Monday, September 15, 2014

A Problem With IRC Chat

A lot of discussion related to development and support in the Open Source world happens over IRC. If you are part of that community, this may be relevant to you.

[16:04] [MOTD] - **************************************************************
[16:04] [MOTD] -                       SECURITY ALERT
[16:04] [MOTD] -
[16:04] [MOTD] - Over the weekend of 13th-14th September freenode staff noticed
[16:04] [MOTD] - some compromised binaries present on a number of servers.
[16:04] [MOTD] - The servers in question have been removed from the network and
[16:04] [MOTD] - shut down.  However, it's possible that network traffic  -
[16:04] [MOTD] - including SSL traffic - has been sniffed and passwords
[16:04] [MOTD] - exposed.
[16:04] [MOTD] -
[16:04] [MOTD] - We therefore recommend that all users change their nickserv
[16:04] [MOTD] - password(s) to a new value which is not shared with any
[16:04] [MOTD] - other service.
[16:04] [MOTD] -
[16:04] [MOTD] - You can do this with /msg nickserv set password newpasshere
[16:04] [MOTD] -
[16:04] [MOTD] - Please note that investigation is ongoing to discover the root
[16:04] [MOTD] - cause of the attack, and until this investigation is complete
[16:04] [MOTD] - we cannot be 100% certain that all traces of the compromises
[16:04] [MOTD] - have been removed. We may have to ask you to change your
[16:04] [MOTD] - passwords again after analysis has completed.
[16:04] [MOTD] -
[16:04] [MOTD] - Further details will appear on https://blog.freenode.net/

As an aside: not posting for a while (things are busy) seems to have foxed those annoying +1 bots for the moment. The ones that +1 every post you make, seconds after submission. Alas, it won't last.

No comments:

Post a Comment

Thanks for your comment; communities are not built without you.

But note than comments on older posts usually go into a modertion queue. It keeps out a lot of blog spam. Weird links to Web sites hosting malware, marketing nonsense, etc.

I really want to be quick about approving comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.

If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.