UPDATE! website downtime
caliban 27 Jan 2011
Click here for an important update on the downtime, Feb.1st 2011
From the newsletter:
Website under construction?
In the next few days and potentially weeks we will update the website again -- to complete the switch to longecity.org, to present a new frontpage and more non-forum pages, to update and refresh the forums and to implement new features and tools. This may lead to some periods where the website is not accessible. Please be patient, and wish us luck that we mange the changes with a minimum of inconvenience for everyone involved.
check out http://twitter.com/imminst for updates if the site is down.
Downtimes are likely to happen later today and at the weekend.
Edited by caliban, 04 February 2011 - 11:44 PM.
rwac 28 Jan 2011
caliban 28 Jan 2011
caliban 01 Feb 2011
We suspect the attack was implemented via our 'chat/shoutbox' which is why this feature has now been taken down.
While the attack was in place, users were being exposed to an external site known to distribute malware.
The attack was spotted pretty much straight away by users and the search engine 'bots' that index the public sections of the site. We were able to react promptly and take the site down. It took some time to isolate the problem, to establish backups and to implement a solution.
Who was affected?
I suspect there was a 40 minutes window on Monday Feb 1st around 17:30-18:20 GMT (11:30-12:20 EST) where users were exposed to the attack. There is no confirmation that any actual malware was distributed to anybody, but if you visited the site during that period, please make sure you check your computer for infections.
Google warning
Our site is now 'flagged' as insecure in google. Many browsers will explain a 'health warning'. We have requested a re-assessment, that should tell us more. The site needs to be open during this period. Until we have heard from google, their warning will stay in place.
We believe it is now again safe to surf LongeCity, but if you want to be reassured you could wait until google has re-indexed the site.
Safe?
In almost 10years of running a very open-access web platform, LongeCity has been victim to spam, denial of service and other attacks, but avoided being used as a distributors of malicious software. We are committed to re-establishing that track record, and decisions will need to be made about trade offs between efficacy, usability, richness of features and safety. The internet is not a 'safe place' - but we will at least make sure that if LongeCity and the Immortality Institute is known for being dangerous, its is only because of the open exchange of 'dangerous ideas' challenging received opinions.
Edited by caliban, 01 February 2011 - 03:47 AM.
caliban 01 Feb 2011
To eliminate angles, we have taken out the 'friendly url' format at the moment. Regrettably that means links to imminst forum posts may now be broken. We'll see if we can fix that in the future.
I also can't fully promise that we have closed the door to further attacks. We have implemented new security measures and closed vulnerabilities, but if the attacker is determined, there may be other attempts.
We should know more in a few days, sorry for the inconvenience.
caliban 01 Feb 2011
To eliminate angles, we have taken out the 'friendly url' format at the moment. Regrettably that means links to imminst forum posts may now be broken. We'll see if we can fix that in the future.
This may be fixed now. Fingers crossed.
Rational Madman 02 Feb 2011
I am very sorry to report that on top of the ongoing 'building work' we were affected by a malware attack today.
We suspect the attack was implemented via our 'chat/shoutbox' which is why this feature has now been taken down.
While the attack was in place, users were being exposed to an external site known to distribute malware.
The attack was spotted pretty much straight away by users and the search engine 'bots' that index the public sections of the site. We were able to react promptly and take the site down. It took some time to isolate the problem, to establish backups and to implement a solution.
Who was affected?
I suspect there was a 40 minutes window on Monday Feb 1st around 17:30-18:20 GMT (11:30-12:20 EST) where users were exposed to the attack. There is no confirmation that any actual malware was distributed to anybody, but if you visited the site during that period, please make sure you check your computer for infections.
Google warning
Our site is now 'flagged' as insecure in google. Many browsers will explain a 'health warning'. We have requested a re-assessment, that should tell us more. The site needs to be open during this period. Until we have heard from google, their warning will stay in place.
We believe it is now again safe to surf LongeCity, but if you want to be reassured you could wait until google has re-indexed the site.
Safe?
In almost 10years of running a very open-access web platform, LongeCity has been victim to spam, denial of service and other attacks, but avoided being used as a distributors of malicious software. We are committed to re-establishing that track record, and decisions will need to be made about trade offs between efficacy, usability, richness of features and safety. The internet is not a 'safe place' - but we will at least make sure that if LongeCity and the Immortality Institute is known for being dangerous, its is only because of the open exchange of 'dangerous ideas' challenging received opinions.
Are there any suspects, or as I presume, did the sender conceal their identity well?
niner 02 Feb 2011
While correlation != causation, I'd be very suspicious of some connection to the recent spamwave.Are there any suspects, or as I presume, did the sender conceal their identity well?
Thorsten3 02 Feb 2011
caliban 04 Feb 2011
I really didn't want to take any further risks, so we went for a full lock-down again.
As the problem lingered, it occurred to us that since the site is down anyway (and google hates us now), we might as well take the plunge and switch domains. This had been planned for January, but we postponed it because we were unsure about disrupting things- well things couldn't get much more disrupted than the whole forums being down for days.
This was the longest downtime we have had for a long while and we are really sorry that you were kept from plotting deaths demise for so long. Hopefully, there is something positive from this downtime. Let me count the ways:
- we upgraded security protocols and software, making the site more secure
- we learned what good friends we have at Canaca (thanks Anthony! Thanks Bashir!)
- the newly constituted Engineers team really came together. Rwac especially was patient and tireless in holding my hand throughout.
- we learned new things about how our software operates and how to break it (Singularity beware)
- we made the plunge to the new domain and thus the final step in the venture towards new and bigger horizons
So now, you'll see a fancy new domain name in your browser. You may find that some settings are no longer remembered - such as which threads you visited. Hopefully, the important redirects are working and hopefully this will also ward off the attack scrip whatever it was. However, we are not sure about that bit - so please, over the next few days, use the forums with a bit of caution and only if you have antivirus software switched on.
Please be patient while we monitor this switch and please let us know if something is strange or broken.
Rational Madman 06 Feb 2011
caliban 06 Feb 2011
I think we should make an announcement that the Imminst.org pathway doesn't work, because some--like myself---may continue to use this route as a matter of habit.
It will work off and on over the next few days. It will only break if we need to look at the old site for some reason.
I'm getting cold feet about the move myself. The malware is gone so thats good, but some other things are still broken. Rwac suggests that we try to stick it out at longecity, I'm not so sure.
If we move back we will transfer all the posts across, so you don't need to worry about that.
However, I would suggest:
DON'T UPDATE YOUR BOOKMARKS YET!