Dark0ne Posted July 12, 2014 Share Posted July 12, 2014 After recent events by a malicious user to upload viruses to the Nexus sites and gain access to Nexus accounts (for reasons completely unknown to us as your accounts are worth very little in tangible terms!) we've been stepping up our public-facing security options. Thanks to the great support of VirusTotal, who have given us very generous access to their virus API for free, we've been able to integrate their virus scanning functionality into the Nexus file pages. VirusTotal is an online tool that will scan files you send it using over 50 of the most used anti-virus programs and generates a report showing how many of the anti-virus programs have flagged the file as a virus. Any new files uploaded to the site will be sent off to VirusTotal to be scanned and will not be downloadable by users until the report has come back all clean. If more than 4 anti-virus programs used by VirusTotal flag the file as suspicious the file will be sent to a quarantine that will require one of the moderation team to verify the file is either safe, or not safe, before it can be downloaded. This process should only take 5 to 10 minutes, but during this time your file will not be downloadable. While the Nexus has always provided instant upload/download functionality I think a wait of 5 to 10 minutes for added security and peace of mind is a worthwhile sacrifice to make. I'm also aware that there are certain types of mods, especially those that make use of TexMod, that get flagged as false positives quite regularly. While this might be frustrating for you we will endeavour to get your file online as soon as possible. The VirusTotal report generated for each uploaded file is easy to access by clicking the new icon present on the file tab of file pages. While the file scan report is quite conclusive you should always have your own anti-virus and anti-malware software installed to compliment this service and it should not replace software already on your system. We are currently, slowly, scanning through the entire back catalogue of 250,000 uploaded files on the Nexus at a rate of 20 files a minute which is going to take a week or two. But yes, it is our hope that every file, new and old, will be scanned at some point soon. Two-Factor Auth Our two-factor authentication system is relatively close to being completed as well but has been put on the backburner for the next week or two while we evaluate the CDN situation. This system will work in the same way as Steam and Facebook; if you login from an unrecognised location you will be sent a unique authentication code via email to verify it's actually you. You will be able to turn this system off in your preferences but we'd obviously recommend having it on for maximum security. Staff changes After the compromise of one of our staff accounts we have removed the ability for staff to upload files to file pages they are not authors of. If you're wondering why they had that functionality to begin with it was a commonly used feature by the staff to help authors who were struggling to upload their files here for one reason or another. The author would upload the file to dropbox or similar, the staff would download the file and then upload it to their page for them. Staff can no longer do this, but it should ensure that any compromises in staff accounts again would have less implications. Many of the staff features are hidden behind a second password gateway that is unrelated to the staff member's username and password. For instance, you can't ban someone without being logged in to a staff account and knowing this secondary username and password. All the staff have been told to never save this information in their browser and to simply write it down on a notepad near their PC. This was already present before the compromise and probably helped to limit the compromise substantially. Recent outages We've had a couple of outages this week. Earlier on in the week we had a couple of hours of down-time because someone who is in the same Cloud as us had some how managed to take our allocated IP addresses. Without any IP addresses you can't access the sites. We managed to sort that one out and our hosts have told us it shouldn't happen again, but it was completely out of our control. Last night was a sleepless night for us as we had some extended down-time as well. Our hosts were attempting to install a lot of expensive new hardware under some scheduled maintenance. It didn't go to plan for them and took a lot longer than expected without even being finished. After that our internal network was extremely unstable and has yet to be resolved. We're working with our hosts to get this sorted on their end. However, you might notice things being quite slow, or slower than usual, today. That's because we're only running on 3 of our 5 database nodes. Given how good they've been to the Nexus over the years we won't be kicking up a fuss over a couple of incidents but it is (here's the silver lining) nice to be talking about down-time that isn't actually something to do with our setup for once. We'll get there. Link to comment Share on other sites More sharing options...
Faralai Posted July 12, 2014 Share Posted July 12, 2014 (edited) Ah so that's where the scan virus icon came from......i was thinking to myself, has that always been there? and came to the conclusion it had and i was just stupid, lol. Edited July 12, 2014 by Faralai Link to comment Share on other sites More sharing options...
michchall Posted July 12, 2014 Share Posted July 12, 2014 Thanks for better protection and your hard work! Link to comment Share on other sites More sharing options...
a28371 Posted July 12, 2014 Share Posted July 12, 2014 Nice, more and more great idea's come from the great minds of the staff members. Keep up the good work! Link to comment Share on other sites More sharing options...
Deleted3624098User Posted July 12, 2014 Share Posted July 12, 2014 Keep on rolling, this seems to be a continuous war! Link to comment Share on other sites More sharing options...
nxf11rocks Posted July 12, 2014 Share Posted July 12, 2014 Damn. No wasted effort in fixing this event. Amazing! Keep on defeating these viruses! :D Link to comment Share on other sites More sharing options...
heidimurks Posted July 12, 2014 Share Posted July 12, 2014 Thank you for your work! great site. Link to comment Share on other sites More sharing options...
Zadler Posted July 12, 2014 Share Posted July 12, 2014 I appreciate you informing us with what's going on and it is very nice of VirusTotal to assist this site at no charge. Thanks for working hard to keep our computers safe! :) Link to comment Share on other sites More sharing options...
kitsunelegend Posted July 12, 2014 Share Posted July 12, 2014 Ah, I was wondering what was going on lol I thought my internet was fudging up again or something. x3 Glad to know everything is getting worked out tho! Keep up the fantastic work guys! ^^ Link to comment Share on other sites More sharing options...
vaag256 Posted July 12, 2014 Share Posted July 12, 2014 I feel like 4 virustotal hits in order to flag a file is a low number, I wonder how many files the scanning of the backlog will flag. I'm also curious how virustotal is going to handle large files. Texture packs and such. (since they have a 64MB size limit, on the front end at least.) If the api doesn't allow those to be scanned, any would be hacker can just upload a very large virus disguised as a texture pack. Link to comment Share on other sites More sharing options...
Recommended Posts