What's wrong with the CBB?

[WeepingElf]

Does anybody here know what is wrong with the CBB? It was offline for about two days, now it is back again, but I can't log in (as if my password has been changed without notifying me) and the admin contact page is "disabled". Well, good riddance, because it was essentially a bunch of scrappers (i.e., people who constantly come up with conlang ideas which are abandoned after a few days) playing escape room games anyway. (Also, it had been harassed by spambots - perhaps that's the reason for the troubles.)

[Znex]

Yeah it seems like it got some sort of DDOS attack? Some of us even got ransomware/phishing emails sent to our email, apparently as if our emails got taken over, but I think it was a coding trick. I do think you should change your email password just in case, and to anyone else if they have accounts there.

"I forgot my password" doesn't work, no emails do get sent to our account's linked email address: I just tested it since I was initially still logged in, and I logged out to check.

[WeepingElf]

I tried to log in, and this time it asked me for the name of the diacritic on <š> - which unfortunately has many names, with even more spelling variants, rendering the question unanswerable. Well, I am not into escape room games with teenage conlanger wanabees, anyway. So it is time to definitely say goodbye to the CBB, where nothing interesting to me had been going on for weeks before it went offline, as I have been considering for quite a while; I have deleted the bookmark.

[Zju]

What a pity - I've been left with the impression that it was always more active, and it had a trove of useful information and projects. Haven't been much active over there, but it seemed like a nice place overall.

Just please don't tell me it was some dumb reason like a weak admin password.

[Man in Space]

I am glad I backed up the thread on Caber.

[Man in Space]

I tried to log in, and this time it asked me for the name of the diacritic on <š> - which unfortunately has many names, with even more spelling variants, rendering the question unanswerable. Well, I am not into escape room games with teenage conlanger wanabees, anyway. So it is time to definitely say goodbye to the CBB, where nothing interesting to me had been going on for weeks before it went offline, as I have been considering for quite a while; I have deleted the bookmark.

Even doing that doesn’t give me success.

[Man in Space]

Site’s back up and I am able to log in. It does appear to have been a DDoS at this point.

[Raphael]

Site’s back up and I am able to log in. It does appear to have been a DDoS at this point.

I'm no computer expert, but I suspect that, if the site sent emails with malware links to the email addresses of its members, there was more than "just" a DDoS attack going on.

[Travis B.]

I agree -- this does not sound like a DDoS but rather that the CBB was compromised, as a DDoS would not result in malware being sent to users via privately-stored email addresses.

[Man in Space]

lurker says:

Here's what I saw from the outside.

According to my scraper script, the attack started between 05:35 and 05:40 CDT yesterday, when the user count jumped from 387 to 909. The attack lasted until around 16:05 CDT (4 PM), when the user count dropped from 787 to 53. For the duration of the attack the user count hovered around 2000, with a maximum of 2591 users at 08:35.

When the attack concluded, I and others were unable to log in, getting a password incorrect error. I received no email notifications after being PMed, and attempts to create new accounts resulted in a blank screen. Others were still logged in and able to post, but attempts to change passwords were unsuccessful.

[Travis B.]

My thought from this is that the CBB was compromised and that it was compromised was covered up by making it look like a 'mere' DDoS. I would not trust the CBB at this point, and any passwords used with the CBB if shared with other sites should be assumed to be known (as even if the password was not stored in plaintext, which unfortunately they sometimes are, often only weak hashes have been used, such as MD5, which is known to be relatively quickly breakable).

[Man in Space]

My thought from this is that the CBB was compromised and that it was compromised was covered up by making it look like a 'mere' DDoS. I would not trust the CBB at this point, and any passwords used with the CBB if shared with other sites should be assumed to be known (as even if the password was not stored in plaintext, which unfortunately they sometimes are, often only weak hashes have been used, such as MD5, which is known to be relatively quickly breakable).

I’ll pass that along to them.

[Travis B.]

If you used the same password for the CBB as for any other site, change the passwords on each and every other site sharing it immediately would be my recommendation.

[Ketsuban]

I'm not seeing much evidence here that the CBB actually was compromised. A few people receiving a phishing email that got past the spam filter isn't that, and putting a CAPTCHA-style knowledge check on signups is exactly the sort of thing a target of a DDoS attack does since they specifically target pages which can't be cached and try to get your system to send spurious password reset emails and the like since that's more traffic tying up your server resources.

[Travis B.]

I'm not seeing much evidence here that the CBB actually was compromised. A few people receiving a phishing email that got past the spam filter isn't that, and putting a CAPTCHA-style knowledge check on signups is exactly the sort of thing a target of a DDoS attack does since they specifically target pages which can't be cached and try to get your system to send spurious password reset emails and the like since that's more traffic tying up your server resources.

Unless a user has made their email be able to be emailed publicly, any phishing emails would be very suspicious because it would mean that the attacker has managed to get inside the site's database and extract any emails of users.

[zompist]

Unless a user has made their email be able to be emailed publicly, any phishing emails would be very suspicious because it would mean that the attacker has managed to get inside the site's database and extract any emails of users.

phpBB boards can display e-mail addresses-- you just have to look at a person's profile. This is turned off for the ZBB. Any CBB members might want to check if it's turned off there as well.

[linguistcat]

As far as I know, I never got a phishing email from the CBB (or any emails from the time of the attack), and I don't have my email public on there. So it's definitely not something that happened to everyone, and I don't think whoever did this got very deep. But I'm also not a computer expert.

ETA: If the website isn't of use to you anymore, you don't need the excuse of it being tampered with to leave or even close your account. You can just leave.

[WeepingElf]

ETA: If the website isn't of use to you anymore, you don't need the excuse of it being tampered with to leave or even close your account. You can just leave.

Yes. And that's what I decided to do: leave it.

[lurker]

Another surge of traffic started yesterday around 5 PM CDT and has yet to abate. The site is weathering the storm much better this time, but I figured I'd add a little redundancy by signing up here in the event things go south.

[TomHChappell]

Maybe your compass rose is a better representation of what we’re often trying to do here*.