Concerted attack on ex-JW websites

by RayPublisher 87 Replies latest members private

  • erbie
    erbie

    Have just come over from jwstruggle and all working perfectly with many great articles.

    Many thanks for all the hard work, I'm sure it has helped many people in their struggles

  • cedars
    cedars

    Dis-Member

    Again Wordpress s the common deniminator here.. JWSurvey and JWStruggle are the sites that were down.

    It's not a concidence that both sites are using an outdated version of Wordpress.

    I can't speak for JWstruggle, but JWsurvey was updated to WordPress 3.6 before this attack.

    There is now a WordPress 3.6.1 available (if this is what you're referring to), but we prefer not to immediately jump on new updates just incase there are any glitches that need to be ironed out.

    Cedars

  • DeWandelaar
    DeWandelaar

    One of the most important questions is: where do the redirects go to? It may give away the motive of the hacking. Of course it will never go to JW.org No one is THAT stupid but most of the time it will at least give a hint.

    I think it is an uberdub with a lot of programming skills, no social life and who hates ex-jw's to the core because of a very low self-esteem.

  • Dis-Member
    Dis-Member

    Cedars

    Totally valid point Cedars.. but the update seems to adddress some quite important plug holes, namely the redirection issues that many have been experiencing.

    WordPress 3.6.1 Maintenance and Security Release

    Posted September 11, 2013 by Andrew Nacin. Filed under Releases, Security.

    After nearly 7 million downloads of WordPress 3.6, we are pleased to announce the availability of version 3.6.1. This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release.

    WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:

    • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
    • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
    • Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

    Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

    Might be worth looking at?

  • WingCommander
    WingCommander

    So it seems that once again, the WatchTower is following in the footsteps of it's cousins, Mormons and Scientology, and is now re-actively going after ex-Cult members in order to silence them. Good luck with that, you f**cking a**holes!! The Internet is bigger than all of those turds but together, and can never be silenced.

    - Wing Commander

  • cedars
    cedars

    Thanks Dis-Member. Actually, though we were attacked, I would say our existing safeguards held up pretty well. We have very robust anti-spam plug-ins, and these shield us from a number of regular random attacks. If anything it's a little too effective! Often it can't differentiate between a spammer and a harmless visitor who wants to post a comment.

    Once we saw that JWstruggle was "compromised" we checked and saw an influx of spam attacks on us and other JW-related sites. Juan Viejo2 acted quickly to switch us into maintenance mode so we could weather the storm. It's a shame JWstruggle needed to take the hit for us to see what was happening, but it's not the sort of thing you expect Watchtower to sink to. Obviously my already-low expectations of them were too high.

    Cedars

  • Simon
    Simon

    C'mon, these claims that the WT is out to get us like this makes us look a teensy bit like paranoid nutters.

    I do not believe any large corporation would be stupid enough to do this as it puts themselves at risk. They have much more power via courts to put themselves at risk by illegal activity. Sure, a few zealous members may do the odd thing but that's it.

    If the IP addresses are proxies then how do you know it was them? If you truly know and don't just 'think' or 'wish', then why not do something about it? Take them to court or at least post the evidence for the world to see so their behaviour is exposed. Isn't the truth that the 'evidence' would be torn apart ...

    It won't happen because they are baseless claims simply for promotion ... 'Look, we must be a threat because they attacked us, that makes us important see!' which of course people will prefer to 'we didn't install the security patches we should have and a script bot got us'

    Please, when people post that the WTS attacked their blog you are just throwing away credibility. There are plenty of things to go after the WTS for with valid claims of bad behavior and we should focus on those.

    When they do attack you you'll know ... you'll receive a letter from a lawyer.

  • cedars
    cedars

    Simon - I'm not interested in inventing reasons for promotion. I'd rather focus on producing informative content and let that speak for itself, and I can't say I appreciate the insinuation to the contrary.

    I'm no expert on how hackers operate, but I have it on good authority from a trusted source that a number of un-related Ex-JW websites, including JWstruggle (Eric), Freeminds (Randy), WatchtowerDocuments (Barbara) and the websites managed by John Hoyle were simultaneously attacked by an influx of spam.

    Whether this attack was initiated by Watchtower or supporters of Watchtower is open to conjecture, but I personally find it hard to believe that we are talking about a total coincidence. I am, however, a prisoner to my own ignorance when it comes to things of this nature, so I'm not going to go searching for evidence to go making any claims, because I wouldn't know where to begin to look. It's for this same reason that I have no plans to write an article about it, which is what I would do if I were desperate to attempt to capitalize on a make-believe attack.

    This is a discussion forum and I assumed we were discussing a "concerted attack." I don't appreciate being accused of self-promotion simply for adding what I know to the discussion.

    Cedars

  • Simon
    Simon
    I'm not interesting in inventing reasons for promotion. I'd rather focus on producing informative content and let that speak for itself, and I can't say I appreciate the insinuation to the contrary.

    It wasn't an insinuation, I thought it was pretty clear but that is what I am saying - this kind of crap damages credibility and distracts from the legitimate informative articles that should be focused on instead.

    Whether this attack was initiated by Watchtower or supporters of Watchtower is open to conjecture, but I personally find it hard to believe that we are talking about a total coincidence.

    A vulnerability in the software platform being exploited is the simplest explanation because it happens all the time.

    This is a discussion forum and I assumed we were discussing a "concerted attack." I don't appreciate being accused of self-promotion simply for adding what I know to the discussion.

    We were discussing claims of a concerted attack.

    I haven't seen any evidence for such an attack happening and contradictions that cast doubt about it (how can people 'know' the attacks came from Brooklyn if they were using anonymous proxies for instance?).

    The simplest and most straightforward explanation is that this was just a regular bot attacking a known vulnerability in a software package that wasn't patched / updated in time. It happens - just fix it and say 'oops', don't do a big song and dance martyr routing.

  • cedars
    cedars

    Simon

    I haven't seen any evidence for such an attack happening and contradictions that cast doubt about it (how can people 'know' the attacks came from Brooklyn if they were using anonymous proxies for instance?).

    Well don't jump down my throat about it just because I can't furnish evidence - and never claimed to be able to furnish evidence. Am I not allowed to have a hunch? I'm just adding what I know to a thread someone else started. Geez!

    The simplest and most straightforward explanation is that this was just a regular bot attacking a known vulnerability.

    A known vulnerability in dissident websites of a particular religion? Fair enough. You will know more than me.

    Cedars

Share this

Google+
Pinterest
Reddit