Forum Security Advisory

Discussion in 'Bukkit News' started by Kaelten, Dec 7, 2015.

Thread Status:
Not open for further replies.
  1. Offline

    timtower Administrator Administrator Moderator

    It indeed does not.
    @AmShaegar Nothing is found from this side.
  2. Offline


    Maybe, this really is a big coincidence and it was one of the ad networks that is infected? This would explain why you can't find anything. I don't have a better explanation. :-/
  3. Offline


    @AmShaegar, those credentials have not been used immediately. Someone broke into my Microsoft account using them, but it was almost 3 days after my last use of the site.
    And thank you for bringing up teamviewer. It also shared the same password, although thank the lord I had a secondary password for my device. (Can't say the same for my employer *gulp*. I'll just have to hope nothing happened. They would have told me if the computer was acting odd.)
  4. Offline


    We've gone and done another pass on those templates as well as checked audit logs. Those templates haven't been touched since this ordeal started. And no template changes at all are showing up in our logs since we removed the ads from the forums.

    If anyone has any more info about a active security issue please email it to [email protected] and we'll investigate it fully.
  5. Offline


    @Kaelten I never recieved a response to my report.
  6. Offline


    Since I havent received a single answer to my report on the security error report, il have to warn people to not download files from unless you went by the main project page. If you were linked to a specific file, be aware it may be malicious.
  7. Offline


    Will the XenForo software be updated to a version ≥1.5 anytime soon? This way users could enable 2FA if they'd like to.
    More info is on the XenForo community forum.
  8. Offline


    Maybe get cloudflare too?
  9. Offline

    timtower Administrator Administrator Moderator

    Bukkit is already on Cloudfare
  10. Offline


    Oh I must be blind O-O
  11. Offline


    Also, a separate issue, is it really so bad here that new members aren't allowed to post? A mod has to 'allow' them to?

    I've never seen a posting delay for new members on any other forum, this place must be getting kicked badly :eek:
  12. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    That was added quite a long time ago, to prevent a substantial amount of spam which would otherwise get through.
    timtower likes this.
  13. Offline


    I see that on every reputable Forum I've ever been on, it only lasts for 5-10 posts. It helps soooo much with spam.
  14. Offline


    Has anyone found a link between the login cookie issues and the template change? I remember reading multiple posts about how it was odd that the issue appeared at nearly the same time as the breach and was seemingly resolved once the breach was detected. I'm running into the issue again for the first time since this mess started.

    EDIT: Searched the page source myself and didn't see anything.
    Last edited: Jan 26, 2016
  15. Offline


    @Tecno_Wizard The login cookie issue is a common issue and has existed for a while before, though there was a significant rise of reports since Curse's takeover.
  16. Offline


    now it alls adds up, why my twitter account had like 200 people being followed by my account. When i only follow 5. Yes i did use the same password for Twitter & Bukkit, have now changed this. Although i don't recall ever getting a message or email from you guys after this incident occurred?
  17. Offline


    @Blkscorpion2 Curse, in their wisdom decided to only message a certain amount of people instead of anyone who logged into the website during the months of compromised login. Apparently they dont bother messaging inactive accounts, even though they had indeed logged in during these months.

    Also, no words from Curse if the compromised admin account could have led to stolen hidden information either.
  18. Offline


    @Necrodoom_V2, IMO, all users should have received a warning of this regardless. If an admin's account is compromised, all information should be considered compromised. Arguing anything else is idiotic.
    r3kUBetyHP27 likes this.
  19. Offline


  20. Offline


  21. Offline


  22. Offline


    So does this mean the problem still exists now, or has it been resolved already?
  23. Offline

    timtower Administrator Administrator Moderator

    @LegoLordEpic138 It was resolved when the first post of this thread was made.
  24. Offline


  25. Offline


    Oh dear.
  26. Offline


    could somebody confirm if these ad trackers played a role from the time of compromise?

    ghostery showed me above 80 trackers back in august could this malicious javascript be attached on one of these ads? or was bukkit/curse the only target and went not through a ad?

    for now I see ghostery also mocking about trackers I'm not sure what happens if I get more trackers when I enable them because that happened in august from 8 trackers to 80 trackers, thats abnormal behaviour for a website and does endanger the level of malvertising.

    sorry but I'm a little disappointed atleast I expected a email or a lock on my account to re-activate to reasure that it is me.
  27. Offline


    @xize, At this time, curse has not told us anything besides that an admin account was compromised by a probable MITM attack. It is improbable, but not impossible that the ads were also infected.

    Three other things.
    1) Ghostery is made by a conglomerate of some of the biggest ad companies on earth (hypocrites) and works on a black list, which, frankly, is ineffective. Use Privacy badger instead.

    2) I agree that curse did a horrific job responding to this breach. I'm constantly checking the page source for another infection and I haven't seen anything yet. All users should have been warned of the breach. It appears that only a select group of users who signed in within a period during the breach were contacted. For goodness sakes an admin account was compromised. Everyone should have been warned and all passwords should have been forcibly reset. I refuse to log in using my email now in fear it will be captured.

    3) I complained about the tracker insanity on Bukkit while the old team was in charge and the post was merged into this thread and deleted. I, to say the least, was not thrilled whatsoever. It was by no means advertising. I simply listed the trackers on the site and what they say they do with the data they collect. I'm not sure what curse's stance on this is.
    Last edited: Feb 17, 2016
Thread Status:
Not open for further replies.

Share This Page