Security Update

I’ve spent the last two days going through our server logs, as part of the investigation into the security issue we had the other day. The good news is that we’ve identified the location and ISP of the person who attacked our server, and this information has been forwarded to the investigating authorities. One of the many things I learned about computer security this week is that trying to steal passwords and transmit them from a commercial server is a federal crime (under Title 18, United States Code, Section 1029(a)(3)), and falls under the jurisdiction of the FBI and the new National Infrastructure Protection section of the Department of Homeland Security. Whereas hacking attacks like this were treated kind of lightly before, the government seems to be a lot more serious about it now.

Which is fine with me, because I have zero tolerance for these sorts of things. There is a section of our society that thinks attacks like this are fun or entertaining – but this incident will probably cost me and OD several thousand dollars in damage for sysadmin time, system downtime, security changes, etc. Not to mention making a community of 200,000 people feel like they have been invaded. Not funny.

Anyways, the person making this attack made several mistakes which made it much easier to track him down – not the least of which was bragging about how he had perpetrated this crime in a public IRC channel, using a nickname that matches the name in the file he uploaded to our server. See, what I think he didn’t realize was that there are 200,000 people here who (mostly) love their community and want to protect it. So there are many more eyes out there watching for people saying suspicious things. Also, this person was a member of OD – which gives us that much more information to go on.

From what I’ve learned so far, this is a person who has been in trouble with federal authorities before – for doing the same thing to another site. He has been visited by the FBI in the past, but I think he will find that they have considerable more evidence when they come knocking on his door this time.

In any case, I’ve put the password retrieval program back online – I’ve added some extra layers of security to it to make sure it can’t be hijacked in the same way ever again. With the assistance of some very good security experts, I’ve also made several changes to our servers which will ensure that OD remains a safe and happy home for all of us. I could tell you what the security changes are, but then they wouldn’t be so secure.

Thanks,

The DiaryMaster

P.S. – several people have asked “what happened to Diary Chapters”? Well, this whole thing sort of destroyed my timetable for this week (and also set me way back in answering e-mail – sorry), but things are back on track now. You’ll be seeing the chapters shortly.

Log in to write a note

Naturally, there’s curiosity. And naturally, you probably don’t want to deal with the curiosity. Hehehe. But. I *do* wonder– was this person a MEMBER of opendiary? Good job tracking him down. And really, good job, in general. I’ve been incredibly impressed with this site, since your return.

thanks. always thanks. how many new gray hairs did *this* incident create, btw?

[I think I might not have read carefully. Either that, or you just updated. But it’s very sad, to me, that this person was a PART of this community, and felt the need to cause it injury. Very sad. I think he needs to be outed, for a public, online stoning. :D]

PS: I think the only people who DON’T enjoy this community are those with an active hand in instigating drama. I’ve been an OD member for three years, now. The only time I had complaints were when I played an active role in the drama-hub. Beyond that, I’ve enjoyed my time here– and am extremely grateful for the chance to fully appreciate my own, personal growth.

I truly dont understand your judgement. Madball gets deleted again, yet the people who have diaries just for the purposes of degrating someone else can keep them. Hypocritical, and retarded are my thoughts on your way of handling these things. Do you just delete diarys that you have a personal vendetta against? or do you actually think your decisions are fair? What about the “Anti Madball” diary,

Or the “Anti Trustkill” diary??? They are left to roam and parage around FOD, yet the people they are attacking get deleted? I think you need to re-evaluate your ways of thinking. But then again, thats what makes you the “Master” and I am just a person on FOD who doesnt understand. Please take into consideration what I am saying, because I am not the only person here that doesnt understand your

This kind of behavior just boggles the mind. Buy yourself a latte or a beer or a soda for your efforts. Maybe prop up your feet and read a good book. Heck, let yourself write a real</Il journal entry some time. I'd love to read the kinds of things you used to write. I didn't get to the site until 2000, so I missed much of that lovely sharing.

way of handling these “matters”.

B – Thanks for your dilligence. A lingering question; I am dealing with my own stalking issue with an ex-diarist: Brian/Hicks. You don’t have to answer but I would appreciate a nod. Is this the same person – a ‘yes’ or a ‘no’ privately will suffice. Any reply will be held in confidence and will not be published in my journal. Thanks in advance.

Good for you. I hope he fries. I also have zero tolerance for such punks.

diarymaster, i was thinking would you mind or if it’s even possible, to have separate “privacy settings” for each entry. in other words, if we can limit each entry to “favourites only” or “OD members only” kind of thing?

I’m having a problem opening a new diary. Everytime I click on start a new diary, it takes me to the free site. I don’t want a free diary. What am I doing wrong??

thank you! appreciate all the hard work and time you put into this.

People are stupid. I don’t know how they think they can get away with this. Bleh. Thanks for making things safer for us. 🙂

Thank you for all your hard work. I’m sorry about the money the hacker cost you. I agree, it isn’t funny!

My diary “The Presidente” was hacked and I can’t get it back. James

Some people are so dumb. I was going to ask about the chapters, but I figured this was a little more important 🙂

When the person is caught, since they’ve committed a federal crime, will they go to jail? Since you know who it was, is there any way of preventing that person from ever having an open diary again? Is there some way to warn other journal sites this person might be using, like Live Journal? Will we (the od users) get to know the name of the criminal?

it would seem that there is a way to circumvent the leaving signed notes only mechanism.this is the diarist thefifthsetpin

Our Hero…

WooHoo! Yeah, you got ’em! Good for you. Much appreciate your work and attitude : ) Hugs

Actually meant to leave you that note above from my regular diary, not this one that is private. Would you please delete these two notes and I’ll come back in my public alias : ) Thanks

WooHoo! Yeah, you got ’em! Good for you. Much appreciate your work and attitude : ) Really feels good to be part of this community and much safer and more fun because of how well you do your work to keep us going. Hugs

Thank you for fixing things! :0) I appreciate it and I am sorry that some idiot had to do this.

Wowsers. Hopefully they’ll learn this time!

Although it is not apparent by my current diary, I am one of the oldest members of OD/FOD. I remember when you used to leave notes in a lot of our diaries. I applaud the tolerance you have shown for the “diaryplace.com” person and just wanted to say that I thought you exhibited a lot of class in your response to them. The

rock on dude.

Get the bastard.

Can’t wait for the chapters!

Hi Diary Master, I could not log-in since 20/11 using my old password. I used the password retrieve system, but it told me that my e-mail was wrong. Was there any way out?? My e-mail is cheeryrabbit@hotmail.com. If it’s not too troublesome, please reply me. Cheery