Extended Offline Time for SharperIron
Nov. 21, 2014
Starting 11/21/14, SharperIron will be offline for week or so. The plan is to resume normal(ish) acitvity on Monday, December 1.
Not to create a panic or anything but... we've been hacked. Though SharperIron was not consciously targeted, the server was infiltrated as part of an automated hacking spree known now as Drupalgeddon (theologians have not yet weighed in on the eschatological significance). The short version of that story is that engineers of the Drupal Content Managment System (which we use here at SI) discovered a major security vulnerability in the current version and posted and announcement along with an update to correct the problem. Unfortunately, for lots and lots of Drupal users around the 'net, hackers unleased automated exploitations of the vulnerability less than 8 hours from the time of the announcement.
SI did not update within that 8 hour window.
At first, it appeared we'd been missed, but last week evidence was discovered that the initial hack did indeed reach us.
So, as they say, "mitigation" is in progress.
What this means to registered site users
- It is possible that hackers grabbed a copy of the SI database.
- Though the hackers' aim would be to scour DBs all over the web for useful things like account numbers, social security numbers, etc., and we don't collect that kind of info, it is possible they'll eventually get around to trying to use the userids, passwords, email addresses in our database.
- If you use the same userid and password at any other sites, it would probably be a good idea to change your password(s) there.
- You might get some new spam in your email, though your usual anti-spam tools are likely to work as well as they normally do.
- When the site goes back online, you'll be prompted to create a new password when you attempt to log on. The process will be the same as the current password reset process--you'll get an email from firstname.lastname@example.org to whatever email address you registered with and the email will contain a link to click and perform the reset.
- Site content: It is not yet clear, how far back we'll need to go into backup copies of the site to get to a reasonably clean fresh start. It may be that the Dec. 1 site will be missing a few months worth of posts. If that turns out to be the case, we'll at least be putting the articles back up a few at a time for a while, to sort of catch up. The comments may or may not be included in that scenario.
So, sometime today, the site will go offline and this post (or something similar) will appear as a static web page. As work goes on in the background, even that page will disappear from time to time.
Meanwhile, our Facebook page will still be operational if you want to gather there and interact. We'll probably post a little news there occasionally too on how things are going.