to the server. Since I don't know who was doing this
previously, I created a script on my system that created the daily
snapshots and that has been going for a few weeks now. See my followup
email sometime later today for more my feelings on these daily snapshots.

At this time, I think our site is free of trouble. I'll keep an eye on
updated for the software we use, most especially the content management
system.

-- 
Michael Petch
CApp::Sysware Consulting Ltd.
OpenPGP FingerPrint=D81C 6A0D 987E 7DA5 3219 6715 466A 2ACE 5CAE 3304