s0
|
 |
« Reply #20 on: September 24, 2016, 12:30:13 PM » |
|
that's good to hear!
|
|
|
Logged
|
|
|
|
quantumpotato
|
 |
« Reply #21 on: September 24, 2016, 12:46:26 PM » |
|
Has anyone heard of this Allergicly before?
|
|
|
Logged
|
|
|
|
|
s0
|
 |
« Reply #23 on: September 24, 2016, 01:15:28 PM » |
|
Hey Matthew, someone just suggested this in a chat and I thought it was a good idea: How about having an announcement linking to your post in the in the top bar, a la the ocean marketing link?
|
|
|
Logged
|
|
|
|
ProgramGamer
|
 |
« Reply #24 on: September 24, 2016, 03:33:10 PM » |
|
Ok, so in light of this what would be a good password managing program?
|
|
|
Logged
|
|
|
|
DireLogomachist
|
 |
« Reply #25 on: September 24, 2016, 03:53:21 PM » |
|
Ok, so in light of this what would be a good password managing program?
I just started using LastPass due to this. Good so far I think.
|
|
|
Logged
|
 Living and dying by Hanlon's Razor
|
|
|
Matthew
|
 |
« Reply #26 on: September 24, 2016, 04:05:06 PM » |
|
Ok, so in light of this what would be a good password managing program?
I like 1Password. It's kind of surprising how many unique logins you end up with once you start doing one per site. (I have 85 in there, and I don't feel like I'm *that* active on the Internet). BTW, I dug through some access logs, and my best guess right now is that this was a shared password issue with the admin account used. Password was compromised elsewhere and used here. Sadly, if the attacker gets lucky they'll be able to take a cracked password + email from here and use it somewhere else, keeping the chain alive...
|
|
|
Logged
|
|
|
|
s0
|
 |
« Reply #27 on: September 24, 2016, 04:14:22 PM » |
|
Could you do a thing where you reset everyone's password to a random string and force them to change next time they log in? It's a drastic measure, but better safe than sorry.
|
|
|
Logged
|
|
|
|
ProgramGamer
|
 |
« Reply #28 on: September 24, 2016, 04:27:02 PM » |
|
At least this is forcing us to take internet security a bit more seriously lol
|
|
|
Logged
|
|
|
|
Matthew
|
 |
« Reply #29 on: September 24, 2016, 04:41:19 PM » |
|
Could you do a thing where you reset everyone's password to a random string and force them to change next time they log in? It's a drastic measure, but better safe than sorry.
Yeah, I'm looking at ways to notify affected users. I think weak hashes are something like 10% out of the 4% of users that made it into the backup table before the script timed out. To be honest, I'm not that worried about people changing their passwords here. There isn't a whole lot to be gained from a random, non-privileged TIGForums account! My worry is if someone made an account here with an easy common password they also use elsewhere (email, domain names, paypal, etc)...
|
|
|
Logged
|
|
|
|
starsrift
|
 |
« Reply #30 on: September 24, 2016, 10:30:53 PM » |
|
Fuck! Now I have to change the combination on my luggage. 
|
|
|
Logged
|
"Vigorous writing is concise." - William Strunk, Jr. As is coding.
I take life with a grain of salt. And a slice of lime, plus a shot of tequila.
|
|
|
MedO
Level 1
|
 |
« Reply #31 on: September 25, 2016, 01:54:44 AM » |
|
Saw this on Twitter. Password changed. I think this actually warrants a mass email to all users.
Would be interested in how he did it, since I run an SMF installation as well (though mine is SMF2) and don't want to be vulnerable to the same issue.
|
|
|
Logged
|
|
|
|
s0
|
 |
« Reply #32 on: September 25, 2016, 02:34:17 AM » |
|
To be honest, I'm not that worried about people changing their passwords here. There isn't a whole lot to be gained from a random, non-privileged TIGForums account! My worry is if someone made an account here with an easy common password they also use elsewhere (email, domain names, paypal, etc)... my thinking was that if spammers somehow got their hands on the db with cracked passwords they could use it to mass hijack accounts.
|
|
|
Logged
|
|
|
|
oahda
|
 |
« Reply #33 on: September 25, 2016, 01:38:43 PM » |
|
The backup_members table they quoted on Twitter only has 1,793 entries. Would you be so kind as to tell us who "they" are, if they're so cool and edgy as to proudly announce their great accomplishment on Twitter?
|
|
|
Logged
|
|
|
|
Matthew
|
 |
« Reply #34 on: September 25, 2016, 02:12:06 PM » |
|
Would you be so kind as to tell us who "they" are, if they're so cool and edgy as to proudly announce their great accomplishment on Twitter?
It's in the thread here (3rd post).
|
|
|
Logged
|
|
|
|
oahda
|
 |
« Reply #35 on: September 25, 2016, 11:50:13 PM » |
|
Thanks. I got the impression from the tone of the other messages in this thread that this was a malicious attack, especially since they apparently "defiled" the templates which didn't sound like something a helpful hacker would do. But I found the other Twitter link now too, so that's good, assuming it's true. Let's hope so.
Might still want to make sure some of the "high-profile" (Derek, Blow...) people whose accounts are visible in that screenshot are personally made aware of this just in case tho, since even someone without initially malicious intentions might be tempted to try and do something with those passwords.
|
|
« Last Edit: September 26, 2016, 12:10:29 AM by Prinsessa »
|
Logged
|
|
|
|
starsrift
|
 |
« Reply #36 on: September 26, 2016, 07:15:42 AM » |
|
Serious question - given the brazen nature of the attacker to self-identify, will TIGS be pursuing legal action?
|
|
|
Logged
|
"Vigorous writing is concise." - William Strunk, Jr. As is coding.
I take life with a grain of salt. And a slice of lime, plus a shot of tequila.
|
|
|
Schoq
|
 |
« Reply #37 on: September 26, 2016, 09:52:03 AM » |
|
how are you gonna prosecute a twitter account
|
|
« Last Edit: September 27, 2016, 07:06:26 AM by Schoq »
|
Logged
|
♡ ♥ make games, not money ♥ ♡
|
|
|
Thaumaturge
|
 |
« Reply #38 on: September 26, 2016, 03:21:29 PM » |
|
Oh dear. :/
Thank you for letting us know! It's appreciated. ^_^
I do have two questions: While measures have been taken against another such hack, do I gather correctly that the hole has yet to be fully patched? If so, could a hacker not repeat a similar process to gain newly-changed passwords?
|
|
|
Logged
|
|
|
|
Matthew
|
 |
« Reply #39 on: September 26, 2016, 04:29:55 PM » |
|
Oh dear. :/
Thank you for letting us know! It's appreciated. ^_^
I do have two questions: While measures have been taken against another such hack, do I gather correctly that the hole has yet to be fully patched? If so, could a hacker not repeat a similar process to gain newly-changed passwords?
My best guess is that this was a password hygiene issue. The password to an old administrator account was comprised elsewhere, and was the same password used here. I covered this in the original post, but basically: - Tripwire added at the file level (monitors files for changes) - SMF admin tools removed (the attacker only used admin tools and didn't have shell access) - Old accounts cleaned up, even this account has no admin access until I need it - Various PHP file functions disabled
|
|
|
Logged
|
|
|
|
|