|
|
|
|
|
|
by iancarroll
2624 days ago
|
|
|
Did the blog get hacked (again?) in between this being posted and now? It has what looks like password hashes and `uname -a` from every(?) server in their infrastructure. This is about as bad as IR can get: you realize you got hacked, you re-build your entire infrastructure and publicly say it's fixed, and then you get popped again... |
|
|
it stated "Having fully flushed out the attacker [...]" which i guess turned out to be false :-/
also im getting invalid HTTPS certs on the blog now. for some reason im getting a cert that looks like its for github.com ?
edit: now im getting a lets encrypt cert on matrix.org, but a cloudflare SSL error page when i go to www.matrix.org ? the lets encrypt cert looks like it was just issued about an hour ago.
edit2: i guess both with and without www. are lets encrypt, but the with www. cert was issued back in february (and gives a cloudflare SSL error page), while without www. was issued today. (and gives the current hacked message)