Posts
The 64-bit portable version released. File hosting switched to the Amazon S3 cloud
/0 Comments/in General/by Yutaka EmuraToday, we released EmEditor v14.8.0, and we also released the 64-bit version of the portable version, in addition to the installer and 32-bit portable versions today. All the installers of all the formats are available to download at the Download page.
Moreover, the file hosting was switched from the old web hosting server to the Amazon S3 cloud service. We hope this change will bring us faster and more stable downloads and updates.
We will continue improving our services. Please contact us if there are any issues with downloading or updating.
Thank you for using EmEditor!
Version 14.6 feature page was added
/0 Comments/in EmEditor Core/by Yutaka EmuraToday, we added the EmEditor Version 14.6 feature page. This new version adds important features with big data and database files in mind: more CSV support, Filter Bar, more Search options including the Extract button. We are planning to release EmEditor Version 14.6 very soon.
Thank you for using EmEditor!
Investigation report about the hacking incident
/0 Comments/in General/by Yutaka EmuraYesterday, we received the final investigation report from JPCERT/Coordination Center.
How unauthorized hacking was happened
From the various remained access logs, we could not identify the cause for the unauthorized hacking. We confirmed suspicious accesses (web and ftp) from 203.194.144.#, and we confirmed traces of attack attempts in early August. However, we couldn’t identify how the hacker entered our site just by these traces. There were no successful logins from these IP addresses.
About unauthorized redirects
From the remained access logs, the following 2 accesses were considered unauthorized accesses redirected by the .htaccess that was placed by a hacker.
#.#.#.# - - [18/Aug/2014:05:41:38 -0500] "GET /pub/updates/emed64_updates_ja.txt HTTP/1.1" 200 884 "-" "AdvancedInstaller" #.#.#.# - - [18/Aug/2014:06:19:04 -0500] "GET /pub/updates/emed64_updates_ja.txt HTTP/1.1" 200 884 "-" "AdvancedInstaller"
These accesses match with the IP addresses written in the .htaccess, the time frame when the incident happened. Also, the number of bytes written in the access log (884) was different from the number of bytes written in the other accesses in the other time frame and other IP addresses.
Usually access logs look like:
#.#.#.# - - [10/Aug/2014:03:45:09 -0500] "GET /pub/updates/emed64_updates_ja.txt HTTP/1.1" 200 855 "-" "AdvancedInstaller"
the number of bytes is 855 for this file, but the above two accesses show the number of bytes as 884 bytes.
The clients who own the above IP addresses were contacted by JPCERT/CC, and found there were no malware infections. The access logs record all accesses including merely update checking without actual installation.
Future measures
In addition to routine updates of WordPress plug-ins and themes, we periodically scan our site for malware, monitor files on the server, access logs, and block suspicious IP addresses. On August 29th, we protected the entire site of emeditor.com with SSL encrypted connections. We are also planning to move our forums to another site or an electronic mailing list for improved security.
The next version of Advanced Installer that we used to make the Update Checker will be able to block update installers without the same digital signature as ours. The future EmEditor versions will restore the Update Checker with improved security.
We apologize for any inconveniences that this situation might have caused you
See also:
Possible malware attack by EmEditor Update Checker
/0 Comments/in General/by Yutaka EmuraDear EmEditor user,
We have found malicious files were placed in a subfolder of the EmEditor website, and we estimate these files were placed by a hacker between 6:36 am and 11:20 am on August 18th in the Pacific Daylight Time (USA and Canada), or between 1:36 pm and 6:20 pm on August 18th in the UTC. If a user uses EmEditor Update Checker from one of certain IP addresses, a malicious program, not EmEditor, might have been installed. The IP addresses are:
For the following list, * represents any number between 0 and 255. All 256 numbers between 0 and 255 are IP addresses in question.
12.44.85.*
12.189.27.*
12.233.153.*
42.147.69.*
49.101.250.*
61.211.224.*
63.119.133.*
64.102.249.*
64.235.145.*
64.235.151.*
66.129.241.*
77.248.69.*
86.111.221.*
106.139.26.*
106.188.131.*
114.160.192.*
118.103.17.*
118.238.0.*
124.248.207.*
133.6.1.*
133.6.91.*
133.6.94.*
133.56.0.*
133.74.211.*
133.173.2.*
150.26.82.*
173.36.196.*
173.38.209.*
182.162.60.*
188.111.86.*
194.98.194.*
198.135.0.*
199.167.55.*
203.104.128.*
203.180.164.*
204.15.64.*
209.97.118.*
210.17.188.*
210.172.128.*
210.174.36.*
210.224.179.*
216.228.150.*
219.195.174.*
For the following list, # represents a number between 0 and 255, but only one number represents the IP address in question. To protect users’ privacy, the actual IP address is hidden by #. If your IP address is included in this list, please contact us at [email protected] with your IP address, and we will let you know your IP address is included.
12.234.38.#
61.202.251.#
101.110.12.#
101.110.14.#
101.110.15.#
101.111.185.#
108.28.100.#
117.103.185.#
118.159.230.#
118.159.235.#
124.85.138.#
126.205.203.#
133.6.76.#
153.163.255.#
180.0.96.#
180.6.227.#
202.7.107.#
202.62.253.#
206.13.28.#
210.148.24.#
210.164.30.# (2 IP addresses)
210.169.198.#
210.175.75.#
210.233.113.#
210.237.143.#
211.7.234.#
If your IP address is included in any of the above lists, and if you use the Update Checker of EmEditor during the above time frame, there is a possibility that your computer might have been infected by a virus. If so, please use anti-virus software to clean your computer.
To check your IP address, please go to www.google.com, enter “My IP”.
Currently, our server hosting company is scanning the whole website. As soon as the scan is completed, we plan to resolve the issue completely by all means.
We will keep you informed of our progress. If we cannot get access to our website, we might use Twitter, Google+, or Facebook to make announcements.
We apologize for any inconveniences that this situation might have caused you.
Website scans were completed and all websites are clean
/0 Comments/in General/by Yutaka EmuraOur website scans were completed, and all our websites were clean, including all of our foreign language EmEditor websites as well as Emurasoft Customer Center. This means this English website was not affected by this case.
Nevertheless, as a precaution, we recommend changing your password if you have an account in one of our sites, and please do not share the same password with Emurasoft Customer Center or any other websites.
To prevent future hacker attacks, we have tightened our security level. We no longer accept new members automatically. If you are not a member yet, and if you would like to join our forums, please contact us.
Once again, we apologize for any inconveniences.
Thank you for using EmEditor!
EmEditor foreign language websites attacked by hackers
/0 Comments/in General/by Yutaka EmuraDear EmEditor user,
On August 12th, 2014, we discovered traces of malicious code in our Japanese EmEditor home page and Simplified Chinese EmEditor home page. Because of this, we temporarily stopped our websites, and we have been checking and cleaning up the sites. In the Japanese site, there were traces where usernames, passwords, and IP addresses of users might have been compromised.
If you have an account in the Japanese site, it is strongly recommended that you change your password. To change the password, please go to the Forums page and log into your account. After signing in, you will see a menu bar showing at the top of the webpage. Go to the top right corner of the webpage that shows your username and in the drop-down menu click “Edit My Profile” .
Currently, there is no evidence that other language sites including this English site was compromised, and there is no evidence that Emurasoft Customer Center was compromised. However, as a precaution, we strongly recommend changing your password if you have an account in these sites. If you share the same password with other websites, we also recommend changing your passwords with those sites.
We apologize for any inconveniences that this situation might have caused you. We are still scanning other language home pages. We will keep you updated if there are any progresses. Thank you.
The forum conversion completed!
/0 Comments/in General/by Yutaka EmuraWe have completed the conversion from old forums to new website!
You can see our new forums here. You will see all old messages are converted to the new website.
If you already had an account with the old forums, your account was converted to the new website. However, your password was set to a random string. Please go to the Lost Password and change your password before you log in to the new website.
Thank you!
Our website redesigned!
/0 Comments/in General/by Yutaka EmuraToday, the EmEditor website has been revamped. Not only did we give the website new fresh look, we also rewrote lots of content in the feature pages. Rather than categorizing by major versions, all the feature contents were recategorized with five major feature groups (Coding, Large File Support, User Experience, Extensibility, and Versatility). In this way, the new website allow you to find information faster than our old website.
Other features of our new website include a better Library page, where you can upload your files directly to our server. The library now includes international files because many files can be shared among all cultures. Moreover, you will be allowed add comments to almost any pages in the website.
To post messages in our Forums, upload files to the Library, or add comments to most pages, if you already had an accout with the old forums, your account was converted to the new website. However, your password was set to a random string. Please go to the Lost Password page http://www.emeditor.com/account/lost-password/ and change your password before you log in.
If you didn’t have an account with the old forums, you will need to register to get a new account for our new website. Note that this is different from the Emurasoft Customer Center. To register, please go to the Register page https://www.emeditor.com/account/register/. You will be asked to enter one of your EmEditor registration keys (v10 or later), and its registered email at Emurasoft Customer Center has to match with the email you are trying to register. This allows us to automate the verification process, and completely block spam. If the email address you are trying to register is different from one used for Emurasoft Customer Center because you have multiple licenses to share in a group, please contact us with detailed information for a manual registration.
If you would like to add a unique image to your profile, an “Avatar”, you will have to visit www.gravatar.com and sign up to upload your image file as “Gravatar”. Your Gravatar will show up in all WordPress-based websites including our international EmEditor sites.
If you would like to subscribe new website activities, please subscribe to these RSS feeds:
EmEditor Forums:
http://www.emeditor.com/forums/
All parts of Website:
https://www.emeditor.com/feed/
If you have any questions or comments, Please let us know by writing in our forums, or you can even add comments to this posting (after you register).
Thank you for using EmEditor!