Jump to content

Potential Database Breach

Dark0ne

By Dark0ne
in Site Updates

 Share

Recommended Posts

  • Replies 365
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Damuel Newbie

Damuel

Posted
Posted
In response to post #31558720. #31559325, #31573900, #31574430, #31575890, #31575970, #31579990, #31580480, #31581870, #31584585 are all replies on the same post.


piotrmil wrote: Well, I never had trust in you to begin with, so nothing has been lost.
sydney666 wrote: Geez, do you really have to be an ass?
piotrmil wrote: Yes, I really have to tell the truth.
Tyerial12 wrote: well we dont trust you so nothing lost when you leave .. see ya
ShenGuardian wrote: Are you that bored with life that you have to post intentionally inflammatory posts to entertain yourself?

I swear, for every considerate human being that uses any kind of social outlet online, there is a substantially larger group that (VERY unfortunately) adds to your ranks... sickening.
ShenGuardian wrote: Feel free to reply as I'm sure you feel you must, but be sure, it will not be read by myself, I've not the time for such foolishness.
FishBiter wrote: Doesn't have time for this foolishness... but has the time to respond twice.

Strangely, I'm not bothered by what piotrmil wrote at all, he's just being honest. The "positive comments only!" police will just have to deal with it I guess.
SableDreamer wrote: ...he said, after replying to comments he had to have read to have replied to.
Ge0rgeCostanza wrote: piotrmil, you're kind of my hero.
sydney666 wrote: Well I certainly didn't post anything along the lines of "all super positive". However the comment from piotrmil wasn't honest, it was quite a personal dig - and rude as hell. Anyway who cares, obviously he is just a troll/keyboard warrior and probably not raised properly by his parents. One of the new "tv raised" generation aka "the lazy generation that think the world owes them something".


As you shouldn't have. This is entirely unsurprising coming from this site.
Link to comment
Share on other sites
N3X15 Rookie

N3X15

Posted
Posted (edited)

I'm not going to change my password here because both a lack of a secure connection, and because the breach is still not patched.

 

However, I will be auditing my passwords and changing passwords on /other/ sites that match this one.

 

Thank you for letting us know about this.

Edited by N3X15
Link to comment
Share on other sites
Xetaxheb Apprentice

Xetaxheb

Posted
Posted

Increasing your password length does loads more for security than adding special characters does.

 

A standard lowercase alphabet password with 12 characters is about 3000 times the number of potential combinations that 9 characters with lowercase alphabet and 6 special character options is.

 

(adding 3 characters to the length instead of adding 6 possibilities to the characters to remember.)

Link to comment
Share on other sites
RealmEleven Enthusiast

RealmEleven

Posted
Posted

"That email" was meaningless and indicates nothing - particularly deferring to "trusted sources". People generally deploy appeal to authority arguments like those unspecified "trusted sources" when they're engaged in fraud or unwittingly propagating somebody-else's fraud. About the only exception I've encountered is when people idolize and try to emulate high status individuals who engage in dishonest behaviour (e.g. politicians, religious leaders, etc) and so blindly copy their style of argument without realizing how damning it is when heard by folks in the know about such things. Either way, that email's not worth considering simply for the lack of actionable facts. Dare I suggest the source-header might be far more informative than the body text. And If I were to guess ... I think the email a form of misdirection - I mean, you can see it's not pointing you to the facts you need in order to prevent a criminal act and if the email's author is in possession of any of those facts, that'd be aiding and abetting would it not?

 

Getting back to what the email isn't helping with, with respect to paragraph 5 of the OP, I don't agree that it's damning. It seems that your server logs confirm the account activity...? In absence of anything contradictory about the IP addresses connected with the activity, I think it will more than likely indicate a new bug going around and the users in question might want to pull their hard disks and have them scanned by a something up to date that is run from a nice fresh clean operating system which isn't used to do anything other than download AV updates and scan the hard disks removed from other systems. But I guess that's their call.

 

To the question of your server integrity, I downloaded a bunch of stuff yesterday and the day before and... well, if there's something lurking on your server, where's my copy of sound.dll? More to the point, if your server's been hacked, why distribute sound.dll with three mods that don't need sound (i.e. where the file really stands out like a house cat in an aquarium) instead of some of the many mods where the presence of a sound library might make sense (e.g. True Storms)? And why not hit Nexus Mod Manager? That has to have the largest audience. Anyways, dead system scan coming up while I have breakfast so if I find anything interesting I'll let you know.

 

For now, I think that a number of user accounts may have been compromised by malware probably originating with other sites and operating from the user systems in question. But I still think it's worth looking into how much control you really have over advertising content injected into your site by third party advertising channels.

 

Also, one really important detail concerning other people finding out about compromised accounts before you do; this will tend to happen anyway, but I think it may occur more often if you don't have a clear channel of communication (e.g. a site contact) accessible to people who cannot log in. If someone can't log in, can they lodge a support ticket? You still need to run email verification against password resets and the like, but if users who've lost access can't contact you, they will voice the issue elsewhere.

Link to comment
Share on other sites
BillooFR Rookie

BillooFR

Posted
Posted (edited)
In response to post #31589970.


Smivenbiven wrote:

I am not tech-savvy (quite the opposite). Does this mean I should refrain from downloading anything until this is worked out?

 

Thanks!


They have scanned all the files so I assume you should be safe :) I double checked the download i made, including one of the incriminated file and didn't find anything bad with both AV i'm using on PC and laptop. Edited by BillooFR
Link to comment
Share on other sites
Nekoyoubi Rookie

Nekoyoubi

Posted
Posted
In response to post #31558720. #31559325, #31573900, #31574430, #31575890, #31575970, #31579990, #31580480, #31581870, #31584585, #31589515 are all replies on the same post.


piotrmil wrote: Well, I never had trust in you to begin with, so nothing has been lost.
sydney666 wrote: Geez, do you really have to be an ass?
piotrmil wrote: Yes, I really have to tell the truth.
Tyerial12 wrote: well we dont trust you so nothing lost when you leave .. see ya
ShenGuardian wrote: Are you that bored with life that you have to post intentionally inflammatory posts to entertain yourself?

I swear, for every considerate human being that uses any kind of social outlet online, there is a substantially larger group that (VERY unfortunately) adds to your ranks... sickening.
ShenGuardian wrote: Feel free to reply as I'm sure you feel you must, but be sure, it will not be read by myself, I've not the time for such foolishness.
FishBiter wrote: Doesn't have time for this foolishness... but has the time to respond twice.

Strangely, I'm not bothered by what piotrmil wrote at all, he's just being honest. The "positive comments only!" police will just have to deal with it I guess.
SableDreamer wrote: ...he said, after replying to comments he had to have read to have replied to.
Ge0rgeCostanza wrote: piotrmil, you're kind of my hero.
sydney666 wrote: Well I certainly didn't post anything along the lines of "all super positive". However the comment from piotrmil wasn't honest, it was quite a personal dig - and rude as hell. Anyway who cares, obviously he is just a troll/keyboard warrior and probably not raised properly by his parents. One of the new "tv raised" generation aka "the lazy generation that think the world owes them something".
Damuel wrote: As you shouldn't have. This is entirely unsurprising coming from this site.


Meh. Haters gonna' hate. Nexus never did me wrong. f*#@ your "all positive"-esque commentary too. So he's allowed to have a negative opinion, but the rest of us are mocked for a positive one. Sounds like trolls feeding trolls to me.
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...