Friends,
While doing routine checking of our logs, we identified a security breach of our systems. In particular, one of our computer’s databases had been attacked with an sql injection process. The entry point was via the url used to access the LCGv1 which points directly to our mysql databases. While this attack wasn’t damaging to our databases and we are not in danger, it resulted to more than 10,000 records (including email addresses) being downloaded. We also noticed that LCGv1 was hit more than 9.5 million times since 2012, so it is likely that such massive downloads have happened in the past.
As a result, many permissions were removed from the LCGv1 and we are working to conduct a security review, checking the rest of our software for such hidden vulnerabilities. This also emphasizes the need to remind everyone to follow best practices when it comes to online accounts and passwords. At the AAVSO, all user passwords are encrypted (so really difficult to access) and we are not keeping anyone’s financial information (we also use PayPal for transactions, which has its own very strict security protocols). Being paranoid about security is the best we can do to protect our servers and your information. Such cyberattacks happen routinely everywhere, and there is no way to make any system completely safe against a determined hacker. Please make sure to change your online passwords every ~6 months and not use the same password twice. Also, if you receive emails with the subject line “We have your password: <xyzzyx>” please treat it as spam. This is not only for your AAVSO account – this is a widespread recommended security procedure that will make your online presence safer.
Thank you for your attention to this matter.
Best wishes – clear skies,
Stella.
Hi Stella,
Not sure how relevant this is, but I had an email today from the "Journal of Physics and Astronomy" (addressed to "Dr. Michael Poxon"!) asking if I would like to contribute an article of mine to their publication. Well, the article is in the public sphere anyway - i.e., JAAVSO - so I had no objections. On visiting the website at:
https://www.tsijournals.com/journals/journal-of-physics-astronomy.html
it looked reasonably kosher apart from the bit where contributors are supposed to PAY $1000+ for their articles to be included! I hope they didn't seriously expect me to be taken in by this generous offer. The site looked quite acceptable, however. Must say I have never heard of this particular journal, but there are a lot out there...
Hello Michael,
There is a different forum thread discussing this journal; it doesn't seem to be a predatory one. I get invitations like that from random journals very often, and simply ignore them. Remember, your email is publically available if you have published a manuscript in any journal or if you have participated in certain open forums or blogs. For predatory jounrals, please check the following: https://www.tsijournals.com/journals/journal-of-physics-astronomy-archi…
I hope this helps.
Best wishes - clear skies,
Stella.