Jump to content

Potential Database Breach

Dark0ne

By Dark0ne
in Site Updates

 Share

Recommended Posts

  • Replies 365
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

bowlesjd Newbie

bowlesjd

Posted
Posted
In response to post #31573580. #31574375, #31575725, #31576020, #31583240 are all replies on the same post.


Iamimpossibru wrote: And this is the precise reason why you should ALWAYS learn to manually alter files. Preaching NMM for convenience is bad practice. That is what leads to end user breaches, and complete disregard for web safety. I've encountered far too many mod authors and users alike pushing the miracles of NMM. No, just no. Learn to computer, or get off of one.
EmeraldShadow wrote: Not exactly. Manually installing mods is a massive pain and becomes impossible when you get large mod lists. The answer is mod organizer, it has a "manual" install option which shows what files are being installed, and thankfully all files are kept separate from not only the skyrim folder but also each other, so you can drag and drop different installation-orders separately. I always check what's going into my game when using MO, so I would have caught this.
morachi wrote: I'm sorry but no. I do this for a living and what you're saying is a fallacy.

NMM is just a utility that automates a cumbersome and often complex set of moves and edits any which a mistake can cause the mod if not the program not to work.

Following your logic we'd no longer use Group Policy to set user environments, we wouldn't use patch management to manage security updates or hell we wouldn't use anti-virus we would instead sift through the files one by one looking for vulnerabilities.

I got news for you. Knowing how to mod isn't even remotely "learn to computer" and your thinking it is reminds me of folks who think knowing how to Facebook is somehow equivalent of being an IT professional...
soulgamers wrote: I always Manually install my mods. cos I like to know where their going.
I do make a backup of those places first tho.

Yippy! . I'm a IT professional. would you credit that.
CnKx wrote: You're acting like installing mods manually takes a lot of skill or something?
NMM is just convenient to have and can save you a lot of time/trouble.
So I don't understand why you're making it seem like you're amazing for installing mods manually with the "learn to computer" LOL.


I'm curious what you think manually installed a compromised mod could possibly get you.

Or is this a dunning-kruger thing, where you've convinced yourself you have come up with some magical method to protect yourself, because you don't know enough to know what the actual danger is.
Link to comment
Share on other sites
RealmEleven Enthusiast

RealmEleven

Posted
Posted
In response to post #31573045. #31573920, #31573935, #31575350, #31575375, #31581750, #31584915, #31585005 are all replies on the same post.


Dark0ne wrote: The three files affected were:

- Higher Settlement Budget (downloads from 5th December)
- Rename Dogmeat (downloads from 4th December)
- BetterBuild (downloads from 29th November)

OP updated to include that information.
ZedLeppelin wrote: Thank you for that info! I'm happy to say I downloaded/installed none of those 3 mods. I changed my Nexus p/w regardless, just to be safe.
Hickory wrote: That dsound.dll file should be sent away to all AV companies that participate in Virus Total for manual investigation. Relying on existing heuristics is not doing anybody any good, especially since these files are extremely suspect to begin with and have not been tagged by the scans.
spidermandala wrote: Thanks so much for giving us the heads up Dark0ne, I too luckily didn't pick any of these up but Ill be double vigilant now.
RaverWolfe wrote: I actually downloaded the Rename Dogmeat one, I'll change all my s#*! asap just incase.
adventnova wrote: glad i never downloaded those files.
sydney666 wrote: Thanks for the update...

Any news on synlSDLL.dll? This file and some program triggered my UAC and installed a touchpad service without me having such hardware. I don't know if the program acted as though it was a touchpad and thus my pc needed to install this service or if the actual file was a virus...once I uninstalled everything, no virus was found on my pc.

I have since cleaned my system, but it was a little difficult as the program would not uninstall by normal means aka control panel.

Very odd, but I am glad you are getting this under control.
sonkaro wrote: Lets just hope it is just FO4 mods being affected. Thousands upon thousands could be affected if they touch Skyrim, Oblivion, and many of the other games Nexus hosts.

But alas, only time will tell. Thank you for taking the time to preemptively warn us.


There is nothing wrong with Higher Settlement Budget. I've been using it without problem ever since I found it (and I've been checking nexus daily since I got my mits on FO4) so I don't think I would have missed any fun and games, if any.

Also, I eyeballed the files inside the archive. Two XML files, two BAT files and a text file. None of these five files show any unnecessary code, much less anything potentially suspicious.

I don't think your database is compromised. If it was, we'd all be getting the same problem from the same mods. One of your informants on this thread mentioned Windows Defender catching malware in the browser but not in the file system. While I haven't had that experience, it's worth pointing out that I'm a premium member so I don't see your ads. Put these three facts together and it's pretty obvious where the potential issue is.

Your site's only as secure as its weakest channel. If you can't vet every single advertisement that gets piped onto your site, before it is allowed to be displayed on your site, then you can't prevent hackers from abusing that channel. After all, the only way launch a driveby off a site without hacking that site's hosting server is to buy or steal advertising space on the advertising channel used by that site. Given the facts, that's the first place I'd look for a problem.

One other thing: Including birthdays as a field in your account database makes your site's accounts a jackpot for identity thieves. In countries like Australia and, I suspect, throughout all the Commonwealth (British Colonies) a date of birth is an all access pass to a person's life, identity and property. One way to make a significant improvement to a site's security is to make a point of excluding all sensitive information like this.

Anyways, I'll shut down cycle my disks for a dead system scan and see if anything interesting pops out of the woodwork. If I find anything, I'll let you know.
Link to comment
Share on other sites
Krazeecain Rookie

Krazeecain

Posted
Posted

"If you've ever wondered why some sites ask you to have at least 1 number and one "special" character, this is why. It makes passwords a lot harder to crack (and yes, we'll implement these forced requirements soon, too). "

 

NONONONO! Don't do this. This is a horrible practice and it needs to be eradicated. Using longer passwords made of random unrelated words is much more secure, and much easier for people to remember.

 

https://xkcd.com/936/

 

(Did I just cite a webcomic as a source? Yes. Yes I did.)

Link to comment
Share on other sites
jipao Newbie

jipao

Posted
Posted
In response to post #31573045. #31573920, #31573935, #31575350, #31575375, #31581750, #31584915, #31585005, #31586510 are all replies on the same post.


Dark0ne wrote: The three files affected were:

- Higher Settlement Budget (downloads from 5th December)
- Rename Dogmeat (downloads from 4th December)
- BetterBuild (downloads from 29th November)

OP updated to include that information.
ZedLeppelin wrote: Thank you for that info! I'm happy to say I downloaded/installed none of those 3 mods. I changed my Nexus p/w regardless, just to be safe.
Hickory wrote: That dsound.dll file should be sent away to all AV companies that participate in Virus Total for manual investigation. Relying on existing heuristics is not doing anybody any good, especially since these files are extremely suspect to begin with and have not been tagged by the scans.
spidermandala wrote: Thanks so much for giving us the heads up Dark0ne, I too luckily didn't pick any of these up but Ill be double vigilant now.
RaverWolfe wrote: I actually downloaded the Rename Dogmeat one, I'll change all my s#*! asap just incase.
adventnova wrote: glad i never downloaded those files.
sydney666 wrote: Thanks for the update...

Any news on synlSDLL.dll? This file and some program triggered my UAC and installed a touchpad service without me having such hardware. I don't know if the program acted as though it was a touchpad and thus my pc needed to install this service or if the actual file was a virus...once I uninstalled everything, no virus was found on my pc.

I have since cleaned my system, but it was a little difficult as the program would not uninstall by normal means aka control panel.

Very odd, but I am glad you are getting this under control.
sonkaro wrote: Lets just hope it is just FO4 mods being affected. Thousands upon thousands could be affected if they touch Skyrim, Oblivion, and many of the other games Nexus hosts.

But alas, only time will tell. Thank you for taking the time to preemptively warn us.
RealmEleven wrote: There is nothing wrong with Higher Settlement Budget. I've been using it without problem ever since I found it (and I've been checking nexus daily since I got my mits on FO4) so I don't think I would have missed any fun and games, if any.

Also, I eyeballed the files inside the archive. Two XML files, two BAT files and a text file. None of these five files show any unnecessary code, much less anything potentially suspicious.

I don't think your database is compromised. If it was, we'd all be getting the same problem from the same mods. One of your informants on this thread mentioned Windows Defender catching malware in the browser but not in the file system. While I haven't had that experience, it's worth pointing out that I'm a premium member so I don't see your ads. Put these three facts together and it's pretty obvious where the potential issue is.

Your site's only as secure as its weakest channel. If you can't vet every single advertisement that gets piped onto your site, before it is allowed to be displayed on your site, then you can't prevent hackers from abusing that channel. After all, the only way launch a driveby off a site without hacking that site's hosting server is to buy or steal advertising space on the advertising channel used by that site. Given the facts, that's the first place I'd look for a problem.

One other thing: Including birthdays as a field in your account database makes your site's accounts a jackpot for identity thieves. In countries like Australia and, I suspect, throughout all the Commonwealth (British Colonies) a date of birth is an all access pass to a person's life, identity and property. One way to make a significant improvement to a site's security is to make a point of excluding all sensitive information like this.

Anyways, I'll shut down cycle my disks for a dead system scan and see if anything interesting pops out of the woodwork. If I find anything, I'll let you know.


i downloaded the higher settlement mod, and after this warning i already change all my password. what do i do next? should i uninstalled the mod or it already late to do that?
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...