Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

 
Advanced search

1370291 Posts in 64455 Topics- by 56510 Members - Latest Member: MariamThomson

December 10, 2019, 10:30:58 PM

Need hosting? Check out Digital Ocean
(more details in this thread)
TIGSource ForumsCommunityTownhallForum IssuesTIG has been hacked! (OLD)
Pages: 1 [2] 3
Print
Author Topic: TIG has been hacked! (OLD)  (Read 12176 times)
Silbereisen
Overlord
Administrator
Level 10
******


eurovision winner 2014


View Profile
« Reply #20 on: September 24, 2016, 12:30:13 PM »

that's good to hear!
Logged
quantumpotato
Quantum Potato
Level 10
*****



View Profile WWW
« Reply #21 on: September 24, 2016, 12:46:26 PM »

Has anyone heard of this Allergicly before?
Logged

requiemzz
Level 0
*


View Profile
« Reply #22 on: September 24, 2016, 12:50:20 PM »

Apparently, it was all just for fun SMH :
https://twitter.com/Allergically/status/779780762254073857
Logged
Silbereisen
Overlord
Administrator
Level 10
******


eurovision winner 2014


View Profile
« Reply #23 on: September 24, 2016, 01:15:28 PM »

Hey Matthew, someone just suggested this in a chat and I thought it was a good idea: How about having an announcement linking to your post in the in the top bar, a la the ocean marketing link?
Logged
ProgramGamer
Administrator
Level 10
******


The programmer of games


View Profile
« Reply #24 on: September 24, 2016, 03:33:10 PM »

Ok, so in light of this what would be a good password managing program?
Logged

DireLogomachist
Level 4
****



View Profile
« Reply #25 on: September 24, 2016, 03:53:21 PM »

Ok, so in light of this what would be a good password managing program?

I just started using LastPass due to this. Good so far I think.
Logged


Living and dying by Hanlon's Razor
Matthew
Rapture
Administrator
Level 3
******


Milling About


View Profile WWW
« Reply #26 on: September 24, 2016, 04:05:06 PM »

Ok, so in light of this what would be a good password managing program?

I like 1Password.  It's kind of surprising how many unique logins you end up with once you start doing one per site.  (I have 85 in there, and I don't feel like I'm *that* active on the Internet).

BTW, I dug through some access logs, and my best guess right now is that this was a shared password issue with the admin account used.  Password was compromised elsewhere and used here.  Sadly, if the attacker gets lucky they'll be able to take a cracked password + email from here and use it somewhere else, keeping the chain alive...
Logged

Matthew Wegner
Currently: Aztez
Founder, Flashbang Studios
Partner, Indie Fund
Editor, Fun-Motion
Co-Chair, IGF
Silbereisen
Overlord
Administrator
Level 10
******


eurovision winner 2014


View Profile
« Reply #27 on: September 24, 2016, 04:14:22 PM »

Could you do a thing where you reset everyone's password to a random string and force them to change next time they log in? It's a drastic measure, but better safe than sorry.
Logged
ProgramGamer
Administrator
Level 10
******


The programmer of games


View Profile
« Reply #28 on: September 24, 2016, 04:27:02 PM »

At least this is forcing us to take internet security a bit more seriously lol
Logged

Matthew
Rapture
Administrator
Level 3
******


Milling About


View Profile WWW
« Reply #29 on: September 24, 2016, 04:41:19 PM »

Could you do a thing where you reset everyone's password to a random string and force them to change next time they log in? It's a drastic measure, but better safe than sorry.

Yeah, I'm looking at ways to notify affected users.  I think weak hashes are something like 10% out of the 4% of users that made it into the backup table before the script timed out.

To be honest, I'm not that worried about people changing their passwords here.  There isn't a whole lot to be gained from a random, non-privileged TIGForums account!  My worry is if someone made an account here with an easy common password they also use elsewhere (email, domain names, paypal, etc)...
Logged

Matthew Wegner
Currently: Aztez
Founder, Flashbang Studios
Partner, Indie Fund
Editor, Fun-Motion
Co-Chair, IGF
starsrift
Level 10
*****


Apparently I am a ruiner of worlds. Ooops.


View Profile WWW
« Reply #30 on: September 24, 2016, 10:30:53 PM »

Fuck! Now I have to change the combination on my luggage.  Angry
Logged

"Vigorous writing is concise." - William Strunk, Jr.
As is coding.

I take life with a grain of salt.
And a slice of lime, plus a shot of tequila.
MedO
Level 1
*


View Profile
« Reply #31 on: September 25, 2016, 01:54:44 AM »

Saw this on Twitter. Password changed. I think this actually warrants a mass email to all users.

Would be interested in how he did it, since I run an SMF installation as well (though mine is SMF2) and don't want to be vulnerable to the same issue.
Logged
Silbereisen
Overlord
Administrator
Level 10
******


eurovision winner 2014


View Profile
« Reply #32 on: September 25, 2016, 02:34:17 AM »

Quote
To be honest, I'm not that worried about people changing their passwords here.  There isn't a whole lot to be gained from a random, non-privileged TIGForums account!  My worry is if someone made an account here with an easy common password they also use elsewhere (email, domain names, paypal, etc)...

my thinking was that if spammers somehow got their hands on the db with cracked passwords they could use it to mass hijack accounts.
Logged
Prinsessa
Level 10
*****


Ava Skoog


View Profile WWW
« Reply #33 on: September 25, 2016, 01:38:43 PM »

The backup_members table they quoted on Twitter only has 1,793 entries.
Would you be so kind as to tell us who "they" are, if they're so cool and edgy as to proudly announce their great accomplishment on Twitter?
Logged

Matthew
Rapture
Administrator
Level 3
******


Milling About


View Profile WWW
« Reply #34 on: September 25, 2016, 02:12:06 PM »

Would you be so kind as to tell us who "they" are, if they're so cool and edgy as to proudly announce their great accomplishment on Twitter?

It's in the thread here (3rd post).
Logged

Matthew Wegner
Currently: Aztez
Founder, Flashbang Studios
Partner, Indie Fund
Editor, Fun-Motion
Co-Chair, IGF
Prinsessa
Level 10
*****


Ava Skoog


View Profile WWW
« Reply #35 on: September 25, 2016, 11:50:13 PM »

Thanks. I got the impression from the tone of the other messages in this thread that this was a malicious attack, especially since they apparently "defiled" the templates which didn't sound like something a helpful hacker would do. But I found the other Twitter link now too, so that's good, assuming it's true. Let's hope so.

Might still want to make sure some of the "high-profile" (Derek, Blow...) people whose accounts are visible in that screenshot are personally made aware of this just in case tho, since even someone without initially malicious intentions might be tempted to try and do something with those passwords.
« Last Edit: September 26, 2016, 12:10:29 AM by Prinsessa » Logged

starsrift
Level 10
*****


Apparently I am a ruiner of worlds. Ooops.


View Profile WWW
« Reply #36 on: September 26, 2016, 07:15:42 AM »

Serious question - given the brazen nature of the attacker to self-identify, will TIGS be pursuing legal action?
Logged

"Vigorous writing is concise." - William Strunk, Jr.
As is coding.

I take life with a grain of salt.
And a slice of lime, plus a shot of tequila.
Schoq
Level 10
*****


♡∞


View Profile WWW
« Reply #37 on: September 26, 2016, 09:52:03 AM »

how are you gonna prosecute a twitter account
« Last Edit: September 27, 2016, 07:06:26 AM by Schoq » Logged

♡ ♥ make games, not money ♥ ♡
Thaumaturge
Level 10
*****



View Profile WWW
« Reply #38 on: September 26, 2016, 03:21:29 PM »

Oh dear. :/

Thank you for letting us know! It's appreciated. ^_^

I do have two questions: While measures have been taken against another such hack, do I gather correctly that the hole has yet to be fully patched? If so, could a hacker not repeat a similar process to gain newly-changed passwords?
Logged


Traversal, exploration, puzzles, and combat in a heroic-fantasy setting
Website ~ Twitter
Matthew
Rapture
Administrator
Level 3
******


Milling About


View Profile WWW
« Reply #39 on: September 26, 2016, 04:29:55 PM »

Oh dear. :/

Thank you for letting us know! It's appreciated. ^_^

I do have two questions: While measures have been taken against another such hack, do I gather correctly that the hole has yet to be fully patched? If so, could a hacker not repeat a similar process to gain newly-changed passwords?

My best guess is that this was a password hygiene issue.  The password to an old administrator account was comprised elsewhere, and was the same password used here.

I covered this in the original post, but basically:

- Tripwire added at the file level (monitors files for changes)
- SMF admin tools removed (the attacker only used admin tools and didn't have shell access)
- Old accounts cleaned up, even this account has no admin access until I need it
- Various PHP file functions disabled
Logged

Matthew Wegner
Currently: Aztez
Founder, Flashbang Studios
Partner, Indie Fund
Editor, Fun-Motion
Co-Chair, IGF
Pages: 1 [2] 3
Print
Jump to:  

Theme orange-lt created by panic