SPGB website security

2 posts / 0 new
Last post
Joined: 20-04-08
Jul 8 2018 04:50
SPGB website security

Some who come here also visit the SPGB Forum and in the interests of the Thin Red Line solidarity i wish to inform you of an unfortunate event. Hopefully, your own website does not share the same vulnerability but take care and be warned.

Be warned our website is down for the immediate future due to a cyber-attack from persons so far unidentified.
Fortunately, we have a very competent internet committee who are feverishly repairing the breach.
Not being computer savvy, i now quote from an announcement.

Our initial assessment is that the attack took place approximately one week ago and that it was
effected through a security flaw in the content management system (CMS)
that powers the SPGB website. The identity of the attacker is not
currently known to us.

The evidence we have examined so far suggests that the attacker
had the opportunity to access almost all information stored on the web
server, including the SPGB forum's user database. The user database
stores passwords in a secure manner, so it is unlikely that the
attacker was able to see them. However, the attacker may have been
intercepting data submitted through the SPGB website from the time of
the attack until yesterday evening. This means that if you logged into
the SPGB forum on worldsocialism.org, then the attacker may have your
username and password. In any case, if you use the same
username/password or e-mail/password combination on both the SPGB forum
and on other websites, we advise you to change your password on those
other websites immediately.

If you entered any other kind of information (such as submitting a
contact form or sending a private message on the SPGB forum) on the
websites of the SPGB, the World Socialist Movement, the Socialist
Party of Canada, or the World Socialist Party of New Zealand, then
for now you should proceed on the assumption that that information has
been exposed to the attacker.

We are still working to assess the extent of the attack and to repair
the damage, and we will attempt to notify any and all affected users
directly once we are able to gather their contact details from the
relevant databases. So far we have been able to restore the mail server
(but not the webmail interface) and the Socialist Party of Canada
website. We hope to be able to restore the webmail interface and the
WSPNZ website in the next few days. However, the SPGB and WSM websites
could remain offline for several weeks while we fix the security
flaw that led to this breach.

jondwhite's picture
Joined: 23-10-12
Jul 8 2018 10:47

Reset your libcom password here