Jump to content

Virus scan reports now visible on file pages, more security incoming


Recommended Posts

After recent events by a malicious user to upload viruses to the Nexus sites and gain access to Nexus accounts (for reasons completely unknown to us as your accounts are worth very little in tangible terms!) we've been stepping up our public-facing security options.


Thanks to the great support of VirusTotal, who have given us very generous access to their virus API for free, we've been able to integrate their virus scanning functionality into the Nexus file pages. VirusTotal is an online tool that will scan files you send it using over 50 of the most used anti-virus programs and generates a report showing how many of the anti-virus programs have flagged the file as a virus.


Any new files uploaded to the site will be sent off to VirusTotal to be scanned and will not be downloadable by users until the report has come back all clean. If more than 4 anti-virus programs used by VirusTotal flag the file as suspicious the file will be sent to a quarantine that will require one of the moderation team to verify the file is either safe, or not safe, before it can be downloaded. This process should only take 5 to 10 minutes, but during this time your file will not be downloadable. While the Nexus has always provided instant upload/download functionality I think a wait of 5 to 10 minutes for added security and peace of mind is a worthwhile sacrifice to make. I'm also aware that there are certain types of mods, especially those that make use of TexMod, that get flagged as false positives quite regularly. While this might be frustrating for you we will endeavour to get your file online as soon as possible.


The VirusTotal report generated for each uploaded file is easy to access by clicking the new icon present on the file tab of file pages. While the file scan report is quite conclusive you should always have your own anti-virus and anti-malware software installed to compliment this service and it should not replace software already on your system.


We are currently, slowly, scanning through the entire back catalogue of 250,000 uploaded files on the Nexus at a rate of 20 files a minute which is going to take a week or two. But yes, it is our hope that every file, new and old, will be scanned at some point soon.




Two-Factor Auth


Our two-factor authentication system is relatively close to being completed as well but has been put on the backburner for the next week or two while we evaluate the CDN situation. This system will work in the same way as Steam and Facebook; if you login from an unrecognised location you will be sent a unique authentication code via email to verify it's actually you. You will be able to turn this system off in your preferences but we'd obviously recommend having it on for maximum security.




Staff changes


After the compromise of one of our staff accounts we have removed the ability for staff to upload files to file pages they are not authors of. If you're wondering why they had that functionality to begin with it was a commonly used feature by the staff to help authors who were struggling to upload their files here for one reason or another. The author would upload the file to dropbox or similar, the staff would download the file and then upload it to their page for them. Staff can no longer do this, but it should ensure that any compromises in staff accounts again would have less implications.


Many of the staff features are hidden behind a second password gateway that is unrelated to the staff member's username and password. For instance, you can't ban someone without being logged in to a staff account and knowing this secondary username and password. All the staff have been told to never save this information in their browser and to simply write it down on a notepad near their PC. This was already present before the compromise and probably helped to limit the compromise substantially.




Recent outages


We've had a couple of outages this week. Earlier on in the week we had a couple of hours of down-time because someone who is in the same Cloud as us had some how managed to take our allocated IP addresses. Without any IP addresses you can't access the sites. We managed to sort that one out and our hosts have told us it shouldn't happen again, but it was completely out of our control.


Last night was a sleepless night for us as we had some extended down-time as well. Our hosts were attempting to install a lot of expensive new hardware under some scheduled maintenance. It didn't go to plan for them and took a lot longer than expected without even being finished. After that our internal network was extremely unstable and has yet to be resolved. We're working with our hosts to get this sorted on their end. However, you might notice things being quite slow, or slower than usual, today. That's because we're only running on 3 of our 5 database nodes. Given how good they've been to the Nexus over the years we won't be kicking up a fuss over a couple of incidents but it is (here's the silver lining) nice to be talking about down-time that isn't actually something to do with our setup for once.


We'll get there.

Link to comment
Share on other sites

  • Replies 196
  • Created
  • Last Reply

Top Posters In This Topic

I feel like 4 virustotal hits in order to flag a file is a low number,

I wonder how many files the scanning of the backlog will flag.


I'm also curious how virustotal is going to handle large files. Texture packs and such. (since they have a 64MB size limit, on the front end at least.)


If the api doesn't allow those to be scanned, any would be hacker can just upload a very large virus disguised as a texture pack.


Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...