Current Server Security Update

Please Note: The TotalFreedom Forum has now been put into a read-only mode. Total Freedom has now closed down and will not be returning in any way, shape or form. It has been a pleasure to lead this community and I wish you all the best for your futures.

    Just to keep folks up to date, apologies this will be short but I was going to bed two hours ago and have to be up in only a few hours.

    Earlier today an individual has decided to start leaking uuids and ip addresses that are associated with the total freedom community.

    Before that we were made aware of a further potential security concern with an exploit in the network manager plugin.

    And over the last 14 hours our forums have been being the target of some very aggressive denial of service attacks.

    At the current time the team here on TF and in collaboration with the team at ATLAS are investigating the claims with this user list. We so far have confidence that shell access to the server has not been comprised, and initial investigations suggest this is likely to be data that was previously the subject of a cyber attack against our old development server. I will update you on this as we get more answers.

    The nm issue will be investigated throughly after and we have enabled further enhancements to our network wide logging to trace the root cause.

    The forums continue to be the target of a malicious and large scale cyber attack, however at the current time we have been able to keep service running with minimal disruption.

    I would ask that speculation on these are kept to a minimum as it will only fuel the misinformation the troll(s) are targeting us with.

    Wild1145

    Network Owner at TotalFreedom

    Managing Director at ATLAS Media Group Ltd.

    Founder & Owner at MastodonApp.UK

    Just to update, videogamesm12 and root have since confirmed the data leak was in fact a reduced set of data that was previously leaked last year when one of the developers at the time had either their accounts compromised for the server, or shared their accesses (We don't know which, it's claimed to be a compromise). Access has since changed, The following thread has the full disclosure information - https://forum.totalfreedom.me/d/1604-data-br…eveloper-server

    The data redacted would appear to be that of those who were involved in the attack, we're still investigating because it seems really stupid to have done that, but we have confirmed the data doesn't match what is currently on the live server, we are putting some additional steps in place to add additional layers of security into the existing infrastructure as part of routine security enhancements we have been considering.

    -

    The NM Issue has been identified as being executed by a separate party to the other two attacks, and we believe the issue stems from a security vulnerability in the web panel software, this is a different security issue to the one a few months ago, but both have the same result. We have put steps in place to disable the web panel and as a result should no longer have this issue. We will be re-launching the web panel on a different infrastructure model in the future behind additional layers of security as we do not want to and can not properly maintain our own web panel instance in the first place.

    -

    The forums continue to be the target of very aggressive cyber attacks, for context on a "Busy" Day the entire totalfreedom.me estate receives around 30K requests that Cloudflare has visibility over, yesterday we saw around 6 Million unique requests to our infrastructure, and that is only what Cloudflare picked up. The attackers appear to have identified some ways around the cloudflare proxy's and as such the attacks from the last few hours won't be included in the metrics we will start to see tomorrow.

    We continue to work to mitigate and stabilize the forums against these attacks, and apologise for the disruption.

    Wild1145

    Network Owner at TotalFreedom

    Managing Director at ATLAS Media Group Ltd.

    Founder & Owner at MastodonApp.UK

    To update.

    The NM Issue we have mitigated, and we have some steps we will put in place to protect what we believe to be the "Weak" component, which will hopefully prevent it from being exploited again in the future.

    -

    The forums we have been able to re-build the forums on to new infrastructure and with a tighter security configuration to help protect it from these attacks, while this does mean it is more brittle and risks breaking in the longer term, it does in the short term help mitigate the attack, and we can re-visit the security settings when we eventually move off of Flarum.

    -

    With this in mind, I'm going to un-sticky this thread, as I think all ongoing incidents are now closed or mitigated.

    Thanks for your understanding folks, it's greatly appreciated as always.

    Wild1145

    Network Owner at TotalFreedom

    Managing Director at ATLAS Media Group Ltd.

    Founder & Owner at MastodonApp.UK