Jump to content

Potential Database Breach

Dark0ne

By Dark0ne
in Site Updates

 Share

Recommended Posts

  • Replies 365
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

bben46 Grand Master

bben46

Posted
Posted

So I found the file, what do I do now? I deleted it already and im currently running a security scan of EVERYTHING on my computer? Should I wipe and reset all my passwords?

If you used the same password on any other site - Yes it should be changed for those sites. If you used that password only on Nexus, it is not necessary. But it won't hurt to change to a more secure password on all sites. :thumbsup:

Link to comment
Share on other sites
Helljumper1339 Rookie

Helljumper1339

Posted
Posted
In response to post #31608810.


bben46 wrote:

So I found the file, what do I do now? I deleted it already and im currently running a security scan of EVERYTHING on my computer? Should I wipe and reset all my passwords?

If you used the same password on any other site - Yes it should be changed for those sites. If you used that password only on Nexus, it is not necessary. But it won't hurt to change to a more secure password on all sites. :thumbsup:


Alrighty, Thanks a lot for the advice!
Link to comment
Share on other sites
Zaldir Grand Master

Zaldir

Posted
Posted
In response to post #31608025.


Driz89 wrote:

So the dsound.dll in System 32 is safe right?


Yes, dsound.dll in System32 is safe. It is simply a DirectSound library.

The reason we are making a fuss about the downloaded dsound.dll is because it should not be in those downloaded archives in the first place, and we don't know if it may be malicious or not (no AV have picked up anything though).
Link to comment
Share on other sites
RealmEleven Enthusiast

RealmEleven

Posted
Posted
In response to post #31600865.


DarkwaterV2 wrote: So why not force a password reset on all accounts?


Well, until the problem is resolved, then a password reset won't change anything because the same thing will just keep happening again and again.

That makes a forced reset a complete waste of time which would be better spent finding the leak and deciding whether to send an IT guy, a litigator or a fraud squad officer to make sure it doesn't happen again any time soon...
Link to comment
Share on other sites
SirSalami Grand Master

SirSalami

Posted
Posted (edited)
In response to post #31597875. #31605915 is also a reply to the same post.


thejiffiness wrote: Do you think, just to entertain the idea, that maybe its some past modders you made mad by your rules? I have heard that you guys can be ridiculous about some of the smallest rules (from a lot of modders not just a few) I have read the forums before and seen some questionable reason to ban people. I would think that banning people would be counterproductive to the "mod" website.

Before you get mad at me, I don't have a problem with you. I enjoy nexus mods but I thought maybe its something to consider. I don't care how mad I was at someone I would never hack someone. That is just too low for me to even consider. I guess what I am saying, is maybe you should look at some of the modders you could have banned (and maybe lighten up so you dont get more modders mad at you for petty things JUST reporting what I see.)
RealmEleven wrote: Well, if you want to profile the crooks involved, you might want to start with the timing and this attack isn't associated with a rule change. It's not even associated with the release of a full featured RPG that breaks some pretty surprising ground. Just a little late for that. It's associated with a milestone membership level reached by this site and, specifically, the new release game in play here at the time of the milestone. This kind of timing is aimed at the numbers; specifically, enough numbers to be statistically certain of cleaning out a few bank accounts. And speaking of numbers which also happen to be people, the attack's not aimed at the site but at the users. So, it's unlikely to be anything more complicated than Robin-Hood syndrome.

Now, there could be a political motive involved. There's a surprising number of people out there who simply can't accept the idea that it's ok for folks like us to play a computer game. They were campaigning to get first person shooters banned for donkey's years and now we have a bunch of nut-jobs trying to tell us that internet gaming is a mental illness - and there's been so little response to those guys that they've managed to get their mis-identification of a coping mechanism as a proposed mental illness classification into the "conditions for further study" section of current DSM-5 (it's on p. 795 for anyone who's wondering). Why nobody thought of "television-watching disorder", I guess we'll never know! :^)


Thanks for the thought! Know that we are keenly aware of the perceptions of our terms and moderation protocol, which we're working to change. However, as they evolve, our terms will always be enforced by our moderation team with the help of user reports. Though this has the potential to cause discord with individuals from time to time, we feel that doing so is in the best interests of the community as a whole. I feel like changing our policies simply as the result of such discord would be doing a disservice to the rest of the community. Edited by SirSalami
Link to comment
Share on other sites
FlawedIntellect Newbie

FlawedIntellect

Posted
Posted
In response to post #31573045. #31573920, #31573935, #31575350, #31575375, #31581750, #31584915, #31585005, #31586510, #31587355, #31590785, #31592405, #31596110, #31597525, #31605970 are all replies on the same post.


Dark0ne wrote: The three files affected were:

- Higher Settlement Budget (downloads from 5th December)
- Rename Dogmeat (downloads from 4th December)
- BetterBuild (downloads from 29th November)

OP updated to include that information.
ZedLeppelin wrote: Thank you for that info! I'm happy to say I downloaded/installed none of those 3 mods. I changed my Nexus p/w regardless, just to be safe.
Hickory wrote: That dsound.dll file should be sent away to all AV companies that participate in Virus Total for manual investigation. Relying on existing heuristics is not doing anybody any good, especially since these files are extremely suspect to begin with and have not been tagged by the scans.
spidermandala wrote: Thanks so much for giving us the heads up Dark0ne, I too luckily didn't pick any of these up but Ill be double vigilant now.
RaverWolfe wrote: I actually downloaded the Rename Dogmeat one, I'll change all my s#*! asap just incase.
adventnova wrote: glad i never downloaded those files.
sydney666 wrote: Thanks for the update...

Any news on synlSDLL.dll? This file and some program triggered my UAC and installed a touchpad service without me having such hardware. I don't know if the program acted as though it was a touchpad and thus my pc needed to install this service or if the actual file was a virus...once I uninstalled everything, no virus was found on my pc.

I have since cleaned my system, but it was a little difficult as the program would not uninstall by normal means aka control panel.

Very odd, but I am glad you are getting this under control.
sonkaro wrote: Lets just hope it is just FO4 mods being affected. Thousands upon thousands could be affected if they touch Skyrim, Oblivion, and many of the other games Nexus hosts.

But alas, only time will tell. Thank you for taking the time to preemptively warn us.
RealmEleven wrote: There is nothing wrong with Higher Settlement Budget. I've been using it without problem ever since I found it (and I've been checking nexus daily since I got my mits on FO4) so I don't think I would have missed any fun and games, if any.

Also, I eyeballed the files inside the archive. Two XML files, two BAT files and a text file. None of these five files show any unnecessary code, much less anything potentially suspicious.

I don't think your database is compromised. If it was, we'd all be getting the same problem from the same mods. One of your informants on this thread mentioned Windows Defender catching malware in the browser but not in the file system. While I haven't had that experience, it's worth pointing out that I'm a premium member so I don't see your ads. Put these three facts together and it's pretty obvious where the potential issue is.

Your site's only as secure as its weakest channel. If you can't vet every single advertisement that gets piped onto your site, before it is allowed to be displayed on your site, then you can't prevent hackers from abusing that channel. After all, the only way launch a driveby off a site without hacking that site's hosting server is to buy or steal advertising space on the advertising channel used by that site. Given the facts, that's the first place I'd look for a problem.

One other thing: Including birthdays as a field in your account database makes your site's accounts a jackpot for identity thieves. In countries like Australia and, I suspect, throughout all the Commonwealth (British Colonies) a date of birth is an all access pass to a person's life, identity and property. One way to make a significant improvement to a site's security is to make a point of excluding all sensitive information like this.

Anyways, I'll shut down cycle my disks for a dead system scan and see if anything interesting pops out of the woodwork. If I find anything, I'll let you know.
jipao wrote: i downloaded the higher settlement mod, and after this warning i already change all my password. what do i do next? should i uninstalled the mod or it already late to do that?
Zaldiir wrote: If the archive contained those files, you downloaded it before it was re-uploaded with the sound.dll file, so you are safe. :)

The specific names of the archives that contain this dll are:
BetterBuild-3002-1-2.zip
Higher Settlement Budget v1.3-818-1-3.zip
Rename Dogmeat-4507-1-0.zip
CatherineMartin wrote: I found dsound.dll in one of my Skyrim mods, not sure what, I just cleaned ALL 50 of them out, and am currently redownloading all of them, and checking them.
daftshadow wrote: Thanks for the list! Good thing I never downloaded these mods. Phew.
rhino74 wrote: RealmEleven said
Including birthdays as a field in your account database makes your site's accounts a jackpot for identity thieves


Second that.. I cringe when public sites ask for that info..
jipao wrote: i have similar file name, it's Higher Settlement Budget v1.3 NMM Edition-818-1-3.zip
yet i don't find any dsound.dll on my FO 4 folder and already searched my entire drive. but there are some in my windows folder. i'm i still screwed?

update: i finally found the source archive and it doesn't contain dsound.dll file despite the archive name and version


@ rhino74
There's a reason why this site asks for peoples' birthdate:
This is because this site hosts adult content mods, which are age-restricted in access.
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...