http://lists.debian.org/debian-project/2009/04/msg00056.html

It appears that forums.debian.net has had to close down due to a spammer. I received one of those emails,...and was confused, since it stated that it was officially being sent from the Debian forum to the registered members! Hope this can't happen with the Ubuntu forum. (That spammer needs to be horse-whipped!)

Never knew Debian had forums, and never been in all my 5 years on linux

Yea , I'm active over there and got an email that was nonsensical but I didn't think it was that big of a deal.

I got it too. It's pretty obvious that it's spam because the content clearly links to dubious websites.

A bit disturbing though.

I don't get it ... it's not like we store our bank details on there. Why not just disable the PM service? Am I missing something?

I don't get it ... it's not like we store our bank details on there. Why not just disable the PM service? Am I missing something?

They was spam emails sent from the forums, they would have to be externally compromised to be able to send them from the forum domain.

I don't get it ... it's not like we store our bank details on there. Why not just disable the PM service? Am I missing something?

The spammer must have had admin access. They need to find out how he got in and plug the hole.

Anyone know what forum software they use and what version?

Anyone know what forum software they use and what version?

I think they use either phpBB or SMF, not sure which one and not sure of the version.

The spammer must have had admin access. They need to find out how he got in and plug the hole.

Anyone know what forum software they use and what version?

The forum software is/was phpBB2. There were numerous requests in the feedback section to upgrade the forum software to phpBB3, but it was said by the admin to be unnecessary. Version 3 is more secure than version 2.

From what I remember how it looks like, I'm gonna guess phpBB v2. Not positive though. I got the E-mail too, was kinda confused (clicked the links and was like WTF?).

http://lists.debian.org/debian-project/2009/04/msg00056.html

It appears that forums.debian.net has had to close down due to a spammer. I received one of those emails,...and was confused, since it stated that it was officially being sent from the Debian forum to the registered members! Hope this can't happen with the Ubuntu forum. (That spammer needs to be horse-whipped!)
I got one today. I looked at it and ignored since it looked like spam and very unusual.

The spammer must have had admin access. They need to find out how he got in and plug the hole.

Anyone know what forum software they use and what version?


I think they use either phpBB or SMF, not sure which one and not sure of the version.
according to Google's cache, "it's Powered by phpBB (http://www.phpbb.com/) 2.0.21"

I got one today. I looked at it and ignored since it looked like spam and very unusual.



according to Google's cache, "it's Powered by phpBB (http://www.phpbb.com/) 2.0.21"

I'm part of another forum running the same software and they had one jack up peoples signatures with spam.

I already said it was phpBB2.

http://lists.debian.org/debian-project/2009/04/msg00056.html

It appears that forums.debian.net has had to close down due to a spammer. I received one of those emails,...and was confused, since it stated that it was officially being sent from the Debian forum to the registered members! Hope this can't happen with the Ubuntu forum. (That spammer needs to be horse-whipped!)
That's really to bad that debian is loosing a resource such as their forum. We run a pretty tight ship here so I don't think anything of that nature will plague us :) /knock on wood

That's really to bad that debian is loosing a resource such as their forum. We run a pretty tight ship here so I don't think anything of that nature will plague us :) /knock on wood

Yeah, thanks for that. I did frequent the Debian forum, though, so I do hope it comes back.

Not good.

What I have learned in martial arts training is, that it is far more easier to destroy than to preserve.

Yes the Debian forums are down;

http://forums.debian.net/index.php

Forum members started receiving spam email from a compromised administrator account.

To be honest I was shocked at the level of yobbish behaviour on the forums from the Debian forum 'elite'. The standard response was RTFM, or use your eyes - one member justified such behaviour on the grounds that if one were hanging off a cliff then any help offered no matter how offensive should be welcomed!!!

Yes using using the Debian distro is like hanging off a cliff...

Funnily enough when I responded in kind and explained that I was merely doing so in order to teach them that such behaviour is unacceptable they became offended - they couldn't see the irony of it.

Ironically one of the members was telling me that the gentoo wiki went down due to gentoo ignorance...

Its a pity really because Debian distro is great (and very much like Ubuntu) but the forums would not encourage new users - and new users are the life blood of any distro, otherwise they die of as the regular members die off.

i quit going there a while ago. if i need info, i'll look it up.

Talked about this a couple days back here (http://ubuntuforums.org/showthread.php?t=1130492). =]

I actually enjoy the Debian forums, as it can be quite entertaining. The staff don't immediately close heated threads, flamewars etc. I remember one user, who hates GNU for some reason, decided to be creative and post a pic of Albert Einstein slagging off GNU in a speach bubble. Priceless.

Well the Debian forums weren't exactly a glittering advert for Debian so perhaps its just as well nobody can see it.

The forum has been updated to phpbb3, and is online again.
http://forums.debian.net/viewtopic.php?f=11&p=182089#p182089

As per the trolls, well if you ignore them the lie down
and die.

The forum has been updated to phpbb3, and is online again.
http://forums.debian.net/viewtopic.php?f=11&p=182089#p182089

As per the trolls, well if you ignore them the lie down
and die.

I noticed this. Good news! =D>

It seems I spoke too soon. I didn't notice, as I wasn't looking for it, but a
lot of the data seems to be missing. Seems the attacker did this aswell.

I'm going to have to roll back the database to the 17th and perform the upgrade
again.

Apologies for getting people's hopes up. It should be back by Sunday Evening.


http://lists.debian.org/debian-project/2009/04/msg00071.html

LOL, can someone post the disturbing email with links?

LOL, can someone post the disturbing email with links?

It really wasn't a disturbing message,..just an advertisement with a video to watch,...(I deleted it right away,.)....
the disturbing element, was that someone (likely an administrator) or someone who got access of members' email ID's....was able to use that to their own advantage,.....(a compromise of security).