WARNING! Beware of 'AUTHENTICATION REQUIRED' pop-up window on UU!

Status
Not open for further replies.

Booli

Well-known member
Joined
Apr 20, 2013
Messages
6,498
Reaction score
43
Location
Midgard
I am posting this to UKE TALK for highest visibility since that seems to be the most popular section of UU. Moderators feel free to move this message if another section is better served by this content.

WARNING!


I received an email from Ryan this morning:
ALoha,
Sorry for the bad news on a Sunday (an awesome day to practice the ukulele).

Our hosting provider took our site offline temporarily due to security concerns. We're looking into the issue now and we hope to have the site back online as soon as possible.

Thank you for your patience.

-Ryan
==============================================
You are receiving this email because you have subscribed to UU+ or a Ukulele Underground mailing list.

Possible password exploit may have gotten into the UU system as per below.

The login box looks like this,and is a sort of pop-up window and appears regardless if your browser has a pop-up blocker turned on,

DO NOT FILL IN your credentials, it clearly says it is NOT going to be sent to UU. I have emailed this picture and details to Ryan just now.

C2IIM7Y.png


Also, if you have lastpass, you need to update to the latest version and for each web site that has saved passwords, check the box to select NEVER AUTOFILL, and make sure that the box for AUTOLOGIN is NOT checked.

This possible 3rd-party may have captured my UU+ password, which is the lessons part of UU, and I am trying to get it reset.

As a precautionary measure, I have changed my password for the forums section just now, which if you have not done in a while, is a good thing to consider, also NEVER used the SAME password on multiple web sites, for if one of them is hacked, and they have your account info, they can easily now hack in to another site using your same credentials, and sites are hacked EVERY single day.

See this link for more info about the possible Lastpass exploit that is currently a problem:

http://www.csoonline.com/article/302...portunity.html
 
Yeah, I've had this show up a couple of times. Due to my highly suspicious nature *adjusts tinfoil hat* I just closed it without filling it in. I follow the simple premise of never trusting anything in a pop up box :)
 
Yeah, I've had this show up a couple of times. Due to my highly suspicious nature *adjusts tinfoil hat* I just closed it without filling it in. I follow the simple premise of never trusting anything in a pop up box :)

Good for you. My motto is usually 'trust nothing online' by default, but Lastpass was not configured optimally and was working against me. I have to use it because I have hundreds of logins, all with unique passwords that are impossible to remember and writing them down on paper is also a security failure.

I know a little bit about the Apache web server, and if you have a .htaccess file in any folder that has hosted content, this kind of password box appears when a page from that folder is requested by the browser.

Usually a .htaccess file is used to set credentials and other settings for Apache, but I've only used it for WebDAV, which I found to be too insecure and ended up going back to SFTP instead. Since then I stopped reading about .htaccess files, but this login box is typical of a .htaccess file being used for permissions to view secure content from a web server.
 
Good for you. My motto is usually 'trust nothing online' by default, but Lastpass was not configured optimally and was working against me.

Well, I hope it all gets resolved and doesn't cause you or anyone else any serious security issues. It was good of you to take the time to post a warning about it :)

To be honest I'm kind of relieved that it's not some local browser malware on my machine - which I thought it might be.
 
Thanks for sharing, I got this email too. Didn't do anything.
 
Well, I hope it all gets resolved and doesn't cause you or anyone else any serious security issues. It was good of you to take the time to post a warning about it :)

To be honest I'm kind of relieved that it's not some local browser malware on my machine - which I thought it might be.

Thanks for sharing, I got this email too. Didn't do anything.

Thanks guys.

I'm just trying to help keep UU and all of us safe. I have also sent a link to this thread via PM to a few of the moderators so that they are in the loop too.
 
Ugh, I guess this is my fault for not clarifying in the email I sent out.

Our site was not hacked.

The pop up login box was put there by our hosting company to prevent anyone from accessing the site until we clarified what certain files on our server was. The company that we use for hosting was sold late last year and the new owners have been doing a bunch of dumb crap recently and this is the latest of many. The files that were in question were files that our security company that we hire had flagged and cleaned 4 years ago, but for some reason the new hosting company owners scanned the server and saw the old unaccessbile files and shut down our website. Once I deleted the benign backup files they turned the site back on. This is probably the last straw for these new owners and im going to be looking to move our sites elsewhere.

By the way, the forum itself is run on a separate server installation to prevent "cross contamination" both ways (if either UU+ or the forum has issues, it doesn't affect the other).

I know the person who started this thread had the best of intentions, but this probably caused more people to worry than was necessary. I'm closing this thread.
 
Status
Not open for further replies.
Top Bottom