About the "hack" of our forum

Discussion in 'Announcements' started by Endimmion, Dec 10, 2015.

  1. Endimmion

    Endimmion Founder / Owner Staff Member Administrator

    129
    234
    193
    Around 15 hours ago, our forum was "hacked" by some people claiming to be Outsider and Valkyrie. They claimed to have stolen the user database etc...

    We took some time before restoring the forum to be able to give you as much information as possible about that.

    1. What damage have been done and what have been stolen

    After investigation, it seems that the hackers got only access to the Xenforo admin panel. With the admin panel, they deleted every page/template, removed all admin/mod privileges and set a new home page with their message.

    At this point, we don't believe that they got access to the database, you cannot get access to it with the admin panel access.
    The host server of the forum has not been compromised and no files has been modified on the Xenforo installation.

    But even if they got access to the database, please note the password are encrypted with a salt.

    2. Addittional information

    The forum of Starbound, a sandbox adventure game sold on Steam, has been hacked by the same group.
    They came to the same conclusion than us : Only access to the admin panel and no access to the database.

    The link : http://steamcommunity.com/app/211820/discussions/0/487876474226341647/#p1

    *UPDATE*

    Bukkit forum was hit too : https://bukkit.org/threads/forum-security-advisory.396805/

    3. What now?

    The forum and the database have been restored with a backup made before the attack.
    The forum has been updated to the very last version of Xenforo.
    Access to the admin panel is now strictly restricted with new security measures, that we will not expose here.

    4. Legal action

    All logs and information from the hack will be forwarded to our lawyers.

    5. Recommendations

    Even if we are almost certain that the database was not stolen/compromised, we prefer recommend you to change the password on other services if you are using the same password than here. Of course we remind you that this is a bad idea to use the same password on all websites/services.


    We do sincerely apologize for the inconvenience.
     
    Last edited: Dec 10, 2015
    Sanity, sekkinooo95, Kohai and 6 others like this.
  2. AtomiCAST

    AtomiCAST Administrator Staff Member Administrator

    251
    57
    103
    Glad we are back up and live to see another day
     
  3. Towelie

    Towelie N00b

    4
    0
    51
    My gaming community's website was also "hacked" by the same group. I can tell you how it happened - There was an exploit on bukkit.org recently which allowed attackers to place a malicious javascript in their login script, which sent the usernames and passwords in cleartext to an unknown attackers.
    These attackers then "hacked" a bunch of minecraft-related gaming communities (and not only). For my site, their "hack" was limited to editing the forum template and posting some silly page with isis's logo and demanding money for it.

    In my case, they also modified forum settings to allow php bbtags, then tried to embed a malicious php script which was supposed to open a port (but failed due to security settings).


    I can help you with more information if you wish, contact me via e-mail.
    The only things I know now are that the team speaks turkish or is from somewhere near turkey (bassed on turkish language excerpts from the script they planted on my forums)
     
    Last edited: Dec 10, 2015
  4. AtomiCAST

    AtomiCAST Administrator Staff Member Administrator

    251
    57
    103
    They are always related to that side of planet (Not to be racist or anything), seems like Turkish & Indians are the NÂș1 Winners for those kind of jobs. Happend to me on my site long time ago, always been a thing to keep on mind when doing Firewall configurations for me.

    Sad to see it happend to you too, seems like people never grow up.
     
  5. Towelie

    Towelie N00b

    4
    0
    51
    Yeah :\ I was especially "impressed" by the ISIS logo they put there.
     
  6. AtomiCAST

    AtomiCAST Administrator Staff Member Administrator

    251
    57
    103
    They usually do that, i seen tons of them and they always use their flags.
     
  7. Ev1dentFir3

    Ev1dentFir3 Head Moderator Contributor

    297
    59
    78
    Luckily the admin panel does not have any database configurations, and the hackers would not have been able to access the database info without FTP access to the xenforo configs. So I'm not concerned at all ;)
     
    AtomiCAST likes this.
  8. AtomiCAST

    AtomiCAST Administrator Staff Member Administrator

    251
    57
    103
    It has some sensitive information, but not that sensitive to allow that kind of connection to the database for a complete dump of it.
     
    Ev1dentFir3 likes this.
  9. Commander Phill

    Commander Phill Forum Moderator Staff Member Moderator

    800
    53
    78
    At least the forum is still here.
     
    AtomiCAST likes this.
  10. Fitk

    Fitk N00b

    4
    2
    53
    How pitifull is that? Bunch of nerds thinking they're something by hacking a random videogame forum , putting a logo and taking random user's addresses and shit?

    How dumb are those people?
     
  11. I'll prefer to use http://keepass.info/
    Best invention for password protections!

    Isn't it easier to close connections to mysql except 127.0.0.1 and protecting sensible paths with .htaccess/web.config!?
    I'll do that on my server and got no problems anymore
     
  12. MiniMuleNZ

    MiniMuleNZ Moderator Staff Member Moderator

    876
    128
    193
    *cough* 128 character random passwords *cough*
     
  13. Endimmion

    Endimmion Founder / Owner Staff Member Administrator

    129
    234
    193
    Mysql connection was always impossible from outside of my servers. They did not get access to the database.
     
  14. ThornyMacaroon

    ThornyMacaroon Retired Staff Member Retired Staff Member

    139
    117
    54
    Thank god it is still up and running. This ruined my whole yesterday.
     
  15. Elite_Muffin

    Elite_Muffin N00b

    5
    0
    1
    My account got deleted by these fags please someone help I had so much stuff on there please some one HELP ME.
     
  16. Commander Phill

    Commander Phill Forum Moderator Staff Member Moderator

    800
    53
    78
    please state who you were.
     
  17. Elite_Muffin

    Elite_Muffin N00b

    5
    0
    1
    Elite Muffin my account was deleted I'm so sad please will you help me
     
  18. Elite_Muffin

    Elite_Muffin N00b

    5
    0
    1
    do you want some link to the staff applications of mine for gmod for proof
     
  19. Elite_Muffin

    Elite_Muffin N00b

    5
    0
    1
  20. MiniMuleNZ

    MiniMuleNZ Moderator Staff Member Moderator

    876
    128
    193
    Are you talking about an account on our forum? Because the forum was restored from a backup that was likely less than a day old...
     

Share This Page