Created Wednesday, Oct 29th 2025 09:54Z, last updated Monday, Nov 3rd 2025 18:45Z
Unfortunately your editor has become sick last Sunday (Oct 26th), starting with a sore throat and feeling exhausted and sleepy, unable to do anything but sleep. A Covid 19 Test was positive.
Today (Oct 29th) is the first day I don't feel exhausted and sleepy, the throat has become less sore, so hopefully can resume working at a slow pace.
Update Oct 30th 2025 evening: just when I was starting to catch up with editorial stuff for AVH, I got alerted to a security breach on the servers and needed to react to stop the attack and secure our systems, which I succeeded with within an hour, however, not without breaking a lot of own reporting systems which I am now in the process of repairing to be aware again of all functions of the servers. I shall possibly even need tomorrow to update all the systems to finally work again like they did today in the morning before the attack. So no worry, I have not worsened again, still on my way of recovery, feeling better every day now.
Update Nov 3rd 2025: After feeling quite okay for two days now I did another test for Covid 19, the test was negative. I shall do another test tomorrow to confirm the result, then hopefully return entirely to normal and end separation (as we need to protect Sarah from becoming infected, which we so far succeeded in). I still have some mild cold with cough.
In the meantime I have already completely worked up the fall out of the hacker attack. I found out, that the attack had been prepared from Russia's rail road network and enabled the attacker to authenticate into my mail server's outbound service (SMTP AUTH). Then the Russian IP address fell silent, ultimately on Oct 30th 2025 an IP address based in the Netherlands took control, SMTP authenticated to the server and started to send spam to several domains at 11:02Z, I got aware of the attack by a number of bounce messages from mail services like Yahoo, by 11:42z I had identified the source of the attack and stopped it by firewalling those IPs and changing the related password. That compromised account had been used for all my systems reporting problems, so all my systems were basically locked out (and I had no idea actually how many systems were affected until I scoured through each and every the various systems). In the following I was able to identify how the hack was prepared from our server logs, firewalled the offending Russian IP addresses, discovered that the hack had been "cross checked" once from the UK (that IP now also firewalled) and finally was carried out from the Netherlands.
It took several days including even today until I had all systems identified, that were locked out of the reporting account following the password change, now all systems are able to report again.
A security review of the whole of the servers showed, that there was no further compromise of the servers, no data were stolen, none of our e-mails could be accessed and no control of the server was achieved.
In the meantime all defenses with other ISPs like Yahoo have been mitigated and e-mail traffic is back to normal.
In summary, the safety concept of our servers held even in the worst and only breach so far and limited the damage preventing the hacker to gain any further access, cause downtime or worse "own" the server.
