Off-Topic :
Fairfax Underground
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
LATEST NEWS ON THE HACK -- UPDATED SATURDAY 11/12/2016 3:00PM ET
Many of you have been wondering why it is taking so long to get Democratic Underground back online after we were hacked. Here is what's going on. (Some of this is redundant with public statements we have made before, some is updated, and some is new.)
The site was first attacked around 4:30PM ET on Tuesday afternoon. This was not a "typical" hack like a DDoS or an attempt to gain control of our web server. Instead, the hacker had found a vulnerability in our forum software.
The hacker exploited that vulnerability in what appeared to be a politically-motivated act of vandalism: A large number of posts were removed and replaced with the words "God Emperor" (a reference to Donald Trump), and a ridiculously over-the-top pro-Trump video was served automatically to all of our visitors. If you're curious you can watch the video on YouTube (WARNING: HATE CONTENT).
The DU Administrators were online at the time when the attack occurred, so we immediately shut down the site in order to block out the hacker and limit their ability to disrupt.
As you know Tuesday was election day, our most important day of the year, so our biggest concern at the time was getting the site back online quickly so our members would have access that evening. We collected some preliminary evidence indicating how the hacker had managed to disrupt the site, and based on that evidence we made what we believed were the necessary changes in order to remove the vandalism, secure the site, and bring it back online. (During that time we put up an admin-only login box to block out the hacker. If you entered your username and password into that box, you did not expose your information to the hacker.)
After a few hours we brought the site back up, but it quickly became apparent that we had not sufficiently scrubbed the site and some malicious code placed by the hacker got executed again. So we took the site offline a second time. Since we had already failed once to secure the site, we agreed it would be irresponsible to bring the site back online again until we were confident that we knew exactly what the hacker had done, and we believed the site was secure. At that point we knew we were not going to be back online for election night, and we suspected it might take days.
It took most of the day Wednesday to figure out exactly how the hacker had managed to disrupt the site, and what user information may have been vulnerable.
It is likely that the hacker had access to certain member information on an account-by-account basis: Usernames, email addresses, and IP addresses. There is no evidence that the hacker had access to our database or the full table of user information.
We believe that the hacker was not able to see your passwords -- not even in encrypted format. But even if the hacker was not able to see your passwords, they were able to over-write passwords for some accounts. Put another way: The hacker doesn't know what your password was, but the hacker might have changed it to something that they do know now. Therefore we will require all members to change their passwords when the site comes back online.
We can say for certain that donor data, such as credit card numbers or addresses, were not compromised because that information is handled by PayPal and never passes through to our servers.
As most of you know, we have three employees at Democratic Underground, and only one of us (Elad) is a real programmer who can do the complicated back-end coding to deal with the hack. If our goal was to simply plug the specific vulnerability exposed in the hack, the site would likely be back online by now. But because we know that there is a sufficiently motivated and skilled individual somewhere out there who has already vandalized our website, we are doing a much more comprehensive security review to identify similar vulnerabilities to the one exposed in the hack.
We are moving forward on two tracks: Elad is doing the daily grunt-work of editing code, and we have been working with our web host to implement a higher level of security on their end. So the relevant factors here are the number of hours that Elad can spend each day slinging code, and how quickly our web host can implement the security upgrades on their end. Once we do get the site back up, there will be a brief "training period" to teach the new security software what is legitimate traffic and what is not.
At this point we are hopeful that we can do a limited opening of the website on Monday or Tuesday. During this limited opening only Star Members will be able to login and post. We are taking this precaution because we want to make sure that we are only receiving legitimate traffic during the security software "training period." This limited opening period should only last two or three days.
We know that this has been a long and frustrating process, and the timing could not have possibly been worse. We can assure you that we want to get the site back up as much as you do.
We will continue to post messages from our members below this update. The response to our "Question of the Day" has been overwhelming, so the "Question of the Day" is somewhat unexpectedly turning into a multi-day event. (Don't worry: Elad is not involved with reading or posting your emails -- he is much too busy working on code.)
Thank you again for your patience and understanding. And thank you for the tremendous outpouring of encouragement we have received from so many of you. We will update you again as soon as we have new information.
-- The DU Administrators
http://www.democraticunderground.com/503.php
While we are waiting for site access to be restored, we asked our members to tell us how they're feeling now that the election is over so that we could publish the responses here on our 503 error page. We expected maybe a few dozen responses -- instead, we received hundreds. We've been posting as many as we can below. If you want to participate send an email to mail@democraticunderground.com and please include your forum username if you have one. (Unfortunately due to the volume of responses we can't guarantee that we'll be able to publish your message.)
Please send them gobs of putzmail !
.
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
HAHAHA DEMOCRATICUNDERGROUND IS STILL DOWN
Posted by:
YCvYt
()
Date: November 13, 2016 09:26AM
LATEST NEWS ON THE HACK -- UPDATED SATURDAY 11/12/2016 3:00PM ET
Many of you have been wondering why it is taking so long to get Democratic Underground back online after we were hacked. Here is what's going on. (Some of this is redundant with public statements we have made before, some is updated, and some is new.)
The site was first attacked around 4:30PM ET on Tuesday afternoon. This was not a "typical" hack like a DDoS or an attempt to gain control of our web server. Instead, the hacker had found a vulnerability in our forum software.
The hacker exploited that vulnerability in what appeared to be a politically-motivated act of vandalism: A large number of posts were removed and replaced with the words "God Emperor" (a reference to Donald Trump), and a ridiculously over-the-top pro-Trump video was served automatically to all of our visitors. If you're curious you can watch the video on YouTube (WARNING: HATE CONTENT).
The DU Administrators were online at the time when the attack occurred, so we immediately shut down the site in order to block out the hacker and limit their ability to disrupt.
As you know Tuesday was election day, our most important day of the year, so our biggest concern at the time was getting the site back online quickly so our members would have access that evening. We collected some preliminary evidence indicating how the hacker had managed to disrupt the site, and based on that evidence we made what we believed were the necessary changes in order to remove the vandalism, secure the site, and bring it back online. (During that time we put up an admin-only login box to block out the hacker. If you entered your username and password into that box, you did not expose your information to the hacker.)
After a few hours we brought the site back up, but it quickly became apparent that we had not sufficiently scrubbed the site and some malicious code placed by the hacker got executed again. So we took the site offline a second time. Since we had already failed once to secure the site, we agreed it would be irresponsible to bring the site back online again until we were confident that we knew exactly what the hacker had done, and we believed the site was secure. At that point we knew we were not going to be back online for election night, and we suspected it might take days.
It took most of the day Wednesday to figure out exactly how the hacker had managed to disrupt the site, and what user information may have been vulnerable.
It is likely that the hacker had access to certain member information on an account-by-account basis: Usernames, email addresses, and IP addresses. There is no evidence that the hacker had access to our database or the full table of user information.
We believe that the hacker was not able to see your passwords -- not even in encrypted format. But even if the hacker was not able to see your passwords, they were able to over-write passwords for some accounts. Put another way: The hacker doesn't know what your password was, but the hacker might have changed it to something that they do know now. Therefore we will require all members to change their passwords when the site comes back online.
We can say for certain that donor data, such as credit card numbers or addresses, were not compromised because that information is handled by PayPal and never passes through to our servers.
As most of you know, we have three employees at Democratic Underground, and only one of us (Elad) is a real programmer who can do the complicated back-end coding to deal with the hack. If our goal was to simply plug the specific vulnerability exposed in the hack, the site would likely be back online by now. But because we know that there is a sufficiently motivated and skilled individual somewhere out there who has already vandalized our website, we are doing a much more comprehensive security review to identify similar vulnerabilities to the one exposed in the hack.
We are moving forward on two tracks: Elad is doing the daily grunt-work of editing code, and we have been working with our web host to implement a higher level of security on their end. So the relevant factors here are the number of hours that Elad can spend each day slinging code, and how quickly our web host can implement the security upgrades on their end. Once we do get the site back up, there will be a brief "training period" to teach the new security software what is legitimate traffic and what is not.
At this point we are hopeful that we can do a limited opening of the website on Monday or Tuesday. During this limited opening only Star Members will be able to login and post. We are taking this precaution because we want to make sure that we are only receiving legitimate traffic during the security software "training period." This limited opening period should only last two or three days.
We know that this has been a long and frustrating process, and the timing could not have possibly been worse. We can assure you that we want to get the site back up as much as you do.
We will continue to post messages from our members below this update. The response to our "Question of the Day" has been overwhelming, so the "Question of the Day" is somewhat unexpectedly turning into a multi-day event. (Don't worry: Elad is not involved with reading or posting your emails -- he is much too busy working on code.)
Thank you again for your patience and understanding. And thank you for the tremendous outpouring of encouragement we have received from so many of you. We will update you again as soon as we have new information.
-- The DU Administrators
http://www.democraticunderground.com/503.php
While we are waiting for site access to be restored, we asked our members to tell us how they're feeling now that the election is over so that we could publish the responses here on our 503 error page. We expected maybe a few dozen responses -- instead, we received hundreds. We've been posting as many as we can below. If you want to participate send an email to mail@democraticunderground.com and please include your forum username if you have one. (Unfortunately due to the volume of responses we can't guarantee that we'll be able to publish your message.)
Please send them gobs of putzmail !
.
Re: HAHAHA DEMOCRATICUNDERGROUND IS STILL DOWN
Posted by:
Northhman
()
Date: November 13, 2016 09:27AM
Re: HAHAHA DEMOCRATICUNDERGROUND IS STILL DOWN
Posted by:
Schadenfreude
()
Date: November 22, 2016 07:31PM
DemocraticUnderground is back online - liberal tears are flowing.
Free low-octane fuel. Grab your jugs!
http://www.democraticunderground.com/?com=latest_threads&sort1=latest&sort2=all&sort3=86400&page=1
Free low-octane fuel. Grab your jugs!
http://www.democraticunderground.com/?com=latest_threads&sort1=latest&sort2=all&sort3=86400&page=1
Re: HAHAHA DEMOCRATICUNDERGROUND IS STILL DOWN
Posted by:
Cucks for Clinton
()
Date: November 22, 2016 07:54PM
Wow there's a lot of hate over there.