Forum Security Advisory

Discussion in 'Bukkit News' started by Kaelten, Dec 7, 2015.

Thread Status:
Not open for further replies.
  1. Online

    timtower Administrator Administrator Moderator

    It indeed does not.
    @AmShaegar Nothing is found from this side.
     
  2. Offline

    AmShaegar

    Maybe, this really is a big coincidence and it was one of the ad networks that is infected? This would explain why you can't find anything. I don't have a better explanation. :-/
     
  3. Offline

    Tecno_Wizard

    @AmShaegar, those credentials have not been used immediately. Someone broke into my Microsoft account using them, but it was almost 3 days after my last use of the site.
    And thank you for bringing up teamviewer. It also shared the same password, although thank the lord I had a secondary password for my device. (Can't say the same for my employer *gulp*. I'll just have to hope nothing happened. They would have told me if the computer was acting odd.)
     
  4. Offline

    Kaelten

    We've gone and done another pass on those templates as well as checked audit logs. Those templates haven't been touched since this ordeal started. And no template changes at all are showing up in our logs since we removed the ads from the forums.

    If anyone has any more info about a active security issue please email it to [email protected] and we'll investigate it fully.
     
  5. Offline

    Necrodoom_V2

    @Kaelten I never recieved a response to my report.
     
  6. Offline

    Necrodoom_V2

    Since I havent received a single answer to my report on the dev.bukkit.org security error report, il have to warn people to not download files from dev.bukkit.org unless you went by the main project page. If you were linked to a specific file, be aware it may be malicious.
     
  7. Offline

    jamcat22

    Will the XenForo software be updated to a version ≥1.5 anytime soon? This way users could enable 2FA if they'd like to.
    More info is on the XenForo community forum.
     
  8. Offline

    SamB440

    Maybe get cloudflare too?
     
  9. Online

    timtower Administrator Administrator Moderator

    Bukkit is already on Cloudfare
     
  10. Offline

    SamB440

    Oh I must be blind O-O
     
  11. Offline

    TfmMagicYo

    Also, a separate issue, is it really so bad here that new members aren't allowed to post? A mod has to 'allow' them to?

    I've never seen a posting delay for new members on any other forum, this place must be getting kicked badly :eek:
     
  12. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    That was added quite a long time ago, to prevent a substantial amount of spam which would otherwise get through.
     
    timtower likes this.
  13. Offline

    gabessdsp

    I see that on every reputable Forum I've ever been on, it only lasts for 5-10 posts. It helps soooo much with spam.
     
  14. Offline

    Tecno_Wizard

    Has anyone found a link between the login cookie issues and the template change? I remember reading multiple posts about how it was odd that the issue appeared at nearly the same time as the breach and was seemingly resolved once the breach was detected. I'm running into the issue again for the first time since this mess started.

    EDIT: Searched the page source myself and didn't see anything.
     
    Last edited: Jan 26, 2016
  15. Offline

    Necrodoom_V2

    @Tecno_Wizard The login cookie issue is a common issue and has existed for a while before, though there was a significant rise of reports since Curse's takeover.
     
  16. Offline

    Blkscorpion2

    now it alls adds up, why my twitter account had like 200 people being followed by my account. When i only follow 5. Yes i did use the same password for Twitter & Bukkit, have now changed this. Although i don't recall ever getting a message or email from you guys after this incident occurred?
     
  17. Offline

    Necrodoom_V2

    @Blkscorpion2 Curse, in their wisdom decided to only message a certain amount of people instead of anyone who logged into the website during the months of compromised login. Apparently they dont bother messaging inactive accounts, even though they had indeed logged in during these months.

    Also, no words from Curse if the compromised admin account could have led to stolen hidden information either.
     
  18. Offline

    Tecno_Wizard

    @Necrodoom_V2, IMO, all users should have received a warning of this regardless. If an admin's account is compromised, all information should be considered compromised. Arguing anything else is idiotic.
     
    r3kUBetyHP27 likes this.
  19. Offline

    Necrodoom_V2

  20. Offline

    Blkscorpion2

  21. Offline

    Ervilhazul

  22. Offline

    LegoLordEpic138

    So does this mean the problem still exists now, or has it been resolved already?
     
  23. Online

    timtower Administrator Administrator Moderator

    @LegoLordEpic138 It was resolved when the first post of this thread was made.
     
  24. Offline

    LegoLordEpic138

  25. Offline

    Fergym

    Oh dear.
     
  26. Offline

    xize

    could somebody confirm if these ad trackers played a role from the time of compromise?

    ghostery showed me above 80 trackers back in august could this malicious javascript be attached on one of these ads? or was bukkit/curse the only target and went not through a ad?

    for now I see ghostery also mocking about trackers I'm not sure what happens if I get more trackers when I enable them because that happened in august from 8 trackers to 80 trackers, thats abnormal behaviour for a website and does endanger the level of malvertising.

    sorry but I'm a little disappointed atleast I expected a email or a lock on my account to re-activate to reasure that it is me.
     
  27. Offline

    Tecno_Wizard

    @xize, At this time, curse has not told us anything besides that an admin account was compromised by a probable MITM attack. It is improbable, but not impossible that the ads were also infected.

    Three other things.
    1) Ghostery is made by a conglomerate of some of the biggest ad companies on earth (hypocrites) and works on a black list, which, frankly, is ineffective. Use Privacy badger instead.

    2) I agree that curse did a horrific job responding to this breach. I'm constantly checking the page source for another infection and I haven't seen anything yet. All users should have been warned of the breach. It appears that only a select group of users who signed in within a period during the breach were contacted. For goodness sakes an admin account was compromised. Everyone should have been warned and all passwords should have been forcibly reset. I refuse to log in using my email now in fear it will be captured.

    3) I complained about the tracker insanity on Bukkit while the old team was in charge and the post was merged into this thread and deleted. I, to say the least, was not thrilled whatsoever. It was by no means advertising. I simply listed the trackers on the site and what they say they do with the data they collect. I'm not sure what curse's stance on this is.
     
    Last edited: Feb 17, 2016
Thread Status:
Not open for further replies.

Share This Page