Discussion in 'Bukkit News' started by Kaelten, Dec 7, 2015.
It indeed does not.
@AmShaegar Nothing is found from this side.
Maybe, this really is a big coincidence and it was one of the ad networks that is infected? This would explain why you can't find anything. I don't have a better explanation. :-/
@AmShaegar, those credentials have not been used immediately. Someone broke into my Microsoft account using them, but it was almost 3 days after my last use of the site.
And thank you for bringing up teamviewer. It also shared the same password, although thank the lord I had a secondary password for my device. (Can't say the same for my employer *gulp*. I'll just have to hope nothing happened. They would have told me if the computer was acting odd.)
We've gone and done another pass on those templates as well as checked audit logs. Those templates haven't been touched since this ordeal started. And no template changes at all are showing up in our logs since we removed the ads from the forums.
If anyone has any more info about a active security issue please email it to firstname.lastname@example.org and we'll investigate it fully.
@Kaelten I never recieved a response to my report.
Since I havent received a single answer to my report on the dev.bukkit.org security error report, il have to warn people to not download files from dev.bukkit.org unless you went by the main project page. If you were linked to a specific file, be aware it may be malicious.
Will the XenForo software be updated to a version ≥1.5 anytime soon? This way users could enable 2FA if they'd like to.
More info is on the XenForo community forum.
Maybe get cloudflare too?
Bukkit is already on Cloudfare
Oh I must be blind O-O
Also, a separate issue, is it really so bad here that new members aren't allowed to post? A mod has to 'allow' them to?
I've never seen a posting delay for new members on any other forum, this place must be getting kicked badly
That was added quite a long time ago, to prevent a substantial amount of spam which would otherwise get through.
I see that on every reputable Forum I've ever been on, it only lasts for 5-10 posts. It helps soooo much with spam.
Has anyone found a link between the login cookie issues and the template change? I remember reading multiple posts about how it was odd that the issue appeared at nearly the same time as the breach and was seemingly resolved once the breach was detected. I'm running into the issue again for the first time since this mess started.
EDIT: Searched the page source myself and didn't see anything.
@Tecno_Wizard The login cookie issue is a common issue and has existed for a while before, though there was a significant rise of reports since Curse's takeover.
now it alls adds up, why my twitter account had like 200 people being followed by my account. When i only follow 5. Yes i did use the same password for Twitter & Bukkit, have now changed this. Although i don't recall ever getting a message or email from you guys after this incident occurred?
@Blkscorpion2 Curse, in their wisdom decided to only message a certain amount of people instead of anyone who logged into the website during the months of compromised login. Apparently they dont bother messaging inactive accounts, even though they had indeed logged in during these months.
Also, no words from Curse if the compromised admin account could have led to stolen hidden information either.
@Necrodoom_V2, IMO, all users should have received a warning of this regardless. If an admin's account is compromised, all information should be considered compromised. Arguing anything else is idiotic.
@Tecno_Wizard Yes, i agree.
@Tecno_Wizard I agree also.
@Tecno_Wizard I agree also².
So does this mean the problem still exists now, or has it been resolved already?
@LegoLordEpic138 It was resolved when the first post of this thread was made.
could somebody confirm if these ad trackers played a role from the time of compromise?
for now I see ghostery also mocking about trackers I'm not sure what happens if I get more trackers when I enable them because that happened in august from 8 trackers to 80 trackers, thats abnormal behaviour for a website and does endanger the level of malvertising.
sorry but I'm a little disappointed atleast I expected a email or a lock on my account to re-activate to reasure that it is me.
@xize, At this time, curse has not told us anything besides that an admin account was compromised by a probable MITM attack. It is improbable, but not impossible that the ads were also infected.
Three other things.
1) Ghostery is made by a conglomerate of some of the biggest ad companies on earth (hypocrites) and works on a black list, which, frankly, is ineffective. Use Privacy badger instead.
2) I agree that curse did a horrific job responding to this breach. I'm constantly checking the page source for another infection and I haven't seen anything yet. All users should have been warned of the breach. It appears that only a select group of users who signed in within a period during the breach were contacted. For goodness sakes an admin account was compromised. Everyone should have been warned and all passwords should have been forcibly reset. I refuse to log in using my email now in fear it will be captured.
3) I complained about the tracker insanity on Bukkit while the old team was in charge and the post was merged into this thread and deleted. I, to say the least, was not thrilled whatsoever. It was by no means advertising. I simply listed the trackers on the site and what they say they do with the data they collect. I'm not sure what curse's stance on this is.
Separate names with a comma.