Bukkit Forums

Sunday morning we had an unfortunate discovery and found that the front page of the site had been vandalized. We have no reason to believe your personal data, or passwords, were accessed.

We’ve determined that a bad actor was able to compromise an administrator’s account. Using that account, they were able to edit templates and deface the front page of the site. As soon as we found out, we took immediate action to protect you, our users, and took the site offline.

As a precaution, we’re taking additional measures to help prevent this type of defacement in the future. This includes, but is not limited to, resetting moderator and administrator account’s passwords.

Thank you for your patience as we’ve worked through this today. Please reach out if you have any additional concerns.

Thanks,
Zeldo

This is one of those announcements that no one likes to write and absolutely no one likes to read.

Recently one of our site administrator's accounts was compromised. Malicious third parties proceeded to use this access to inject a piece of malicious javascript on the forum templates allowing them to capture the login and plain text passwords of anyone that logged in to the forums while it was present. This attack was limited only to Bukkit's forums and did not affect other sites in the network.

We were notified of this issue by a member of the community: Max Korlaar. We greatly appreciate them and their report, and will be offering them a bounty commiserate with their contribution. Additionally we'll be formalizing a full bug bounty program in the near future, as well as publishing reporting channels and standards for responsible disclosure.

Upon receipt we immediately began investigating the report. This effort revealed several areas for us to address. Many of these...

Hi Bukkiteers,

Most of the staff will be at Minecon this weekend so a couple things can happen:
1. Forum approval times will be longer.
2. Reports won't be handled as fast as usual.
3. New http://dev.bukkit.org projects or files will be on hold till after Minecon.

We will do our best to do as much as possible!

Absolute Emergency (dragons burnt the town, villagers are rioting) private message either: CFEmergency Admin or Bukkit Emergency Admin
Normal Emergency (gremlins, imps and evil pixies) contact: Support Desk
We will still be watching, but response time will be delayed. Happy Holidays to everyone.

Timtower

Hey all!

The BukkitDev account linking feature is now available and working. We know you guys have been wanting this fixed for some time but we felt that the best way was to update the forums and then reintegrate the linker (We knew the forums update would break the old linker).

If you previously linked your accounts all this information was saved and you do not need to relink your accounts.

You will find that this linker is slightly different than the old one when you try to do your account registration. First thing that is different is that the link is gone from your user profile bar at the top of the forums.

Instead you are going to click on the "Personal Details" button to navigate to your user profile edit page. Here you will find a new field that asks for your BukkitDev information.



This is now where you enter your BukkitDev username. Once you have entered your username you click on the "Generate Token" button....