SPGB website security

Submitted by ajjohnstone on July 8, 2018

Some who come here also visit the SPGB Forum and in the interests of the Thin Red Line solidarity i wish to inform you of an unfortunate event. Hopefully, your own website does not share the same vulnerability but take care and be warned.

Be warned our website is down for the immediate future due to a cyber-attack from persons so far unidentified.
Fortunately, we have a very competent internet committee who are feverishly repairing the breach.
Not being computer savvy, i now quote from an announcement.

Our initial assessment is that the attack took place approximately one week ago and that it was
effected through a security flaw in the content management system (CMS)
that powers the SPGB website. The identity of the attacker is not
currently known to us.

The evidence we have examined so far suggests that the attacker
had the opportunity to access almost all information stored on the web
server, including the SPGB forum's user database. The user database
stores passwords in a secure manner, so it is unlikely that the
attacker was able to see them. However, the attacker may have been
intercepting data submitted through the SPGB website from the time of
the attack until yesterday evening. This means that if you logged into
the SPGB forum on worldsocialism.org, then the attacker may have your
username and password. In any case, if you use the same
username/password or e-mail/password combination on both the SPGB forum
and on other websites, we advise you to change your password on those
other websites immediately.

If you entered any other kind of information (such as submitting a
contact form or sending a private message on the SPGB forum) on the
websites of the SPGB, the World Socialist Movement, the Socialist
Party of Canada, or the World Socialist Party of New Zealand, then
for now you should proceed on the assumption that that information has
been exposed to the attacker.

We are still working to assess the extent of the attack and to repair
the damage, and we will attempt to notify any and all affected users
directly once we are able to gather their contact details from the
relevant databases. So far we have been able to restore the mail server
(but not the webmail interface) and the Socialist Party of Canada
website. We hope to be able to restore the webmail interface and the
WSPNZ website in the next few days. However, the SPGB and WSM websites
could remain offline for several weeks while we fix the security
flaw that led to this breach.

explainthingstome

4 years 10 months ago

Submitted by explainthingstome on June 24, 2019

This is off-topic and I

This is off-topic and I apologize but I'm a visitor of the SPGB website (I'm not a member) and I'm wondering about this site.

I didn't manage to figure out how to write messages to people so I'm writing my questions here where there's people from the SPGB forum.

1. Does this forum allow threads that ask questions about marxian economics?

2. Will I ever be allowed to start threads?

jef costello

5 years 8 months ago

Submitted by jef costello on August 15, 2018

Click on the poster's name

Click on the poster's name and it will take you another page where "Send this user a message" should be an option.
It might be that you didn't have this option because you had ben flagged automatically as a spammer by the software. That shouldn't be a problem.
You can always starrt threads, again this might have been prevented by the spam software.
You can talk about marxian economics, can't guarantee anyone will talk back :)

Steven.

5 years 8 months ago

Submitted by Steven. on August 15, 2018

Explaining, thanks for your

Explaining, thanks for your comment. As part of our anti-spam protections, unauthorised users can't send private messages or start forum threads until they post a request. We have now approved your account though so that should be fine