Database Breach - An Update

[XanatosVonFiction]

In response to post #32287250. #32291770 is also a reply to the same post.

Hecket wrote: Plenty of laws on plenty of different countries, require that you inform all users with a direct e-mail message to them to inform them that their personal data has been breached. This gives them the notice to change their passwords and prevent further harm. Majority of users are stupid users and reuse their passwords elsewhere. Considering it's an old leak; the damage has already been done.Posting a message on a board that only active people see is only going to autofallate you. Try telling it you 3.9 million people and see how they respond.That being said. You have failed to uphold basic security stringent practice and got popped thanks to a sql injection. In cybersec terms that's basic amateur hour. Following a basic course on sql injection could have prevented it. Then again installing IPBoard doesn't take a brain.I want the option to delete my account or you to remove me from the SQL tables. You have disabled the delete option for the user to have this ability from the IPBOARD software your running. Which says enough about your coding skills. Using humble brags that u got 4 million members, guess what, the overwhelming majority aren't active. You are basically running a honeypot and an attractive target for scriptkiddies and are even aiding them by not allowing removal.I can tell you that i have three 0days on IPboard. One through xml injection, one through brute forcing the an sql string to retrieve user data and a reflected cross site scripting method.As such it is a garentee it will happen again, and you won't even notice because your to stupid to look at server logs and put your trust in a s#*! CMS.Peace.

nortalud wrote: +1 internets for outstanding raginess
+1 internets for citing "laws on plenty of different countries" in a vaguely threatening manner
+1 internets for intentionally(?) misusing the the term "humblebrag"

-1 internets for misspelling auto-fellate; if there's one detail you really ought to get right, it's this one

Amen

[StuartDean]

I do apologise if this is not the correct place to post this, but every time I visit the nexusmods.com (regardless of which individual site, TES, fallout etc...) I get bombarded with exploits from the Axpergle family. Now, this exploit is normally fixed with windows updates, but due to windows updates constantly killing my system I have had to stop windows updates altogether. Unfortunately this means I cannot use the site at all, although the forums seem clean as I can visit here. Your security appears to have been breached again as your site is sending out exploits.

[bben46]

@StuartDean - so far you are the only member to report this.

Based on the MS site it uses an exploit in MS Silverlight, Adobe Flash player and Java. You need to update all of those and do a full scan using malwarebytes.

If windows updates is killing your system that means you already have a virus that is preventing Win Updates from working.

 

I use a Linux rescue disk for difficult cases. It is able to scan without ever loading windows so the virus cannot block it - There are several available. Here is a link to the one I currently use.

http://support.kaspersky.com/viruses/rescuedisk

[simondent2]

Hi all I just had a battle with two nasty Viruses . I had wonderfull help from Steam , got to be honest they were really helpfull , the one Virus was my fault the other I dont know where it came from , but both of nastys embebbed into x86 . I have left my comments over on Steam and the programs I used to eradicate the nastys . All free programs I use from Cnet . One of the nastys was a zip file program . I use the full Norton security system now I have further programs . If you ever get stuck with X86 nastys use regedit -Start - type regedit in seach bar above start - go to top of regedit click edit - box will open - type in the name of the nasty you may have to scroll a bit find the nasty files then delete the horrible things . Norton deep scan could not even delete the nasty zip , they now have both these nastys on record and Steam now knows about them as well . I love my Skyrim and like the people not just on Nexus and also Steam , Its so friendly not like the rest of the web and is the opposite end of what I call two facedbook (facebook) . Happy xmas to everyone .

[StuartDean]

I cannot update those programs, due to requiring windows updates to do so. My system is clean, as windows updates destroys my system even when it is a clean new drive and clean new installations. Trust me, I've worked on the problem for several months. I have no viruses.

 

Those people who regularly use win updates to fix the security issues would not notice the exploits attempting to force themselves onto their systems, as the hole are no longer there if they have the security updates from windows. This is why you won't get many people reporting it, it's only the few like me who cannot use windows updates who are vulnerable.

 

Trust me, it's not my end, my anti-virus picks up the malware and isolates it every time I visit nexusmods.com.

[madwolf2006]

In response to post #32361100.

StuartDean wrote:

I do apologise if this is not the correct place to post this, but every time I visit the nexusmods.com (regardless of which individual site, TES, fallout etc...) I get bombarded with exploits from the Axpergle family. Now, this exploit is normally fixed with windows updates, but due to windows updates constantly killing my system I have had to stop windows updates altogether. Unfortunately this means I cannot use the site at all, although the forums seem clean as I can visit here. Your security appears to have been breached again as your site is sending out exploits.

hi
do you use a ad blocker ? and what browser do you use i recommend that you disable java and enable click to play what version of windows do you use ? what happens when windows updates kills your system do you get a BSOD ? or a boot loop ?
I recommend that you backup any important data remove any USB HD delete the c: partition and reinstall windows when you get back into windows DO NOT install any drivers and run windows update if this works install you drivers one by one restarting every time you install a driver

good news the data base dump was old

[bben46]

Then WHY is no one else reporting it here? We have over ten million members. Someone else should have found it by now. Some of our members are professional IT people as well. Nexus is accessed constantly by THOUSANDS of people every minute. Surly some of these have the same AV as you and should be seeing the same problem - but no one is. Currently (at this minute) there are 1379 people accessing the Nexus. Numbers in the 5000 range are not uncommon.

 

The virus you have is Blocking the windows update that would prevent it. Then Blocking the detection by your antivirus by hiding as a necessary windows system file.

The rescue disk I recommended does not load the Windows OS at all, and therefore cannot be blocked in that way. It WILL find and clean many viruses that normally hide in windows

It is also possible that some file in your windows is infected. The ONLY way to deal with that is a full reinstall of Windows.

Some of the viruses will also redirect your browser through their own site in order to gain the income from their advertising. They can do this without you even noticing the small delay.

 

No antivirus is perfect. EVERY one misses some. By using your AV plus a scan on demand AV like FREE Malwarebytes AND the FREE rescue disk scan you will be able to clean probably 99% though. I also use a small fast FREE garbage cleaning program from Malwarebytes called JRT - it cleans things like browser hijackers and redirect programs. By running all of these one after another you will get even most of the stubborn viruses. I use this sequence - First the rescue disk, then malwarebytes, then your own AV scanner, then JRT, then Ccleaner. You may also want to check your DNS servers. I recommend using either the Google DNS servers or the Open DNS. Both are fast and as secure as any.

 

I always reboot right after doing a cleaning and run Ccleaner to clean any stray registry entries out ( some viruses use the registry to reinfect after being cleaned) The reboot is important to flag those stray entries for removal.

[Guest deleted1088387]

In response to post #32389335.

simondent2 wrote: Hi all I just had a battle with two nasty Viruses . I had wonderfull help from Steam , got to be honest they were really helpfull , the one Virus was my fault the other I dont know where it came from , but both of nastys embebbed into x86 . I have left my comments over on Steam and the programs I used to eradicate the nastys . All free programs I use from Cnet . One of the nastys was a zip file program . I use the full Norton security system now I have further programs . If you ever get stuck with X86 nastys use regedit -Start - type regedit in seach bar above start - go to top of regedit click edit - box will open - type in the name of the nasty you may have to scroll a bit find the nasty files then delete the horrible things . Norton deep scan could not even delete the nasty zip , they now have both these nastys on record and Steam now knows about them as well . I love my Skyrim and like the people not just on Nexus and also Steam , Its so friendly not like the rest of the web and is the opposite end of what I call two facedbook (facebook) . Happy xmas to everyone .

how did you notice you had virus?

[faedragon]

In response to post #32287250. #32291770, #32353000 are all replies on the same post.

Hecket wrote: Plenty of laws on plenty of different countries, require that you inform all users with a direct e-mail message to them to inform them that their personal data has been breached. This gives them the notice to change their passwords and prevent further harm. Majority of users are stupid users and reuse their passwords elsewhere. Considering it's an old leak; the damage has already been done.Posting a message on a board that only active people see is only going to autofallate you. Try telling it you 3.9 million people and see how they respond.That being said. You have failed to uphold basic security stringent practice and got popped thanks to a sql injection. In cybersec terms that's basic amateur hour. Following a basic course on sql injection could have prevented it. Then again installing IPBoard doesn't take a brain.I want the option to delete my account or you to remove me from the SQL tables. You have disabled the delete option for the user to have this ability from the IPBOARD software your running. Which says enough about your coding skills. Using humble brags that u got 4 million members, guess what, the overwhelming majority aren't active. You are basically running a honeypot and an attractive target for scriptkiddies and are even aiding them by not allowing removal.I can tell you that i have three 0days on IPboard. One through xml injection, one through brute forcing the an sql string to retrieve user data and a reflected cross site scripting method.As such it is a garentee it will happen again, and you won't even notice because your to stupid to look at server logs and put your trust in a s#*! CMS.Peace.

nortalud wrote: +1 internets for outstanding raginess
+1 internets for citing "laws on plenty of different countries" in a vaguely threatening manner
+1 internets for intentionally(?) misusing the the term "humblebrag"

-1 internets for misspelling auto-fellate; if there's one detail you really ought to get right, it's this one

XanatosVonFiction wrote: Amen

tl;dr. You know, if you want people to read your rant and take you seriously, you should work on your ability to express yourself with correct grammar and spelling.

[faedragon]

In response to post #31714675. #31724210, #31725155, #31726105, #31727505 are all replies on the same post.

SirPhoenixBlood wrote: i think the site might be infected i got a redirect to a mailware site on a Fresh boot pc that was rebooted a day ago (full reinstall of windows) so i know i dont got any virus or mailwear on my end but the site it self keeps sending me to some site caiming that my firefox needs to be updated when i just installed a New firefox fully updated

SirNesta wrote: I think your PC already got a malware :/ The site is completely safe and i never had any abusive redirection or that kind of stuff.
Try to scan your pc with your antivirus and malwarebytes for exemples.

I'm french so... sorry for my bad english ^^

rambojambo21 wrote: Use Chrome

ZedLeppelin wrote: You say a fresh windows reinstall, but that begs the question... Did you format your drive before the reinstall? If not, any virus/malware that was on your PC prior to the install, could still be there. Also, I've been using the Nexus mods site since 2011, and can tell you I've never gotten malware or a virus from this site. Not saying it can't happen, but pointing out that this is a pretty well run and maintained site. But then, I don't click banner ads. If a banner add interests me, I google whatever the ad is about and get to the content that way. Banner ads aren't under the control of the site usually, so they cannot guarantee a banner ad's legitimacy. And as the other poster commented, try run a virus scan, and if you don't have it, download Malwarebytes (you can git it from download'dot'com) and run that as well. In any case, you definitely have a browser hijacker of some sort on your PC. Good luck!

ZedLeppelin wrote: Yeah, and switch to Chrome.

Tons better than my French would be...