The official Ubuntu Forums have been brought back online, more than a week after a hack saw passwords for its 1.8 million users stolen.
In analysing the exact cause that allowed the attacker to wreak havoc, Canonical’s James Troup cites a ‘combination’ of configuration settings in the vBulletin software used to power the forums and a compromised moderator account.
By happenstance of these two things the attacker was able to gain ‘full access to the vBulletin environment as an administrator and shell access as the ‘www-data’ user on the Forums app servers.’
This, Troup says, allowed the perpetrator to meddle with the forum – at one point adding background music – and download all 1.82 million user names, e-mail addresses & encrypted passwords.
Upon learning of the attack Canonical immediately recommended that anyone using a similar or identical passwords to their compromised Ubuntu Forum one to change it. This advice was backed up by an e-mail shot sent later in the week.
With the post-mortem over Canonical turned their attention to ‘hardening’ the Ubuntu forums to prevent attacks of a similar nature happening in the future. In addition to resetting and rebuilding the forum, its settings and the servers it runs on, all user passwords have been reset and randomised.
Furthermore the Forums now use Ubuntu Single Sign On for improved authentication.
This means you won’t be able to log in to the forum using your old password.
Missed the Forums? Hit the link below to visit them in all their comeback-kid glory.