| 00:05:04 | <Dango360> | i hope they have a system in place to force reset passwords |
| 00:31:27 | <HP_Archivist> | As I said in the Discord, they - IA - just can't catch a break. |
| 00:32:19 | <HP_Archivist> | All of this unfolded as I was studying for a lab exam. Not exactly great timing. Someone mentioned Jason did a Twitter conference or something; what came of that? |
| 00:35:49 | | magmaus3 quits [Read error: Connection reset by peer] |
| 00:36:00 | | magmaus3 (magmaus3) joins |
| 00:51:40 | <DigitalDragons> | The Twitter space was just a general chat, he didn't say anything about the issues at IA today |
| 00:52:22 | <DigitalDragons> | Well, specifically, said he's not on the team that deals with this kind of thing and didn't want to speculate or confuse people |
| 00:52:43 | <TheTechRobo> | yeah he said the same thing on stream today |
| 00:52:50 | <TheTechRobo> | you said IA S3 is healthy? |
| 00:54:11 | <nicolas17> | TheTechRobo: I was told uploads continued to work throughout the DDoS even |
| 00:55:21 | <DigitalDragons> | TheTechRobo: I just saw on catalogd (looking at it after the alert incident) that archive tasks were appearing and being processed |
| 00:57:46 | <TheTechRobo> | Ack |
| 01:00:22 | <@JAA> | archive.org is timing out again for me. |
| 01:02:27 | <DigitalDragons> | So "behind the scenes" stuff was running for at least a decent amount of time before the archive.org itself came back, don't know exactly how long though |
| 01:03:46 | <HP_Archivist> | DigitalDragons: Thanks for the info |
| 01:07:47 | <HP_Archivist> | JAA: I was, briefly, able to sign into one of them and change credentials. Then it timed out again =/ |
| 01:09:38 | <DigitalDragons> | Speeds actually just improved here |
| 01:11:34 | <@JAA> | HP_Archivist: Signin, yes, account settings page never loaded here. |
| 01:11:39 | | ell7 (ell) joins |
| 01:22:01 | <@JAA> | > What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. |
| 01:22:04 | <@JAA> | > What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. |
| 01:22:07 | <@JAA> | https://nitter.lucabased.xyz/brewster_kahle/status/1844183111514603812 |
| 01:22:18 | <@JAA> | Clear as mud :-) |
| 01:25:10 | | whaambaaam joins |
| 01:31:47 | <TheTechRobo> | IA is slow for me but not timing out |
| 01:56:34 | | whaambaaam quits [Client Quit] |
| 03:35:53 | | legoktm joins |
| 04:06:37 | <Exorcism> | nice https://irc.digitaldragon.dev/uploads/ae97b4103b44e9f2/Screenshot_20241010_060420_Proton%20Mail.png |
| 04:33:56 | <that_lurker> | Now comes all the HackerNews posts about the maybe preach |
| 04:35:27 | <that_lurker> | s/maybe// |
| 04:43:00 | <that_lurker> | if someone is actively monitoring this could you ping me or mention here when the system scrubbing is done so I can change my password. |
| 04:47:53 | | pabs hopes they reduce the amount of JS the site uses... |
| 04:48:15 | <that_lurker> | at least it was self hosted js, but yeah |
| 04:48:43 | | pabs wonders if his "accidentally deleted" account will be recoverable after the breach... |
| 05:06:04 | | nyany quits [Excess Flood] |
| 05:06:27 | | nyany (nyany) joins |
| 05:26:16 | <Exorcism> | https://irc.digitaldragon.dev/uploads/64b973f78cf41d2f/20241010_072311.jpg 💀 |
| 05:45:21 | <that_lurker> | Of all the targets that would fit even more to what they are saying there they choose IA. Most likely because you can ddos it down more cheaply, but still |
| 06:58:53 | <IDK> | whoever sent that tweet is most probably below the age of 14 lol |
| 07:02:21 | <that_lurker> | or a <Insert known USA targetting botting country> bot |
| 07:19:36 | | ThreeHM (ThreeHeadedMonkey) joins |
| 07:41:39 | | lumidify (lumidify) joins |
| 08:00:36 | | murb (murb) joins |
| 08:47:05 | <IDK> | IA down again, related? |
| 08:47:28 | <nyuuzyou> | probably yes |
| 09:16:22 | | sralracer joins |
| 09:17:08 | | sralracer is now authenticated as sralracer |
| 09:17:31 | <IDK> | btw, IA servers do have backups right? aka they will not get primary + secondary server wiped at the same time right? |
| 09:19:00 | <nyuuzyou> | they store backups their data using filecoin |
| 09:19:07 | <nyuuzyou> | s/store// |
| 09:20:19 | <IDK> | isnt that dead and doesnt protect against ransomware either |
| 09:21:54 | | nstrom|m joins |
| 09:33:54 | <nyuuzyou> | I don't think the data is in any danger |
| 09:33:54 | <nyuuzyou> | I think they had access to the user database, not the entire file system |
| 09:40:10 | <lumidify> | By the way, does anyone know where IA stores information about donations? I know they store it somewhere because they randomly sent me a letter once, but it's not linked to an account, so I have no idea what exactly they're even storing and where they're storing it. |
| 09:43:18 | <that_lurker> | most likely in some email list, so it would contain your (user)name and email |
| 09:43:52 | <IDK> | Is their internal DNS down? https://usercontent.irccloud-cdn.com/file/Eo1nA20H/image.png |
| 09:44:42 | <that_lurker> | a lot of things might be down if they are under ddos and also going through the server because of the breach |
| 09:44:54 | <that_lurker> | s/server/servers |
| 09:54:22 | <lumidify> | that_lurker: They sent me an actual letter in the mail once because of some fundraiser, so they must be storing more than that. |
| 09:59:50 | <nyuuzyou> | <IDK> "Is their internal DNS down..." <- website is still down for me |
| 10:00:37 | <katia> | archive.org and web.archive.org are up for me |
| 10:00:52 | <nyuuzyou> | https://check-host.net/check-report/1f298539k5a |
| 10:01:25 | | qwertyasdfuiopghjkl quits [Ping timeout: 255 seconds] |
| 10:02:45 | | qwertyasdfuiopghjkl (qwertyasdfuiopghjkl) joins |
| 10:15:49 | <steering> | nicolas17: to provide one singular data point, the email I got an alert about from HIBP has uploaded 0 items to IA |
| 10:21:40 | | qwertyasdfuiopghjkl quits [Ping timeout: 255 seconds] |
| 10:25:07 | | knecht quits [Quit: knecht] |
| 10:25:43 | | knecht (knecht) joins |
| 10:31:29 | <f_> | that_lurker: what in the world is this |
| 10:31:44 | <f_> | IA doesn't even fit what they're saying |
| 10:33:47 | <f_> | IA is about archiving whatever... not ... this |
| 10:36:37 | <danwellby> | I think my account (that I got a HIBP alert for) has only done wayback machine captures via either the web interface or the firefox addon |
| 10:38:34 | <danwellby> | I don't recall if I saved any to my account though, and can't for obvious reasons check |
| 11:16:19 | | Webuser398 joins |
| 11:17:35 | | anon00001|m joins |
| 11:38:37 | <IDK> | from what im seeing, basically everything is knocked offline, even ia canada servers https://dn720900.ca.archive.org/ for example |
| 11:38:59 | <IDK> | last time they did not really go for the individual servers |
| 11:51:48 | <datechnoman> | Sorry, but DDOS folks are back and knocked http://archive.org and http://openlibrary.org offline. @internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability. |
| 11:52:02 | <datechnoman> | From a twitter post (Brewster Kahle) |
| 11:52:23 | <datechnoman> | They might have just turned everything off for a bit to risk mitigate |
| 11:52:45 | | Xanthon quits [Remote host closed the connection] |
| 11:54:56 | | IRC2DC joins |
| 11:58:36 | <Webuser398> | Seems they are taking the slower but more cautious approach which is definitely for the better. Do we know why they are getting attacked in the first place? |
| 12:02:07 | <steering> | someone wants to advertise their ddos services, probably. |
| 12:03:20 | <steering> | according to the random person on twitter taking credit, blabla israel blabla death to america kinda thing |
| 12:04:26 | <Webuser398> | :( |
| 12:09:20 | <@JAA> | The same source also took credit for the JS injection (several hours after it had happened and been fixed), and I agree with Troy's assessment that this looks like unrelated attacks. So... X |
| 12:17:11 | <IDK> | Hi, looks like IA has started routing some of their IP through AS13335 (Cloudflare) |
| 12:18:39 | | nyuuzyou uploaded an image: (76KiB) < https://matrix.hackint.org/_irc/v1/media/download/AcJpF07RXICkguGl2FBucjKFK-xWcvz-0-EpRB5taJoUgiOct2GJgy96V-nCGWc19ARIF_rDG7gUf8PKd4sP-rtCfb40mjDwAG1hdHJpeC5vcmcvRk9tWGpCRE9kWkJVeEdKRlVNQ2d6dUdE > |
| 12:24:39 | | Webuser398 quits [Client Quit] |
| 12:26:19 | <IDK> | https://usercontent.irccloud-cdn.com/file/dMrbK88q/image.png |
| 12:51:00 | | driib quits [Ping timeout: 260 seconds] |
| 12:54:42 | | driib (driib) joins |
| 13:08:19 | <katia> | indeed seems like all IPv4 AS7941 are announced just to CF |
| 13:08:33 | <monoxane> | I wonder how much cf is charging them |
| 13:08:41 | <monoxane> | its gotta be over 100k |
| 13:08:45 | <katia> | :( |
| 13:09:20 | <katia> | how about 0 and cloudflare gets to gloat in a blogpost |
| 13:10:41 | <monoxane> | cloudflare are not known for being nice to organisations in need unfortunately |
| 13:11:06 | <monoxane> | enterprise pricing is literally whatever they can wring out of you on the emergency phone call setting up your service |
| 13:11:40 | <monoxane> | ive heard anything from 30k to 180k for functionally the same bandwidth and services |
| 13:14:17 | <katia> | indeed :/ |
| 13:15:32 | <nyuuzyou> | Cloudflare uses Web Archive for Always Online. I think as partners they have special terms for IA |
| 13:17:22 | | MinervaX joins |
| 13:20:23 | | driib quits [Ping timeout: 258 seconds] |
| 13:23:04 | | MinervaX quits [Ping timeout: 258 seconds] |
| 13:29:47 | | MinervaX joins |
| 13:33:35 | | magmaus3 quits [Ping timeout: 260 seconds] |
| 13:34:13 | | magmaus3 (magmaus3) joins |
| 13:38:41 | | driib (driib) joins |
| 13:38:58 | <sralracer> | https://www.cloudflare.com/case-studies/internet-archive/ |
| 13:39:09 | <sralracer> | don't know how relevant it still is |
| 13:39:23 | <sralracer> | but it sounds like they are doing it for free |
| 13:43:33 | | nano412510 (nano412510) joins |
| 13:45:20 | <MinervaX> | Yeah, IA and cloudflare have had a mutual deal for a while. Gotta be the biggest loser on earth to hack IA. |
| 13:50:46 | | magmaus3 quits [Read error: Connection reset by peer] |
| 13:50:56 | | magmaus3 (magmaus3) joins |
| 13:51:28 | | Xanthon (Xanthon) joins |
| 13:56:53 | | driib quits [Client Quit] |
| 13:58:49 | | driib (driib) joins |
| 14:05:27 | | nukke (nukke) joins |
| 14:29:24 | <katia> | >The Internet Archive, known for it’s webpage |
| 14:30:26 | <katia> | but yeah, sounds like it is free :) |
| 15:04:04 | | Sidpatchy (Sidpatchy) joins |
| 15:34:55 | | MinervaX quits [Ping timeout: 260 seconds] |
| 15:47:01 | | MinervaX joins |
| 15:49:49 | | CrispyAlice2 (CrispyAlice2) joins |
| 16:18:47 | | Xanthon quits [Read error: Connection reset by peer] |
| 16:21:55 | | Explo joins |
| 16:37:34 | <IDK> | https://x.com/Sn_darkmeta/status/1844358501952618976 |
| 16:38:47 | <IDK> | We don't think you are teenagers, we think yall are 12yo skids lol |
| 16:40:15 | <IDK> | To be completely honest I dont think they have anything to do with the attack, just a bunch of kids seeking attention on twitter |
| 16:41:17 | | Xanthon joins |
| 16:41:18 | | Xanthon is now authenticated as Xanthon |
| 16:41:18 | | Xanthon quits [Changing host] |
| 16:41:18 | | Xanthon (Xanthon) joins |
| 17:03:36 | <nyuuzyou> | I believe it is our task to preserve and protect all that they are so eager to destroy |
| 17:09:09 | <danwellby> | I would suspect ia is just down while they move to cloudflare protection and do maintenance unless proven otherwise |
| 17:10:42 | <sralracer> | as per brewster kahle on Twitter: "Sorry, but DDOS folks are back and knocked http://archive.org and http://openlibrary.org offline. |
| 17:10:43 | <sralracer> | @internetarchive |
| 17:10:43 | <sralracer> | is being cautious and prioritizing keeping data safe at the expense of service availability." |
| 17:17:20 | <danwellby> | That makes sense, ddos is a fun one considering someone is seemingly showing off |
| 17:24:35 | | MinervaX quits [Ping timeout: 260 seconds] |
| 17:26:00 | | MinervaX joins |
| 17:30:29 | <Vokun> | IA, on top of all the other reasons listed as a strange place to DDOS, I feel like the last people you'd want to irratate are highly tech centered people trying to save stuff. I feel like if you get enoughd data hoarders together they'd be faster at finding someone than the CIA |
| 17:47:06 | | a joins |
| 17:49:55 | <Xanthon> | this isn't first time the group has attacked IA. The one claiming responsibility is the same one that ddos spotify few months ago |
| 17:54:40 | <MinervaX> | Honestly are they just doing it for fun and to prove that they can? That's like someone proving how tough they are by beating a toddler in a fight. |
| 18:04:14 | <OrIdow6> | Anyone able to access this? https://x.com/i/spaces/1YpKklAnoEdGj/peek tweeted by JS - I just get an error |
| 18:06:31 | <Medowar> | ye, works for me |
| 18:16:25 | | a quits [Ping timeout: 255 seconds] |
| 18:30:30 | | MinervaX quits [Ping timeout: 260 seconds] |
| 19:07:26 | <nicolas17> | there are again cryptobros saying why don't you "just" put all the data in filecoin or something |
| 19:07:30 | <nicolas17> | how much data is in IA again? |
| 19:17:53 | <pokechu22> | Didn't filecoin offer that as well? I remember seeing something on the IA blog about that. Not sure what happened with that though |
| 19:19:24 | <nicolas17> | afaik Brewster is in the filecoin board of advisors, so I'm not sure what these cryptobros think they are contributing to the conversation with their "have you considered using blockchain" |
| 19:25:50 | <HP_Archivist> | IDK: Can you link where you got those images from? |
| 19:26:29 | <IDK> | HP_Archivist: The BGP announcements? https://radar.cloudflare.com/as7941 |
| 19:32:13 | <HP_Archivist> | IDK: Yeah, thanks for this |
| 19:51:57 | | @hook54321 sets mode: +o anon00001|m |
| 19:52:08 | | @hook54321 sets mode: -o anon00001|m |
| 19:52:21 | <@hook54321> | (Misclick) |
| 21:25:50 | <sralracer> | as per Brewster Kahle on twitter: |
| 21:25:50 | <sralracer> | "Update: @internetarchive’s data has not been corrupted. Services are currently stopped to upgrade internal systems. |
| 21:25:51 | <sralracer> | We are working to restore services as quickly and safely as possible. |
| 21:25:51 | <sralracer> | Sorry for this disruption." |
| 21:31:46 | <nicolas17> | who thought there was corruption? m( |
| 21:32:43 | <sralracer> | this whole thing atracted a lot of idiots |
| 22:11:38 | | sralracer quits [Client Quit] |
| 22:26:46 | <nicolas17> | bleh, "ia upload" does *not* work |
| 22:27:30 | <nicolas17> | I don't know if S3 is still working, but the command line tool starts by making a request to archive.org/metadata/$collection anyway |
| 22:31:17 | <DigitalDragons> | catalogd isn't up right now like it was previously, either |
| 22:48:14 | <HP_Archivist> | It'll probably be a little while before back to normal, honestly. It's a good time to revisit other things perhaps. |
| 22:50:34 | <nicolas17> | HP_Archivist: I'm accumulating telegram tasks :P |
| 23:20:38 | | qwertyasdfuiopghjkl (qwertyasdfuiopghjkl) joins |
| 23:29:34 | | Webuser713 joins |
| 23:30:20 | | Webuser713 quits [Client Quit] |
| 23:45:36 | <Flashfire42> | nicolas17 good luck with all the dupes |