13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
- Jools
- Expert
- Posts: 16138
- Joined: 30 Dec 2002, 15:25
- My articles: 198
- My images: 948
- My catfish: 237
- My cats species list: 87 (i:237, k:1)
- My BLogs: 7 (i:10, p:202)
- My Wishlist: 23
- Spotted: 450
- Location 1: Middle Earth,
- Location 2: Scotland
- Interests: All things aquatic, Sci-Fi, photography and travel. Oh, and beer.
- Contact:
13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Firstly, thank you to all the good fish folks who offered support and encouragement as Planet was offline for five days. You rock, and we salute you!
Owner, AquaticRepublic.com, PlanetCatfish.com & ZebraPleco.com. Please consider donating towards this site's running costs.
- Jools
- Expert
- Posts: 16138
- Joined: 30 Dec 2002, 15:25
- My articles: 198
- My images: 948
- My catfish: 237
- My cats species list: 87 (i:237, k:1)
- My BLogs: 7 (i:10, p:202)
- My Wishlist: 23
- Spotted: 450
- Location 1: Middle Earth,
- Location 2: Scotland
- Interests: All things aquatic, Sci-Fi, photography and travel. Oh, and beer.
- Contact:
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Around 2pm GMT on Wednesday 13th I began to get emails suggesting something abnormal was happening with the site. This was unusual because I had not been logged into the site or had been working on it for a day or so. I was at work and can’t readily get into the site so I waited until the evening.
On logging into the server I found all the site files were missing and a message had been uploaded basically telling me someone has access to the server that should not. I immediately changed all passwords including the database users which run on a different server. I removed the message and left one saying the site was down and I was looking into it. I began the process of restoring the previous night's backup.
On Thursday morning my message had been changed to “JANGAN GANNGU !!!". Indonesian for “don’t bother”. Face palm moment: while I had changed all passwords, I had not checked who was logged in. I immediately rebooted the server which would kill any other sessions running.
I had a look at who had logged in. There were two logins (167.99.4.184 United States 4 Dec-13 04:59:51 and 125.163.1.16 Indonesia 2 Dec-13 06:06:06) which were not me. Someone, possibly two people, had logged into the server. I could trust nothing.
I also found that aquaticrepublic.com, aquaticrepublicnetwork.com, clearriverpartnership.co.uk, dignall.com and zebrapleco.com had all suffered the same fate. Not good. I took all those sites out of service and began thinking about what to do. Thursday was a long day at work. Thursday night I started the process of checking everything. All files; everything.
Planet alone has around 93,000 files across about 53GB of disk. OK, a lot of those are standard forum files, but there’s still a lot of code! And I don’t know the attack vector.
Planet is backed up daily online and monthly offline. That’s all the files and the database too.
Friday I managed to get a good copy of the forum by checking every file against a clean copy from the phpBB site, I checked that all the database looked ok. I also checked all files against my local copy and against the most recent backup. By Saturday morning I had a clean version of the site. It took hours to upload everything.
On Sunday I couldn't get the forum to work. The forum software (phpBB) runs the forum but I also use it for all user authentication; it's well-maintained and secure but it's complicated and tightly integrated with the custom ARN/PlanetCatfish code. It's also modern - bear in mind I learned all this stuff 25 years ago. So I am fairly current but a lot of techniques have changed. So, I learned a few new tricks and set about fixing it all up again.
How did they get in? Possibly a brute force attack, possibly a file with the password in it was inadvertently copied somewhere. I don't know.
Did they steal anything? I don't know, it's possible they could have downloaded the site, and the database but there is no evidence of this and the database logs don't appear to show any activity. In case you're worried about your password, we don't store it. As per best practice, we only store a hash of it.
Today is Monday. I've finally got the site up and running. Due to when the last online backup was taken, images uploaded after around 2023-12-05 1100 are not available and need to be reloaded.
I think this only affects @casscats, and some additions I made to the cat-elog (and in some cases wrong images will be against the wrong contributor). Going to make a cup of tea and tackle that.
Cheers,
Jools
On logging into the server I found all the site files were missing and a message had been uploaded basically telling me someone has access to the server that should not. I immediately changed all passwords including the database users which run on a different server. I removed the message and left one saying the site was down and I was looking into it. I began the process of restoring the previous night's backup.
On Thursday morning my message had been changed to “JANGAN GANNGU !!!". Indonesian for “don’t bother”. Face palm moment: while I had changed all passwords, I had not checked who was logged in. I immediately rebooted the server which would kill any other sessions running.
I had a look at who had logged in. There were two logins (167.99.4.184 United States 4 Dec-13 04:59:51 and 125.163.1.16 Indonesia 2 Dec-13 06:06:06) which were not me. Someone, possibly two people, had logged into the server. I could trust nothing.
I also found that aquaticrepublic.com, aquaticrepublicnetwork.com, clearriverpartnership.co.uk, dignall.com and zebrapleco.com had all suffered the same fate. Not good. I took all those sites out of service and began thinking about what to do. Thursday was a long day at work. Thursday night I started the process of checking everything. All files; everything.
Planet alone has around 93,000 files across about 53GB of disk. OK, a lot of those are standard forum files, but there’s still a lot of code! And I don’t know the attack vector.
Planet is backed up daily online and monthly offline. That’s all the files and the database too.
Friday I managed to get a good copy of the forum by checking every file against a clean copy from the phpBB site, I checked that all the database looked ok. I also checked all files against my local copy and against the most recent backup. By Saturday morning I had a clean version of the site. It took hours to upload everything.
On Sunday I couldn't get the forum to work. The forum software (phpBB) runs the forum but I also use it for all user authentication; it's well-maintained and secure but it's complicated and tightly integrated with the custom ARN/PlanetCatfish code. It's also modern - bear in mind I learned all this stuff 25 years ago. So I am fairly current but a lot of techniques have changed. So, I learned a few new tricks and set about fixing it all up again.
How did they get in? Possibly a brute force attack, possibly a file with the password in it was inadvertently copied somewhere. I don't know.
Did they steal anything? I don't know, it's possible they could have downloaded the site, and the database but there is no evidence of this and the database logs don't appear to show any activity. In case you're worried about your password, we don't store it. As per best practice, we only store a hash of it.
Today is Monday. I've finally got the site up and running. Due to when the last online backup was taken, images uploaded after around 2023-12-05 1100 are not available and need to be reloaded.
I think this only affects @casscats, and some additions I made to the cat-elog (and in some cases wrong images will be against the wrong contributor). Going to make a cup of tea and tackle that.
Cheers,
Jools
Owner, AquaticRepublic.com, PlanetCatfish.com & ZebraPleco.com. Please consider donating towards this site's running costs.
- Shane
- Expert
- Posts: 4625
- Joined: 30 Dec 2002, 22:12
- My articles: 69
- My images: 161
- My catfish: 75
- My cats species list: 4 (i:75, k:0)
- My aquaria list: 4 (i:4)
- Spotted: 99
- Location 1: Tysons
- Location 2: Virginia
- Contact:
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
What a pain!
-Shane
-Shane
"My journey is at an end and the tale is told. The reader who has followed so faithfully and so far, they have the right to ask, what do I bring back? It can be summed up in three words. Concentrate upon Uganda."
Winston Churchill, My African Journey
Winston Churchill, My African Journey
-
- Posts: 193
- Joined: 02 Sep 2003, 22:02
- I've donated: $29.00!
- My cats species list: 10 (i:3, k:4)
- My aquaria list: 2 (i:0)
- My BLogs: 4 (i:3, p:202)
- My Wishlist: 5
- Spotted: 10
- Location 1: New England USA
- Location 2: NH USA
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
WOW thats alot of work, thank you for all the hard work to bring this back up. I was checking daily and not getting my daily dose of PC!! Great to see it back.
Too Many Tanks... Too Many fish... not enough time!!!
- naturalart
- Posts: 751
- Joined: 07 Jan 2006, 05:38
- I've donated: $45.00!
- My images: 3
- My cats species list: 37 (i:18, k:9)
- My aquaria list: 6 (i:3)
- My Wishlist: 3
- Spotted: 14
- Location 1: Oakland
- Location 2: California
- Interests: catfish, nature
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Yeomans work. Glad you were able to put it back together. Congrates!
- bekateen
- Posts: 9325
- Joined: 09 Sep 2014, 17:50
- I've donated: $40.00!
- My articles: 4
- My images: 141
- My cats species list: 145 (i:105, k:35)
- My aquaria list: 37 (i:14)
- My BLogs: 45 (i:150, p:2729)
- My Wishlist: 35
- Spotted: 183
- Location 1: USA, California, Stockton
- Location 2: USA, California, Stockton
- Contact:
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Thanks Jools! I could tell if you took that long to fix it, it must have been a nightmare!
Cheers, Eric
Cheers, Eric
Find me on YouTube & Facebook: http://youtube.com/user/Bekateen1; https://www.facebook.com/Bekateen
Buying caves from https://plecocaves.com? Plecocaves sponsor Bekateen's Fishroom. Use coupon code bekateen for 15% off your order. Also, for you Swifties: Https://youtu.be/ZUKdhXL3NCw
- Jools
- Expert
- Posts: 16138
- Joined: 30 Dec 2002, 15:25
- My articles: 198
- My images: 948
- My catfish: 237
- My cats species list: 87 (i:237, k:1)
- My BLogs: 7 (i:10, p:202)
- My Wishlist: 23
- Spotted: 450
- Location 1: Middle Earth,
- Location 2: Scotland
- Interests: All things aquatic, Sci-Fi, photography and travel. Oh, and beer.
- Contact:
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
No worries guys, certainly kept me focussed for a few days!
Cheers,
Jools
Cheers,
Jools
Owner, AquaticRepublic.com, PlanetCatfish.com & ZebraPleco.com. Please consider donating towards this site's running costs.
-
- Posts: 282
- Joined: 22 Nov 2005, 16:20
- My catfish: 4
- My cats species list: 22 (i:4, k:0)
- My BLogs: 4 (i:0, p:75)
- Spotted: 3
- Location 1: UK
- Location 2: Boston Spa, West Yorks, U.K.
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Great work Jools, so glad you were able to restore the site. Hacks and Hackers are horrible to have to deal with.
Mark Walters
chairman@catfishstudygroup.org
chairman@catfishstudygroup.org
- amiidae
- Posts: 603
- Joined: 25 Nov 2004, 13:19
- My images: 547
- My cats species list: 82 (i:0, k:1)
- Spotted: 179
- Location 1: Singapore
- Location 2: Singapore
- Contact:
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
happy its back online again
PREDATORY FISH KEEPERS FB GROUP --> https://www.facebook.com/groups/166535030633179/
-
- Posts: 64
- Joined: 03 Nov 2012, 21:54
- My cats species list: 10 (i:2, k:4)
- My Wishlist: 5
- Spotted: 8
- Location 1: BC
- Location 2: Canada
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Thanks Jools for all your hard work. I didn't realise how much I'm on this site until I couldn't reach it anymore.
- Jools
- Expert
- Posts: 16138
- Joined: 30 Dec 2002, 15:25
- My articles: 198
- My images: 948
- My catfish: 237
- My cats species list: 87 (i:237, k:1)
- My BLogs: 7 (i:10, p:202)
- My Wishlist: 23
- Spotted: 450
- Location 1: Middle Earth,
- Location 2: Scotland
- Interests: All things aquatic, Sci-Fi, photography and travel. Oh, and beer.
- Contact:
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
It's a pleasure (usually!), you know, a lot of people have said that about not realising how often they dip into the site. It's good to know.
Cheers,
Jools
Owner, AquaticRepublic.com, PlanetCatfish.com & ZebraPleco.com. Please consider donating towards this site's running costs.
-
- Posts: 8
- Joined: 27 Nov 2020, 00:26
- My cats species list: 17 (i:0, k:6)
- My BLogs: 1 (i:2, p:55)
- My Wishlist: 1
- Spotted: 18
- Location 1: Norway
- Location 2: Bergen
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Thank you so much Jools, we in Bergen are gratefull for your work!
-
- Posts: 237
- Joined: 22 Sep 2015, 03:58
- My cats species list: 81 (i:0, k:25)
- My BLogs: 3 (i:0, p:27)
- My Wishlist: 34
- Spotted: 44
- Location 1: Tampa, Florida
- Location 2: USA
- Interests: Church, Family, Plecos, Corys, and fast cars
Re: 13-18th December 2023 :: What's up with the website? I'm getting 404 errors and "JANGAN GANNGU !!!" messages...
Holy crap, sorry you had to deal with his but thank you for getting it back up so fast considering all the work you had to do,
-Tony
-Tony