Results 1 to 7 of 7

Thread: WARNING! Beware of 'AUTHENTICATION REQUIRED' pop-up window on UU!

  1. #1

    Default WARNING! Beware of 'AUTHENTICATION REQUIRED' pop-up window on UU!

    I am posting this to UKE TALK for highest visibility since that seems to be the most popular section of UU. Moderators feel free to move this message if another section is better served by this content.

    WARNING!


    I received an email from Ryan this morning:
    ALoha,
    Sorry for the bad news on a Sunday (an awesome day to practice the ukulele).

    Our hosting provider took our site offline temporarily due to security concerns. We're looking into the issue now and we hope to have the site back online as soon as possible.

    Thank you for your patience.

    -Ryan
    ==============================================
    You are receiving this email because you have subscribed to UU+ or a Ukulele Underground mailing list.
    Possible password exploit may have gotten into the UU system as per below.

    The login box looks like this,and is a sort of pop-up window and appears regardless if your browser has a pop-up blocker turned on,

    DO NOT FILL IN your credentials, it clearly says it is NOT going to be sent to UU. I have emailed this picture and details to Ryan just now.



    Also, if you have lastpass, you need to update to the latest version and for each web site that has saved passwords, check the box to select NEVER AUTOFILL, and make sure that the box for AUTOLOGIN is NOT checked.

    This possible 3rd-party may have captured my UU+ password, which is the lessons part of UU, and I am trying to get it reset.

    As a precautionary measure, I have changed my password for the forums section just now, which if you have not done in a while, is a good thing to consider, also NEVER used the SAME password on multiple web sites, for if one of them is hacked, and they have your account info, they can easily now hack in to another site using your same credentials, and sites are hacked EVERY single day.

    See this link for more info about the possible Lastpass exploit that is currently a problem:

    http://www.csoonline.com/article/302...portunity.html
    Guinea proverb: "A cow that has no tail should not try to chase away flies."

  2. #2
    Join Date
    May 2015
    Location
    Cornwall UK
    Posts
    1,114

    Default

    Yeah, I've had this show up a couple of times. Due to my highly suspicious nature *adjusts tinfoil hat* I just closed it without filling it in. I follow the simple premise of never trusting anything in a pop up box

  3. #3

    Default

    Quote Originally Posted by jollyboy View Post
    Yeah, I've had this show up a couple of times. Due to my highly suspicious nature *adjusts tinfoil hat* I just closed it without filling it in. I follow the simple premise of never trusting anything in a pop up box
    Good for you. My motto is usually 'trust nothing online' by default, but Lastpass was not configured optimally and was working against me. I have to use it because I have hundreds of logins, all with unique passwords that are impossible to remember and writing them down on paper is also a security failure.

    I know a little bit about the Apache web server, and if you have a .htaccess file in any folder that has hosted content, this kind of password box appears when a page from that folder is requested by the browser.

    Usually a .htaccess file is used to set credentials and other settings for Apache, but I've only used it for WebDAV, which I found to be too insecure and ended up going back to SFTP instead. Since then I stopped reading about .htaccess files, but this login box is typical of a .htaccess file being used for permissions to view secure content from a web server.
    Guinea proverb: "A cow that has no tail should not try to chase away flies."

  4. #4
    Join Date
    May 2015
    Location
    Cornwall UK
    Posts
    1,114

    Default

    Quote Originally Posted by Booli View Post
    Good for you. My motto is usually 'trust nothing online' by default, but Lastpass was not configured optimally and was working against me.
    Well, I hope it all gets resolved and doesn't cause you or anyone else any serious security issues. It was good of you to take the time to post a warning about it

    To be honest I'm kind of relieved that it's not some local browser malware on my machine - which I thought it might be.

  5. #5
    Join Date
    Feb 2014
    Location
    Toronto, ON
    Posts
    2,206

    Default

    Thanks for sharing, I got this email too. Didn't do anything.
    How bad is your UAS?

  6. #6

    Default

    Quote Originally Posted by jollyboy View Post
    Well, I hope it all gets resolved and doesn't cause you or anyone else any serious security issues. It was good of you to take the time to post a warning about it

    To be honest I'm kind of relieved that it's not some local browser malware on my machine - which I thought it might be.
    Quote Originally Posted by sam13 View Post
    Thanks for sharing, I got this email too. Didn't do anything.
    Thanks guys.

    I'm just trying to help keep UU and all of us safe. I have also sent a link to this thread via PM to a few of the moderators so that they are in the loop too.
    Guinea proverb: "A cow that has no tail should not try to chase away flies."

  7. #7
    Join Date
    Nov 2007
    Location
    Kauai HI
    Posts
    2,372

    Default

    Ugh, I guess this is my fault for not clarifying in the email I sent out.

    Our site was not hacked.

    The pop up login box was put there by our hosting company to prevent anyone from accessing the site until we clarified what certain files on our server was. The company that we use for hosting was sold late last year and the new owners have been doing a bunch of dumb crap recently and this is the latest of many. The files that were in question were files that our security company that we hire had flagged and cleaned 4 years ago, but for some reason the new hosting company owners scanned the server and saw the old unaccessbile files and shut down our website. Once I deleted the benign backup files they turned the site back on. This is probably the last straw for these new owners and im going to be looking to move our sites elsewhere.

    By the way, the forum itself is run on a separate server installation to prevent "cross contamination" both ways (if either UU+ or the forum has issues, it doesn't affect the other).

    I know the person who started this thread had the best of intentions, but this probably caused more people to worry than was necessary. I'm closing this thread.
    Rayan, What you are doing?

    I give up with my PM box, just email ryan(at)ukuleleunderground.com

    YES Mahaloz!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •