The Crooks, The Teams, Their Plugin, and Our Server


If you are a regular reader of ours, you might have noticed that our website was down for about a week, and just came back up last night. While the rest of the editorial team debates over whether our server going down or most people not knowing about it is the better of two evils, take a few minutes to listen to the tale of why our server went down. I promise you, it is probably the most interesting thing to come out of Web Operations teams in the Institute in a long, long time.

(Before I begin, I would like to thank Prof. Phanikumar from the computer centre for providing us with this information, and for his assistance in helping us get back online. Also, apologies for the lack of details and names in it; this is a sensitive issue.)

As of now, T5E, along with the websites of quite a few other student-run organisations, is hosted on the students2 server. The teams who run their websites on it are always tinkering with the server, trying out new things. In accordance with Murphy’s law, and the principle that if you press enough buttons, you will eventually end up breaking something, things often go wrong in the course of such tinkering. While this is not necessarily a bad thing, for after all, we only fall so that we can learn to pick ourselves up, it can have strange consequences.

Most of the websites on the students2 server, including our own, run on the WordPress publishing platform, which can be found all over the internet. One of the main strengths of WordPress is its extensibility; there is a WordPress extension for virtually anything. However, not all plugins are created equal, and one of the tinkering teams (Guilty parties, you know who you are.) installed a plugin with a security vulnerability which allowed intruders (the Crooks) to gain control of students2.

As one does when one has a server under one’s control, the Crooks decided to send emails purporting to be from an Australian bank to its customers, phishing for their login information. Receiving complaints, the Bank’s cyber-security team traced the emails to the IP address of students2, and contacted the Computer Centre, who immediately shut down the server to prevent further damage. We’re back now, thanks in no small measure to help from Prof. Phanikumar of the Computer Centre and Prof L.S. Ganesh, Dean Students. Discussions are underway for us to move to a dedicated server soon, and we hope to stay online, and stay current, more often.

Write a Comment

Your email address will not be published. Required fields are marked *