September 9th, 2012, 01:45 AM
We were subjected to a brute force attack from multiple Chinese cities today (September 8, 2012). I just happened to be offline, naturally, so I was unable to take action to defend against the attack for several hours.
The Chinese hackers have been probing our server for several months. We identify their IP addresses and block them, they find more IP addresses and attack, we identify their IP addresses and block them, etc.
So far they have only succeeded in overloading the server with failed attempts to log in. Until they can successfully log in they cannot breach any of our databases.
If you are using a password and email address combination on any of the following Websites that you use elsewhere (especially on critical financial service sites) it would be prudent to change your passwords so that they are unique only to these domains:
Although I don't believe the hackers would be able to access any critical functions on our server, if they manage to corrupt our databases we can restore backups from monthly downloads. Some discussions would probably be lost but the forums would come back relatively quickly.
The recent corruption of our DNS server (which allows your browser to find our Websites) may or may not be related to the brute force attacks. We don't know how or why the DNS server stopped responding to browsers but it has been rebuilt with help from our hosting provider.
Although we operate mail services on this server we do not keep much email on the hard drive at any time. It is highly unlikely that even in the event of a breach where our security protocol was somehow compromised that hackers could obtain much useful information (if any at all).
The last few most disruptive attacks occurred on Fridays or Saturdays. We don't know if this pattern will hold.
We do apologize for the repeated disruptions. We take all necessary and productive steps to close our server that we can justify
The Chinese hackers have been probing our server for several months. We identify their IP addresses and block them, they find more IP addresses and attack, we identify their IP addresses and block them, etc.
So far they have only succeeded in overloading the server with failed attempts to log in. Until they can successfully log in they cannot breach any of our databases.
If you are using a password and email address combination on any of the following Websites that you use elsewhere (especially on critical financial service sites) it would be prudent to change your passwords so that they are unique only to these domains:
Although I don't believe the hackers would be able to access any critical functions on our server, if they manage to corrupt our databases we can restore backups from monthly downloads. Some discussions would probably be lost but the forums would come back relatively quickly.
The recent corruption of our DNS server (which allows your browser to find our Websites) may or may not be related to the brute force attacks. We don't know how or why the DNS server stopped responding to browsers but it has been rebuilt with help from our hosting provider.
Although we operate mail services on this server we do not keep much email on the hard drive at any time. It is highly unlikely that even in the event of a breach where our security protocol was somehow compromised that hackers could obtain much useful information (if any at all).
The last few most disruptive attacks occurred on Fridays or Saturdays. We don't know if this pattern will hold.
We do apologize for the repeated disruptions. We take all necessary and productive steps to close our server that we can justify