Downtime/Security issue update
Last month we elaborated on the downtime of a number of our services from approximately 1st April - 9th April 2013. We revealed that the downtime was a result of our admins identifying "suspicious activity" surrounding our primary server.
Three days ago, a hacking group published a document detailing some of their latest activities. In it, they claim that SwiftIRC servers were targeted because they believed that a rival group may be using our network for their own communication. The document goes on to detail how the group compromised some high profile targets including Linode and its domain registrar, all in an effort to gain access to SwiftIRC servers and consequently the unnamed rival group.
We can confirm that SwiftIRC uses Linode to host a variety of our services, and that in the early hours of April 1st 2013 we were alerted to suspicious activity on our primary server (specifically, an unexpected reboot). While investigating the cause of this reboot we also became locked out of our Linode management account. At this point we requested assistance from Linode, and thankfully they were able to rapidly investigate and disable our compromised account as well as shut down the affected server to prevent any further damage.
With the server offline and assumed secure for the time being, we began attempting to discover the root cause of this security compromise. Unfortunately, we were unable to find any explanation for the compromise through the expected channels (an admin's home computer being compromised etc.).
During our post-mortem we were also able to identify the activity that took place on our compromised server during the approximately 20 minute window that it was accessed. It appears that in addition to gathering basic information on the server itself, the attacker was attempting to create some sort of backdoor into our server as well as create a compressed archive of various locations on our server, apparently intending to retrieve it at a later date from our own web site.
However, based on what we have been able to determine, the attempts to retrieve any of our internal or user data were unsuccessful through this vector due to the limited amount of time that the server was accessible. While it appeared that the server was not irrevocably compromised, we decided to err on the side of caution and keep it offline while preparing a brand new server installation.
With regard to the allegation that this security compromise (as well as that of our service provider) was related to a "rival group" using our services, we have conducted a basic analysis of our current user base and concluded that the majority of our users and channels are legitimate. Obviously it is entirely possible for users to create private channels and discuss any subject -- controversial or not -- without oversight or knowledge from the network staff or users in general. This is a result of SwiftIRC's size and diversity, and while it is regrettably possible for a small number of users to cause trouble for the network at large, we do not believe that this is a fair reflection of SwiftIRC or its users in general.
This overall situation, if reported accurately, is concerning for us as it is unlike anything else we have seen in our 8+ years of operation. With this eye-opener on the sorts of unwanted attention our network could conceivably receive, we will endeavour to refine our own security policies and practises so that we are in a better position to avoid any further issues of this nature.
We would like to thank you for your understanding and continued support for SwiftIRC.
- The SwiftIRC Administration
Server Delinked: intersect.tx.us.swiftirc.net
Let it be known that henceforth, Intersect and its Server Administrator Nerdie is delinked from the network.
Please keep in mind that this means Nerdie is no longer a staff member, and should not be trusted with any 'confidential' information.
Consequently, we have performed some maintenance on our servers and we encourage users experiencing any instability to please come to #support and report it to an Operator there.
In more important (and much more interesting) news, we have decided to promote Jake to the role of IRC Operator in hopes that he will bring some sort of order to the chaos.
We welcome Jake and the ideas and support he brings to the network, and thank him for all the service he has provided as a Help Operator.
Please treat him with respect (or not) as he goes through the transition stage and learns the ropes (at a grandma's pace, seriously what is up with this guy does he even lift?)
“Just as I had long suspected, a person didn't really need math for anything anyway. Maybe some people did. Some limited people.”
― Augusten Burroughs, Possible Side Effects
Older posts
Hello,
We recently experienced an outage that was due to our web server being potentially compromised. We'd like to stress that no user information was leaked and no data integrity was lost. In order to explain why the downtime was so long, we've put together the following timeline of events.
1. Admins were alerted that there was suspicious activity on the server and took steps to minimize the potential for data to be collected and leaked.
2. When these steps failed, the server was shut down, thus halting all operations on the server and locking out undetermined intruders.
3. The server was audited to see whether an intrusion had indeed occured.
4. After examining the server, it was determined that no compromise had occured and all data was intact. A decision was made to rebuild the server from scratch.
5. The server was rebuilt, and as of now everything is back online.
During situations like this, it's important that the issue be isolated quickly to prevent irreparable damage. Our main concern was determining whether user data had been compromised while also minimizing the effect of the outage. Almost every staff member on the team had a hand in resolving this issue from rebuilding the server to being on hand to answer support queries and assist users with issues. We're proud of how our team handled this and commend them for their responsiveness and hard work.
All services should be operating normally at this time. If you experience any issues please let us know in #support.
The SwiftIRC Class Team is proud to announce our 3rd event for our users! This class event will cover Basic IRC Security, followed by a question and answer session. Hopefully this session will give you the opportunity to learn something new about essential IRC security, and help you enjoy a great chatting experience on SwiftIRC!
The topics involved in this class are as followed:
General IRC Security
NickServ-related Security
ChanServ-related Security
When:
Saturday* (March 16):
11 AM PST [US-West]
2 PM EST [US-East]
6 PM GMT [UK]
4 AM EDT Sunday [Aus]
Sunday (March 17):
12 AM PST [US-West]
3 AM EST [US-East]
7 AM GMT [UK]
5 PM EDT [Aus]
Where: #Class
Who: YOU and the SwiftIRC Class Team
Visit our forums and you can join in on the discussion!
We hope to see you there!
Thanks,
SwiftIRC Community Department
* Due to unforeseeable circumstances, the event scheduled for Saturday has been pushed forward 1 hour. Times listed have been updated to reflect this change. We apologise for any inconveniences caused.
Last edited by Sephiroth on 2013-04-08 03:17:28 UTC
Hello!
Are you as excited about Old School RuneScape as we are? Take a trip down memory lane with us and fight to score against your enemy in Castle Wars, team up with the Void Knights to maintain balance in the name of Guthix and bring your A-game in a last man standing Fight Pit!
We have a total of ten $25 RuneScape red cards up for grabs! A card will be awarded to the top ranked participant on the Old School hiscores every weekend, in addition to a randomly selected player present at each activity.
Participants must be registered on SwiftIRC and present in the #Events channel to be eligible for the prizes.
We have planned several events, the times and dates are as follows:
March 3rd 22:00 - Castle Wars
March 10th 20:00 - Pest Control
March 17th 18:00 - Fight Pits
March 24th 14:00 - Pest Control
April 1st 00:00 - Castle Wars
All times are in UTC (GMT+0)
More details can be found on the SwiftIRC Forum thread, we hope to see you all there!
The SwiftIRC Events Team
Last edited by Sephiroth on 2013-04-08 03:18:34 UTC
Do you like MMOs or first person shooters? What about prizes?
Join us on February 22, 8PM EST (1AM GMT) where we'll be teaming with an established PlanetSide 2 outfit for a night of rocket launchers, tanks, planes, armoured vehicles, assault rifles, machine guns, sniper rifles, and many, many more guns.
3 participants will be selected at random for a $20 Steam gift card!
For instructions on how to qualify and more information, check out Angel's forum topic below.
http://forum.swiftirc.net/viewtopic.php?f=37&t=26470
I'm pleased to announce that the server intersect.tx.us.SwiftIRC.net has completed its 30 day trial and is now permanently linked to our network.
We extend our congratulations to Intersect's admin Nerdie and warmly welcome him to the Server Administrator team.
In other news Steve's feast was amazing (or so we've been told).
Best Wishes Nerdie,
Dyno
Last edited by Carl on 2013-01-28 17:05:22 UTC
Lords and Lasses of the SwiftIRCs it is a great honor to welcome Dyno and his server Gabriel to the network.
After passing a test-link of 30 days Gabriel has been granted a full link. I feel that this is a year of many celebrations, a feast in his honor will be held at my house. None of you are invited.
Steve
idk math stuffs
Today we finished rolling out upgrades to our versions of UnrealIRCd and Anope that have been planned for several months. Our IRC software developer Adam made quite a few changes, most notably the addition of m_textban, which allows channel staff to block or censor text at their discretion.
A full changelog may be found at http://forum.swiftirc.net/viewtopic.php?f=10&t=26408 - enjoy!
It is my pleasure to welcome our newest test link intersect.tx.us.SwiftIRC.net and its admin, Nerdie, to the ranks of the SwiftIRC Team. We wish Nerdie the best of luck during his trial phase and hope that he can provide us with many new ventures.
In other news, Alex resigned.. Alexandra
Steve
"MATHMATHMATHMATHMATH"
Last edited by Sephiroth on 2012-12-12 17:28:42 UTC
(Click to enlarge)
User stats since last update
Registered nick groups: 15,447
Registered nick aliases: 22,084
Channel stats since last update
Registered channels: 5,493
Access list entries: 74,844
Network statistics
Server time: 2013-05-23 14:03:48 UTC
9 users active within 10 minutes
9 guests & 0 members
(Normal user - Administrator)
Registered users:
No users are online
