Recent searches
Search options
Seeking help from an IT security person - please share!
I run an open source, federated event sharing site, #Gathio (https://gath.io). A few days ago, it was victim to a ransomware attack that deleted the database. I need a few hours of someone's time (paid of course!) to sit with me and go through my security configuration ASAP.
Sometimes, running open source, free, community services _sucks_. 
If you were hosting an event on Gathio:
1) I'm really sorry. This sucks - it's never happened before, which is hardly a comfort for you, I'm sure. I'm doing all I can to make sure it never happens again, and I've taken Gathio offline for the time being.
2) If you created your event (or group) before 1 August 2024, it'll be in a backup that was made on that date, which I'll restore after the server is secured. If you made it after that, I'm afraid it's gone.
If you run your own Gathio instance:
For the time being, I recommend you take it down, in case there's a security vulnerability in the Gathio code itself.
An update: https://gath.io is back online and safer than ever, thank you everyone for your support and advice.
@lown I just discovered your service recently and set up an event there (now gone). I really like the site and the philosophy behind it.
I am an Android app/OS developer and server maintainer. I don't work professionally as a security expert but I know a fair amount about security and can maybe help you. I don't need any money. I just like what you are doing.
@lown hope the fallout is as painless as possible & you’re able to continue this project - really interesting & thoughtful implementation
@dragginganox thank you, that's very kind!
@lown I’m sorry that happened. I boosted your post and will try to find someone who can help.
@jerry thank you!
@lown Hi, I'm also Raphael and I also build open source stuff for events. I'm not a security specialist, but I have dabbled with security things over many years. I have neither the skillet nor time to offer something like a full forensic investigation, but if you need to talk to someone for an hour to figure out where to start, happy to do so.
@lown I am sorry that this happened to you.
I assume that your repository is https://github.com/lowercasename/gathio and the code is node running on linux (ubuntu?) and using mongodb?
I am not the person to help with this but perhaps consider streaming or at least daily backups as part of your restoration plan. I’m sorry if this sounds obvious. Just trying to be helpful not rub salt in the wound!
@imclaren that's correct! That's great advice and I will absolutely be doing this now - not at all running salt in the wounds, it's very lovely to see so much support!
@lown Are you still looking for someone? If yes, maybe giving some more information on what you mean with "going through my security config" might help.
Do you want to
* Find out how the server got hacked?
* Make sure the server is properly hardened, but don't focus on the application itself?
* Perform a source code review / pentest to find vulnerabilities in the application?
* Do all of the above?
* Do something completely different?
Also tagging #infosec, maybe someone there is interested in a challenge ;)
@derconno great questions, thank you! In the first instance I'm (1) trying to work out if the old VPS itself is compromised, and what the access point was (I have a suspicion but I don't know for certain) and (2) set up a new VPS and make sure it's secure.
@lown I'm so sorry, what an absolute bastard of a thing.
@lown did you already get the help you need?
@lown Can you say here what kind of technologies / database you are using? So you can get someone who can offer the right kind of help.
@rvedotrc It's a web app and a MongoDB database running in Docker on an Ubuntu host.
@lown I don't know really anything about the MongoDB part but I'm willing to have a first look with you to get an initial understanding. For free. HMU via email, see my profile.
@rvedotrc thank you so much, I will!
@lown Oh no! I boosted, this really sucks and really hope someone can help
@cubicgarden thank you, that's very kind! Someone is going to look into it with me tomorrow!
@lown No problem, I find Gath.io a fantastic service and I have used it for many things.
Gives me chills how useful it can be without the usual surveillance.
Not considered hosting it myself but may do in the future for the small events I host 