Profuse apologies to all over the last few days, as our website has had a bit of an impromptu break. We all need a bit of down time, but it seems someone felt the same about our website. We were the target of a concerted effort over the course of over a week to destroy our server, and it seems perseverance paid off for these men (or women) with a mission.
I’m currently on location, trying to promote some essential community work for quake-hit Chile, but am having to take time out to patch up the site and get our emails, etc. going again. Not sure how these people sleep at night….
As we have for sure lost emails, I can only ask that if you sent us a message or more over the last three days, then please resend.
Also, apologies to those who have made comments on posts, just to see them disappear. I will be replacing missing posts and fixing other elements over the next few days as I can, but the comments made over the last couple of days will be gone forever.
Thank you all for your patience.
Thanks for the update Craig, and for all the good work that you do.
We noticed some strange activities on the PRI forums also during the past few weeks. Hope you and Murray can get it all squared away. I notice that the forums are not back up yet, but we are being patient = )
G’day Craig and All Fellow Permaculturalists
An attack of this nature suggests that the work we are doing – and the documenting of said work via the PRI website – is starting to be recognised by those with agendas that are the antithesis of permaculture. This is not necessarily a bad thing, given that we at least now know we are having some effect at shaking the foundations of structures that perpetuate social and ecological inequity.
It would be of great interest to learn where these attacks originated from so that we can better guide our future strategies toward those who would harm the permaculture ethic. Was it the Greenhouse Mafia? Perhaps it was Big Brother? Either way, let us hope that we can get the Forum back up and running as quickly as possible so that it can continue to act as a highly valuable repository for the dissemination of information that furthers the permaculture cause.
Yours in the cause, Marko.
Thanks Craig for your good work sorting this out (and whoever else is helping). How strange that the whole site has been hit, especially given that the forum was attacked late last year. Maybe I shouldn’t speculate who would do such a thing *laugh*
Also meant to say, thanks for letting us know what is going on :-)
And I was just starting to think the rocket pot post must have made some powerful enemies… ;) Good luck with reconstruction.
I too have seen strange things with my posts for a longer time. Good to have the site up again, so I have a place to turn when I get enough of the narrow discussions in other media. Hope the commentary field will be stable soon, think this will encourage more people to state comments, because its depressing to see your comment vanish. More people should comment her, nice to see so many inspiering comments, not all the stupid nonsens typically seen.
Mostly working okay now – but having some hiccups with the forum. Stay tuned, we’re working on it!
I don’t feel PRI is the focus of the attack for it’s permaculture. Most likely just script kiddies using tools that take advantage of out-of-the-box php code ore default deployments of software not locked down to any level. Forums are usually the weak point for injection techniques or modied urls probing weaknesses.
Anyone with actual skills would have gotten a lot further and would have done it without being detected.
Sorry Peter – but there’s a bit more to it than that. It was a determined, prolonged attack over the course of several days. We’re not talking just software code access, we’re talking gaining root access at partition level and complete destruction of all data.
>>Anyone with actual skills would have gotten a lot further…
I don’t know how much further they could have got…
>>and would have done it without being detected.
Excuse my tired sense of humour here, but there’s no way they can destroy our hard drive without us noticing.
I did mention in the post above, Peter, that they destroyed our server. It’s nothing to do with the forum, the main site, or other.
I’m missing all my updates from Purple Pear and Mischief! Hope it gets fixed soon, and a big thanks to the team who is working to keep us all on line and in contact.
Dang! I take some time off and when i get back everythings in a mess. To all coding kiddies and spammers… no parties while the mods are on holidays ;o)
I’m waiting patiently with the rest of you… well waiting any way ;o)
Shyte, just read your reply above Craig… They hit the server. Heck!!!!!!!!!!!!!!
Thank god you had a working backup stored on another server. This site is invaluable.
I am amazed that anyone would feel that threatened enough by permaculture forums to hack us.
But this has happened twice now in recent history.
Maybe we should promote “Buy Nothing Day” a bit more and watch the system disintegrate? ;)
Hopefully its just a random attack rather than one aimed at the philosophy of the site itself. I mean, how could anyone be angry with the idea of permaculture? Probably just some pimply basement dwelling computer troll auditioning for a job at microsoft.
I wonder if these are the same hackers who attacked the mutualaid.org server the last few weeks. The Finger Lakes Permaculture email list was lost. We are looking for our subscribers and directing them to https://flxpermaculture.net to reconnect with us.
There is a lot of activity in the recent weeks with defacement groups attacking servers in Australia. This is the ANZAC weekend activity:
In the security world we consider it low-hanging fruit and not serious but when you get it done to you there is a personal reaction and attachment to the event so you are right in feeling the way you do but in the larger world of security attacks its not a huge deal.
You are well served in having the backup, just spend some time when you get it and read up on “hardening” the various packages and operating systems you are using on the server and eliminate most of the easy-to-fix and low-hanging-fruit areas most kids and groups try to use to get in. Thats all you can do unless you want to start buying network security appliances to monitor traffic real time and take various defined actions if any triggers are set off. This expense and time involvement is usually reserved to larger organisations so you can look at first hardening the configuration settings of what you are using in your kit and then look at any open source software that can provide some of the features of the network security appliances to run along with the rest of the site.