MCBans Public Statement

Discussion in 'Bukkit Discussion' started by Firestar, Jan 8, 2012.

Thread Status:
Not open for further replies.
  1. Offline


    To who it may concern,

    You may or may not be aware of the issues we have recently experienced at

    We would like to inform you that the security issues have now been resolved and any password information leaked is hashed (one-way encrypted) in the highest grade of protection available.

    At the time, we were unaware of some of the more specific details regarding the attack and the data which was compromised. Now that the immediate threat is over and our damage report is complete, we have decided to release all the relevant information on what happened during the attack.

    On 01/01/2012, MCBans became aware of a security breach on a server which contained our users’ personal information. The incident involving protected user information was the theft of a backup of which was made between December 2010 and April 2011 and was hosted on a remote server which then served as

    This backup contained usernames, highly encrypted passwords (conforming to Internet guidelines), email addresses and up to 500 valid server API keys which are still in use. This information was gained access to by a group of malicious hackers through an exploit in an older version of our forum software.

    We would like to stress that immediate action was taken to combat this leak of information by enabling an IP-Lock on compromised API keys and regenerating the keys of servers which were at high risk of attacks.

    We recommend immediate steps be taken to protect yourselves from potential information breach harm by changing all passwords associated with and any other sites that use the same password as your MCBans account. If you change your password there will be no other implications of this attack. has taken these steps to protect your, and others’ personal information from further harm or similar circumstances:
    • Initiated an in-depth business security evaluation.
    • Addressed operational and technological updates or changes triggered by the incident to improve confidentiality, such as (developing an in-house forum/switching forum to IP.B) and updating administrative policies and/or procedures.
    • Contacted all ISPs/hosts used to facilitate this attack. Most if not, all ISP’s/hosts have complied with our requests, and we will continue to ask for take-downs until we see fit.
    • Introduced a new team of System Administrators to overlook our infrastructure and ensure that everything is running highly optimized, and that our systems are secure.
    • Improved system-wide security measures to remove access to unauthorized parties to prevent this from happening in the future. would like to sincerely apologize for the inconvenience and concern this incident has caused you. Your privacy is extremely important to us and we will continue to do everything we can to correct this situation and fortify our operational protections for you and others.

    You may contact us with questions or concerns in the following ways:
    MCBans Administration
  2. Offline


    Good to know, thanks for putting out a official statement.
  3. I received an email today linking to the SQL dump, just for your info.

    Glad you guys got this sorted out.
  4. Offline


    Thanks for the update, was getting worried here and there.
  5. Offline


    Passwords use a secure hashing algorithm.
  6. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    the_Zorro, Waffletastic and Vhab like this.
  7. Offline


    The person is not a staff member, he merely helped us setup some added security. He is in no way reflecting the MCBans staff. His threats were without backing.
  8. Offline


    Has he been removed from the MCBans community or do you condone the behaviour he has conducted?
  9. Offline


    He was never a part of the MCBans Community, he doesn't even play minecraft. and no I do not condone his behavior, his attitude was rude and inappropriate.
  10. Offline


    So... he has been removed from any access he was granted to MCBans and is no longer working with you?
  11. Offline


    As I have said, he was never a member of the MCBans Community. he merely came on to help with security at the time of the event.
  12. Offline


  13. Offline


    yes as stated he will no longer be allowed back in the channel. and any conversations you may have with him will not represent MCBans. I am sorry for his conduct, I did not expect him to react the way he did.
  14. Offline


    I can just say one thing: uh oh if they find out how to decrypt passwords...
  15. Offline


    they are hashed not encrypted, so there is no special key they need to decrypt it, there are other ways, thats why we suggest you change your passwords.
  16. Offline


    A hashing function is fundamentally a one-way operation. Weaknesses in these functions can be found, and exploited however, but this assumes that the password was not modified before hashing (this is normally known as 'salting').

    Provided the salt used by mcbans is secure, I don't forsee anyone being able to turn the hash back into a real password easily. But nothing is impossible, and if you used the same password on mcbans as anywhere else (especially your linked email account) you really should change it soon.

    Edit: Which leaves me to ask, do you believe the salt to have been discovered, or is it still secure?
    rakiru likes this.
  17. Offline


    Thank you for completely ignoring my question.
  18. Offline


    and this avoided the question how?
  19. Offline


    You did not tell me if he has been removed from staff, instead you told me that he was to help with security.
  20. Offline


  21. Offline


    So this user is no longer helping MCBans at all?
  22. Offline


    he is no longer helping mcbans.
  23. Offline


    I think that answers that. :)
  24. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    The reason for his specific inquiry there was because, despite calls by the staff for his removal there was the implication for quite some time that he wasn't actually going to be removed. For those wondering about his persistence in the phrasing.
    Sayshal likes this.
  25. Offline


  26. Offline


    It is a post written by a competing service, it will be biased.
  27. Offline


    As is your press release.
    There are 2 sides to every story.
  28. Offline


    Curious, since when was I a competing service? I have never used either product before doing so to research the article. I have never been in your so called competitors channel, but I am long time friends with some of their staff and some of your own (none of who approached me about this, I was informed by other parties). I have been around and involved in the community for much longer than either of your projects.

    Should your competitor act in such an incompetent manner, I would be more than happy to do a similar writeup.

    Please, don't label or accuse me of belonging to a particular side or group. I have nothing to do with either.
    efstajas, Jamy, obnoxint and 3 others like this.
  29. Offline


    be as be may, your sources are biased. and information that you may have is 7 months old and does not reflect the current workings of the mcbans system.
  30. Offline


    My sources used for fact checking are several of your own staff members. Where errors have been made, they have been immediately corrected, and the wiki history is visible for whatever analysis you wish to do on that.

    You have done *nothing* to back any of your arguments, and continue to make a fool of yourself with baseless claims and your continuing dialog of "just trust us".

    Even if it does not reflect the current system (which it appears to do), the past doesn't just walk away.
    Sayshal, Jamy, Daniel Heppner and 2 others like this.
Thread Status:
Not open for further replies.

Share This Page