Security Warning
Hello everybody,
When you login to your diary today, you will be seeing a message requesting that you change the password on your diary.
I’ve posted this message because there was an attempted attack on our server early this morning. The person or persons responsible tried to place a rogue program on our server that would take advantage of our own password retrieval program to have account passwords e-mailed to them. This is the program that sends you your password if you forget it.
Because of the design of our program, it is impossible to retrieve the user names that go with the passwords, or the e-mail addresses that they are registered to. As a result, I don’t believe that any information was actually compromised.
However, for safety’s sake, I would ask that you each change your passwords to something new. When you are selecting your new password, please remember:
- Don’t use common words, your name, or anything that is easily guessed.
- Use a combination of letters and numbers.
- Use as long (up to 8 characters) a password as possible.
- Save a copy of your password in a safe place, so you don’t forget it.
I’ve also taken the password retrieval program offline temporarily so that we can evaluate its security and make any necessary changes.
Our server logs captured the IP addresses and host names of the computer that was used in this attack, and this information has already been forwarded to federal and state law enforcement agencies.
The ISP that this person used to connect to our server will be subpoenaed to release their name, address, and any other pertinent information.
When a person attempts to steal information such as passwords from a commercial web server (which OD is), and that intrusion occurs across state lines (which this was), that person has committed a federal crime – which falls under the jurisdiction of the FBI Computer Crimes unit. The person or persons responsible will be prosecuted to the fullest extent of the law – I take nothing more seriously than the security of our site and the information it contains.
The DiaryMaster
You seriously are the best. I hope enough people tell you that throughout each day. :o)
Warning Comment
changed!
Warning Comment
Glad you are on top of it so well! Keep up the great work you do : ) Hugs
Warning Comment
I wonder if this was specifically targeted to OD (some kind of disgruntled “malice aforethought” thing) or was OD just one in a list of random sites tageted for someone’s amusement.
Warning Comment
My little paranoid mind I suppose. When I wrote the above note, I had one specific ex-diarist in mind. You probably know to whom I refer.
Warning Comment
Go DM! Go DM! DM, Private Eye….
Warning Comment
So fess up – what state did the attack come from? Satisfy our curiosity!
Warning Comment
Way to go on persuing this! I hope they catch whoever did it. 🙂
Warning Comment
I’m just glad that they’re able to be caught and punished. Thank you for making this site so safe!
Warning Comment
you rock! i’m glad to know that OD is as protective as it is! that makes me feel really secure in your site! again, you rock DM!
Warning Comment
You go DM! Man, I can’t believe some people. I’m glad you’re taking this seriously. 🙂
Warning Comment
Thanks for shareing this. I hope my diary does not get into by someone.
Warning Comment
I hope you dont mind me posting your diary enteries. Let me know if it ok to. I would like to share this entry with others who may not know about it. Talk to you later.
Warning Comment
Thanks for keeping us safe.
Warning Comment
Good, I hope you catch him/her/them and they get prosecuted to the fullest extent of the law.
Warning Comment
Sic ’em!!!!
Warning Comment
Thank you, DM!
Warning Comment
The program will not allow me to change my password. I receive an error message telling me that my “new name” has “<" in it and that is not allowed. I am not attempting to change my name, nor is there html in my new password. Explain?
Warning Comment
Thank you for looking after us!
Warning Comment
hey, how come i cant post pictures in my diary? i tried the insert image link. is there something else i need to do?
Warning Comment
Umm…. I’ve been trying to lock my diary for ages but OD aint allowing me to lock the diary, everytime i click lock i get directed to the main page with the diary still unlocked. Is that related to the security problem in someway?
Warning Comment
I never got that message! mannnnn I’ve been writin in my diary for YEARS and now I lost it!! =
Warning Comment
My friends diary doesn’ texist anymore but she logged in aroudn 2 weeks ago. Did you happen to clean out the system of old diaries or diaries that hadn’t had an actually entry in quite sometime?
Warning Comment
I tried to change my password when the warning came up, but when I clicked the link, the 500 error thingy came up. SO…i can’t do it.. =( I’ll try again, but.. just to let you know it’s not working at the moment
Warning Comment
i sent an email to the FOD staff about how I could retrieve my old diary Learning2Fly but I have yet to receive a reply. Could you perhaps tell me then by leaving a note on my diary?? I really really would like to have my diary back.. 4 years of work is a long time. Thank you!
Warning Comment
Thanks for taking care of things so quickly. Hope they catch the bastard(s).
Warning Comment
Alright, so why can’t I change my password? OD keeps saying I’m using the “<" text and I'm not. An explanation would work wonders.
Warning Comment
Thanks for taking care of this so well!!! -Jess
Warning Comment
people just amaze me. they really do. but thankfully, you amaze me more.
Warning Comment
thanks for the warning 🙂 just to let you know…i LOVE the changes you made to OD a while ago.
Warning Comment
i changed already 🙂
Warning Comment
O wow… I knew what happened but came here to get the full story… I’m glad to know we’re in good hands. Thanks for all your hard work!
Warning Comment
I am not sure where else to leave this note…When I now type in the address for OD it is taken over by a site called www,netster.com which is like a search engine. I think it is a kind of spyware. It states at bottom that ..you may have wrongly typed in the address etc. I have to get into OD by using another door such as a diarist name.Has anyone else had this problem/? Alexias
Warning Comment
Thank goodness you caught it. I came to the site and it crashed me before I had the chance to log in yesterday morning. For once in my life Im glad my computer crashed! As always thanks for everything you do for us!
Warning Comment
I tried to use the link to change my password and it didn’t work. It had something like 440 error or something. TFsaxmajdawg
Warning Comment
Thanks for persuing this. I believe it is absolutely necessary. Pattyann
Warning Comment
wow, that can be quite scary.. I have one question, though. Should TOD also take the same precautions, and should we also change our passwords on there?.. thanks.
Warning Comment
I appreciate your concern for our privacy.
Warning Comment
hi, i’m new to OD…how do i join diary circles? i know it seems like a stupid question…sorry…
Warning Comment
I wasn’t able to change my password when the oppurtunity came up. It went to a “page locked” or error message. How do I change my password now?
Warning Comment