The DiaryMaster
November 18, 2003

Security Warning

Hello everybody,

When you login to your diary today, you will be seeing a message requesting that you change the password on your diary.

I’ve posted this message because there was an attempted attack on our server early this morning. The person or persons responsible tried to place a rogue program on our server that would take advantage of our own password retrieval program to have account passwords e-mailed to them. This is the program that sends you your password if you forget it.

Because of the design of our program, it is impossible to retrieve the user names that go with the passwords, or the e-mail addresses that they are registered to. As a result, I don’t believe that any information was actually compromised.

However, for safety’s sake, I would ask that you each change your passwords to something new. When you are selecting your new password, please remember:

  • Don’t use common words, your name, or anything that is easily guessed.
  • Use a combination of letters and numbers.
  • Use as long (up to 8 characters) a password as possible.
  • Save a copy of your password in a safe place, so you don’t forget it.

I’ve also taken the password retrieval program offline temporarily so that we can evaluate its security and make any necessary changes.

Our server logs captured the IP addresses and host names of the computer that was used in this attack, and this information has already been forwarded to federal and state law enforcement agencies.

The ISP that this person used to connect to our server will be subpoenaed to release their name, address, and any other pertinent information.

When a person attempts to steal information such as passwords from a commercial web server (which OD is), and that intrusion occurs across state lines (which this was), that person has committed a federal crime – which falls under the jurisdiction of the FBI Computer Crimes unit. The person or persons responsible will be prosecuted to the fullest extent of the law – I take nothing more seriously than the security of our site and the information it contains.

The DiaryMaster

Log in to write a note

You seriously are the best. I hope enough people tell you that throughout each day. :o)

changed!

Glad you are on top of it so well! Keep up the great work you do : ) Hugs

I wonder if this was specifically targeted to OD (some kind of disgruntled “malice aforethought” thing) or was OD just one in a list of random sites tageted for someone’s amusement.

My little paranoid mind I suppose. When I wrote the above note, I had one specific ex-diarist in mind. You probably know to whom I refer.

Go DM! Go DM! DM, Private Eye….

So fess up – what state did the attack come from? Satisfy our curiosity!

Way to go on persuing this! I hope they catch whoever did it. 🙂

I’m just glad that they’re able to be caught and punished. Thank you for making this site so safe!

you rock! i’m glad to know that OD is as protective as it is! that makes me feel really secure in your site! again, you rock DM!

You go DM! Man, I can’t believe some people. I’m glad you’re taking this seriously. 🙂

Thanks for shareing this. I hope my diary does not get into by someone.

I hope you dont mind me posting your diary enteries. Let me know if it ok to. I would like to share this entry with others who may not know about it. Talk to you later.

Thanks for keeping us safe.

Good, I hope you catch him/her/them and they get prosecuted to the fullest extent of the law.

Sic ’em!!!!

Thank you, DM!

The program will not allow me to change my password. I receive an error message telling me that my “new name” has “<" in it and that is not allowed. I am not attempting to change my name, nor is there html in my new password. Explain?

Thank you for looking after us!

hey, how come i cant post pictures in my diary? i tried the insert image link. is there something else i need to do?

Umm…. I’ve been trying to lock my diary for ages but OD aint allowing me to lock the diary, everytime i click lock i get directed to the main page with the diary still unlocked. Is that related to the security problem in someway?

I never got that message! mannnnn I’ve been writin in my diary for YEARS and now I lost it!! =

My friends diary doesn’ texist anymore but she logged in aroudn 2 weeks ago. Did you happen to clean out the system of old diaries or diaries that hadn’t had an actually entry in quite sometime?

I tried to change my password when the warning came up, but when I clicked the link, the 500 error thingy came up. SO…i can’t do it.. =( I’ll try again, but.. just to let you know it’s not working at the moment

i sent an email to the FOD staff about how I could retrieve my old diary Learning2Fly but I have yet to receive a reply. Could you perhaps tell me then by leaving a note on my diary?? I really really would like to have my diary back.. 4 years of work is a long time. Thank you!

Thanks for taking care of things so quickly. Hope they catch the bastard(s).

Alright, so why can’t I change my password? OD keeps saying I’m using the “<" text and I'm not. An explanation would work wonders.

Thanks for taking care of this so well!!! -Jess

people just amaze me. they really do. but thankfully, you amaze me more.

thanks for the warning 🙂 just to let you know…i LOVE the changes you made to OD a while ago.

i changed already 🙂

O wow… I knew what happened but came here to get the full story… I’m glad to know we’re in good hands. Thanks for all your hard work!

I am not sure where else to leave this note…When I now type in the address for OD it is taken over by a site called www,netster.com which is like a search engine. I think it is a kind of spyware. It states at bottom that ..you may have wrongly typed in the address etc. I have to get into OD by using another door such as a diarist name.Has anyone else had this problem/? Alexias

Thank goodness you caught it. I came to the site and it crashed me before I had the chance to log in yesterday morning. For once in my life Im glad my computer crashed! As always thanks for everything you do for us!

I tried to use the link to change my password and it didn’t work. It had something like 440 error or something. TFsaxmajdawg

Thanks for persuing this. I believe it is absolutely necessary. Pattyann

wow, that can be quite scary.. I have one question, though. Should TOD also take the same precautions, and should we also change our passwords on there?.. thanks.

I appreciate your concern for our privacy.

hi, i’m new to OD…how do i join diary circles? i know it seems like a stupid question…sorry…

I wasn’t able to change my password when the oppurtunity came up. It went to a “page locked” or error message. How do I change my password now?

This site uses cookies: Find out more.