Dark0ne Posted December 9, 2010 Share Posted December 9, 2010 It is with both annoyance and regret that I have to announce that I discovered today that the Nexus sites had been compromised through a hole in the site's code. The compromise was serious giving the script kiddy access to all the MySQL databases, including the database for the forums that contains user information such as your email address. I have had reports today from people who have told me that "one-time" accounts used to sign up to the site have been receiving spam. It is my belief that the script kiddy decided he would place some of the member's of this site's email addresses, or all of them, on a spamlist. Now spam for a large majority of you shouldn't be an issue considering the modern day counter measures against it but the fact this data has been used at all is worrying enough and I apologise for that. Please remember that you should not post anything about yourself on the internet that you do not want to be public domain. While you have a right to expect your information to remain safe and secure on this site these situations do happen, from the smallest sites all the way up to the Google's and Microsoft's of this world. I am making every effort to try and plug any holes I find and once again make sure the site is secure. I would like to thank the people who emailed me earlier on in the day for not only informing me but also their calm attitude to the situation. Obviously this situation is very embarrassing for me and I'm making every effort to insure this doesn't happen again. The good news is that the script kiddy decided that he would not attempt to make too much of a hassle of himself; indeed he failed in his attempts to compromise the forum skins and seems to have given up since. More amusingly the hacker made no attempt to mask his IP address from the access logs of the site which means we've traced down exactly where he lives (due to his ISP having a static IP address) to his very front door. Indeed we also tracked his use to a Call of Duty forum he either owns or has admin access to (a Call of Duty script kiddy; that's about as cliché as it gets). This forum provides scripts and hacks for the games. We are currently considering our options baring in mind the person is probably a teenager using his mum's internet. Once again I apologise for the inconvenience. Link to comment Share on other sites More sharing options...
Pronam Posted December 9, 2010 Share Posted December 9, 2010 I'm glad it's solved :), thanks for doing so. Link to comment Share on other sites More sharing options...
setiweb Posted December 9, 2010 Share Posted December 9, 2010 Ome more reason I'm glad Gmail has a "report spam" button. It takes care of such matters right quick, and that's if the spam can make it thru at all. As far as the script kiddy... attack by every legal means available. Link to comment Share on other sites More sharing options...
Deleted1848331User Posted December 9, 2010 Share Posted December 9, 2010 Its always sad when someone loves ruining lives for other people because they have none themself. You should see the hackers on Combat Arms lol Low rank servers have all the hackers usually, they have to make new accounts so often. Link to comment Share on other sites More sharing options...
7heODdeST1 Posted December 10, 2010 Share Posted December 10, 2010 (edited) I don't post much, but wanted to share this:http://www.bbc.co.uk/news/uk-england-manchester-11961333Slightly coincidental... But could you not tell the police, if you've traced them and they are sharing or involved with CoD hacks, you could let Activision take care of them. EDIT: Just checked my inbox, can anyone tell me why spam is always selling viagra? Edited December 10, 2010 by ODST Recruit Link to comment Share on other sites More sharing options...
Lacey010 Posted December 10, 2010 Share Posted December 10, 2010 It's sad what some people would do for kicks, and although you may have found your self in an embarassing situation, at least your not a teenager who plays cod in his mothers basement and spends his spare time finding ways to spam people.... now thats something you should be embarassed about. cheers for the heads up though. Link to comment Share on other sites More sharing options...
Ithildin Posted December 10, 2010 Share Posted December 10, 2010 I had the same issue Pantofex mentioned in the related thread, and the same outcome as Thandal (went straight to the spam folder); I'm used to receiving every imaginable kind of junk mail, but sorry this happened because it makes extra work for you. For looking into it, and keeping folks informed, thank you! Link to comment Share on other sites More sharing options...
Deleted1744345User Posted December 10, 2010 Share Posted December 10, 2010 Don't worry about it too much as long as you can fix any loopholes in the code. As for the code junkie, strike back every way possible so that he learns his lesson. People like him help hold back the world from progress and should be permanently banned from using any electronic device. Link to comment Share on other sites More sharing options...
Wyzard Posted December 10, 2010 Share Posted December 10, 2010 If the attacker had full database access, is there a possibility that he may have downloaded other information (such as user passwords, if they're not stored hashed), or modified things? Link to comment Share on other sites More sharing options...
Dresden81 Posted December 10, 2010 Share Posted December 10, 2010 I say report him to his ISP. It'll be fun. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now