Bukkit Forums

Sunday morning we had an unfortunate discovery and found that the front page of the site had been vandalized. We have no reason to believe your personal data, or passwords, were accessed.

We’ve determined that a bad actor was able to compromise an administrator’s account. Using that account, they were able to edit templates and deface the front page of the site. As soon as we found out, we took immediate action to protect you, our users, and took the site offline.

As a precaution, we’re taking additional measures to help prevent this type of defacement in the future. This includes, but is not limited to, resetting moderator and administrator account’s passwords.

Thank you for your patience as we’ve worked through this today. Please reach out if you have any additional concerns.

Thanks,
Zeldo

This is one of those announcements that no one likes to write and absolutely no one likes to read.

Recently one of our site administrator's accounts was compromised. Malicious third parties proceeded to use this access to inject a piece of malicious javascript on the forum templates allowing them to capture the login and plain text passwords of anyone that logged in to the forums while it was present. This attack was limited only to Bukkit's forums and did not affect other sites in the network.

We were notified of this issue by a member of the community: Max Korlaar. We greatly appreciate them and their report, and will be offering them a bounty commiserate with their contribution. Additionally we'll be formalizing a full bug bounty program in the near future, as well as publishing reporting channels and standards for responsible disclosure.

Upon receipt we immediately began investigating the report. This effort revealed several areas for us to address. Many of these...

Hi Bukkiteers,

Most of the staff will be at Minecon this weekend so a couple things can happen:
1. Forum approval times will be longer.
2. Reports won't be handled as fast as usual.
3. New http://dev.bukkit.org projects or files will be on hold till after Minecon.

We will do our best to do as much as possible!

Absolute Emergency (dragons burnt the town, villagers are rioting) private message either: CFEmergency Admin or Bukkit Emergency Admin
Normal Emergency (gremlins, imps and evil pixies) contact: Support Desk
We will still be watching, but response time will be delayed. Happy Holidays to everyone.

Timtower

Effective today official Bukkit IRC channels will be managed by our moderation team as extensions of the site communities.

The rules for the IRC channels will soon be unified with the forum rules. Any IRC specific things will be worked into the forum rules page. This is being done to further simplify the rules and prevent unneeded duplication.

I know we've previously announced that we were not moderating the IRC channels. That was due to lack of permissions to do so. That situation has changed.

Enjoy chatting!