Website Downtime Postmortem 2018-01-11
Written by: Ianir the Anomaly
Date: Thursday, January 11th, 2018
Addressed to: Everyone
At approximately 2018-01-11 20:00 UTC, we received reports of the Lusternia website being down. The situation quickly presented itself to be an attack from an outside source which had gained control of a privileged user account.
The attacker immediately installed upon the site a 'cryptomining' script, which uses a user's machine to generate cryptocurrency (such at bitcoin) for the attacker when they visit the site without their knowledge. Normally this would have sat invisible on the site, but custom presentation scripts on the site conflicted with the cryptomining script and caused the entire page to spew a number of odd symbols instead of functioning either for the attacker's or our own purpose. While this did lead to approximately two and a half hours of downtime while we repaired the issue, this was in our eyes the best possible outcome of the situation as it was unable to harm anybody while the site was up.
The logins were detected quickly by our IDS and alerted our web team, who responded near immediately. While we were quick to restore backups, issues with our caching mechanism causing false positives delayed the restoration of the site.
Due to this downtime, the single-sign-on system for our forums was also down. This led to an inability to log into the forums during the aforementioned downtime.
At 2018-01-11 22:40 UTC, all services were restored and we are once again functioning at full capacity. The affected user whose information was compromised has since had their credentials changed and has been advised to analyse their system for any system breaches. All files on our web services and game services have had backups restored and their checksums compared to before the breach, and we are confident that there is no further exposure at this time. Scans during the breach indicate that there was no exposure of malware to any of our users.
We would like to apologise for the disruption and thank you for your patience in this matter.
~ Ianir the Anomaly.
Penned by My hand on the 21st of Kiani, in the year 493 CE.