#3096 - Cloudflare security breach
-
By PDStig
- Added
- 0 views
| Identifier | #3096 |
|---|---|
| Issue type | Major issue (breaks an entire feature) |
| Title | Cloudflare security breach |
| Status | Closed (no changes needed) |
| Handling member | Chris Graham |
| Addon | General / Uncategorised |
| Description | I apologise for not reporting this sooner (didn't think compo.sr was affected, but analyses shows it was).
Cloudflare recently released a bulletin that it was affected by a memory leak buffer overrun bug. This bug could have potentially leaked sensitive information, including passwords: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ compo.sr, ocportal.com, and ocproducts.com is listed in the millions of domains that were affected by this bug, as published by Cloudflare here: https://github.com/pirate/sites-using-cloudflare --- My recommendation is for all domains to release a critical priority bulletin to all site members urging them to change their password as a security precaution. If desired (I did this on lovinity.org), also UPDATE (prefix)_f_members SET m_password_compat_scheme = 'temporary' WHERE id > 1 to force all members (excluding guest) to reset their password on next login. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
compo.sr and ocproducts.com have Cloudflare disabled in its DNS settings
ocportal.com has Cloudflare paused entirely
If you do a "dig" on either it will confirm the IPs are direct to our server, not routed through Cloudflare. Therefore Cloudflare cannot monitor our traffic.
The list you linked to is not put together by Cloudflare and is not a proper list - as it says, it only looks at nameservers. The code they showed is very poor, it should do "IN A" record resolutions to confirm really.