So over the weekend we received notice from our host and Google that our site had been compromised. After further investigation we found that spammers where cloaking off our website. Upon finding this out we immediately took the site offline and started trying to fix the issue, this involved resetting admin passwords, resetting database usernames and passwords, a complete wordpress reinstall and turning off the sites more advance features including AJAX dependent features, like the downloads serving scripts that became broken for a reason still unknown to us.
We are also having issues with AJAX run operations on the backend, which is why no new models have been published. We are working on first finding the vulnerability that was used in exploiting the site. After we have identified that and fixed it we will start working on getting everything back up to running 100%. We don’t have any reason to think any of your personal info was compromised in this attack, but we do recommend you guys to pick another password[*].
We have to admit that our expertise in this area is lacking, and Jonathan is asking for anyone with server knowledge and/or advanced knowledge of WordPress, PHP and MYSQL security to drop us a line in the comments if your willing to help us figure this out.
On a personal note I want to apologize for the last couple of months, with server issues and now this I know that your Blend Swap experience has probably not been great, and I am very sorry for that. We are working through some very serious growing pains because you are all so active with the site, which is great, but at the same time, this much activity pushes the server to its limits. I take complete responsibility for these issues and I apologize to all you guys.
We are working hard to give you the best experience on the site, and I know that hasn’t been happening as smoothly as we’d like it to, I hope you guys bare with us as we try and elevate these issues. Our goal is to make your experience here great. Period.
We will be updating our twitter feed more often then the website with our progress. If you want to know what’s going on, that will be the best way to get info quickly.
matthew/mofx
[*] To reset your password, first log out of Blend Swap; click the login button and then on the blue “Lost your password?” button; you’ll be taken to a single field form asking for your email. Enter your email and submit the form, you’ll receive an email with a verification link; click on it and fill the passwords fields the site presents you. The strength meter helps you determine how secure your password is. Choose a strong password.
Categorized: News
Downloading "Blend Swap Hacked!"
This blend is licensed:
Are you OK with this license?
15 Comments in 1 pages
Kudos again from the community for setting up this resource. It’s already light years ahead of the experiences I had trying to use previous Blender model collections, so growing pains are totally understandable. Don’t stress out too much as these things happen even if you have the resources of Sony, just keep us posted.
Haha at least we got free games from Sony…
I kid. I use this site more than the psn
please keep it up this site is a very valuable(or should I say “priceless”) resource and I hope it gets well soon!
F*cking bastards. Sorry to hear that. My knowledge of wordpress isn’t that advanced but here are some tips that I’ve found useful in my own websites:
– http://digwp.com/2009/11/how-to-secure-your-new-wordpress-installation/
– http://digwp.com/2010/07/wordpress-security-lockdown/
– http://digwp.com/2010/10/change-database-prefix/
– http://digwp.com/2010/02/stop-spammers-custom-blacklist/
I don’t know if you’ve taken any of this measures already, but if you haven’t I hope it helps
Keep up the good work
Best wishes to you to deal with this crisis, I think this place is very useful so it’s always painful to see such morons harming motivated people – and I’m not saying this because of good feedback on my shared models.
I’m out of time to help you, so here are some fundamentals basics :
- Make sure you use latest version of WordPress and keep it updated as often as possible.
- Try to minimize the number of additional software / plugins you use : the lower the fewer possible security holes.
- Have a serious look to the WP security guide : http://codex.wordpress.org/Hardening_WordPress
- Use only though password, with various kind of chars and long enough.
- Change admin / privileged accounts passwords on a monthly basis.
Thanks a lot for your comments guys, We have checked some of those articles and will check the ones we haven’t read.
Keep coming back to download as always. I think this can be a great time to discover the old blends on the site
I cannot say I’m an expert, but if you let me know something more about the attack I can see if I can help you finding the bug behind the pwnd.
sorry to hear of the bad luck, but thanks for the quick update and the appropriate measures taken
very abettor
OMG!!! What kind of sick person was D:
Some persons only can destroy what they see… they have a serious problem :/
I wish you the best guys in this stage.
and thanks for the advise about the passwords
Greetings
If u still need help or advise feel free to contact me.
Hope u solve this, good luck and don’t give up!
Hi,
I haven’t seen this website before but it looks like you are doing a great job for the blender community, keep it up!
If you need any help getting back AJAX things, anything regarding PHP/MySQL or security issues I’ll be glad to help.
I work professionally as a PHP/MySQL developer and I specialize in JQuery, so I’m qualified to help
Eric
I posted this comment and blenernation before I realized that here is the more appropriate place:
I’ve been coding HTML since 1995.
Drupal is not a nightmare as Kevpatts suggests. It’s a php framework and so if you hack away at it, like if you hack away at any program, it will suck. Don’t hack it, learn the right way to customize it and then tap into the community of thousands and thousands of developers. The Drupal community is like the Blender community, and that says a f!#@in’ hell of a lot.
Anyway, with that said, you can pay $100 a year to Drupalgarden.com and you’ll never have to worry about any of this bulls@#$. You get an online site builder that is the craziest easiest web editor I’ve ever used in 16 years of web design. They put you on a cloud with automatic throttling. They do all the server work and they do all security updates. Adding external or uploading your own videos, audio, and images is all taken care of through hella easy and fast point and click interface. All comments and forum posts are protected from spam automatically by Mollom. If someone finds a bug, you just report it to Drupalgardens and they deal with it while you drink coffee and create beautiful Blender art.
The list goes on and on. I don’t get paid for writing this. I’m just telling everyone about my other favorite open-source project. I love Blender. I love Drupal. I love GIMP. I love Inkscape. I love Linux. I love you.
Email me and I’ll help you out with anything. Skype or the phone works too. Or go to burningtokenrecords.com and leave me an anonymous message there as I’m the webmaster for that site.
Peace!
Thank you very much for all the support, guys!
We have received quite a number of help offerings, and are evaluating which should be the best road to take the site through. We’ll be in contact
too bad this happened
it is good to have you back!