Hello, fellow sceners...
Since no official notice has been going around with more information this writeup will hopefully
shed some light onto the whole 'corona era bust' or in other words, the SPARKS busts as the feds
like to call it.
The scene has been hit hard by various agencies from around the globe. Totaling over 29 sites has
been busted within 14 country's, mostly within Europe.
As from the looks now it is certain to say that the bust took a big bite out of the iSO scene.
without a doubt, this will not be the last of it since
there will be more information available for the feds to chunk through now.
Rumors has it that there was a bust in France from a known user that was also running an IRC server
for the linknet IRC network. This is not confirmed nor denied.
So please use linknet only with the common security practices (Ssl, Blowfish, Channel encryption).
This rumor should not be taken lightly and it's advised to keep sites off linknet and use a private
IRCD for any site related actions if possible.
As it will take time to rebuild and get everything back online here are some best practices that
might help you understand the risks.
Remember full mitigation is not possible so use your brain!!
## For Siteop's
1) Reset the full affil and user database. Make sure that every person either from group or trading
is being readded with up2date information that you find secure.
2) In addition to rebuilding the user/affil database make sure that the users either have set up a
fresh bouncer/znc or connect through socks.
3) Upgrade the site to maximum version; v2.10a (2019-12-30, glftpd) This version is prior to any
ongoing problems, If needed downgrade, also check SSL!!
4) Upgrade the server with the last possible kernel/packages to avoid any vulnerabilities that might compromise the server.
5) Make sure there is no logging enabled and that everything is encrypted as it should be with
either luks(Linux Unified Key Setup) or another variant.
6) Did you host any busted groups? Consider rebuilding as suggested above but also rename the site,
change port and also change ip's and domain names.
7) Avoid adding users with the same/old bouncer information or with the same username. Suggest to
them to change it all before being added back.
8) Don't accept IP wildcards make sure it is either backed up with an ident and the first 3 octets
of the IP range.
9) Please use common sense when re-adding users, fall back on oldskool intuition.
## For Users/Curry's
1) Got a bouncer? Make sure to change the information -> domain name, port, and IP address.
2) Change username/ident for all sites.
3) Make sure to clear all logs and crypt any shells that are being used for scene related tasks.
4) Auto trading bots should be reconfigured to fresh values including the above measures.
5) Avoid insecure sites or sites that are ignoring the security measures. Especially within iso sites.
This writeup has been put together for the love of the scene, we will back and we will thrive again!
Thoughts are with the fallen ones