For those of you that use BukkitDev regularly, you know that we recently migrated CurseForge and all associated sites to AWS. The Bukkit Forums are next on our list of sites we’re moving over to AWS and we will be starting on January 31st, 2018 at approximately 9:00am PST.
We expect this process to be fairly quick, and have a downtime window of between 2 and 4 hours. As always we’re hoping to complete sooner rather than later, but we like to make sure we have plenty of time in case anything goes sideways.
Post migration, we will have much better access to and control of the Bukkit Forums for day to day updates and changes. Over the next few weeks, we will be updating, fixing, and making changes to make using the forums easier and more intuitive.
What is AWS?
AWS, or Amazon Web Services, is a collection of services often referred to as “the cloud” that attempts to eliminate issues of scalability, cost, and reliability by pooling many resources together and...
Sunday morning we had an unfortunate discovery and found that the front page of the site had been vandalized. We have no reason to believe your personal data, or passwords, were accessed.
We’ve determined that a bad actor was able to compromise an administrator’s account. Using that account, they were able to edit templates and deface the front page of the site. As soon as we found out, we took immediate action to protect you, our users, and took the site offline.
As a precaution, we’re taking additional measures to help prevent this type of defacement in the future. This includes, but is not limited to, resetting moderator and administrator account’s passwords.
Thank you for your patience as we’ve worked through this today. Please reach out if you have any additional concerns.
This is one of those announcements that no one likes to write and absolutely no one likes to read.
Recently one of our site administrator's accounts was compromised. Malicious third parties proceeded to use this access to inject a piece of malicious javascript on the forum templates allowing them to capture the login and plain text passwords of anyone that logged in to the forums while it was present. This attack was limited only to Bukkit's forums and did not affect other sites in the network.
We were notified of this issue by a member of the community: Max Korlaar. We greatly appreciate them and their report, and will be offering them a bounty commiserate with their contribution. Additionally we'll be formalizing a full bug bounty program in the near future, as well as publishing reporting channels and standards for responsible disclosure.
Upon receipt we immediately began investigating the report. This effort revealed several areas for us to address. Many of these...
