2014-05-12, 08:24 | Link #1 |
…Nothing More
Administrator
Join Date: Mar 2003
Age: 44
|
Security and Privacy Issue : May-2014
Security and Privacy Announcement
Between the 2nd of May 4pm UTC and 6th of May 6pm UTC the forum was the target of an attack that has compromised user privacy. We are sorry this has happened, that we were unable to stop it sooner, and that it has taken this long to get enough of the facts together to make an announcement. Currently the information we know to have been disclosed, for all users, includes:
What next? As a result of this we have reset all passwords on this forum. If you can't log in, this is probably why. Use the password reset form. You should change your password to something new as a matter of urgency. If you use the same password on any other site, you should change it to something else on each of those sites too. Please note the passwords were stored in an encrypted form; however, with the number of people who use common passwords and share password across all the sites they visit, as revealed by other data breaches in the news recently, it is safe to assume that a number of them will be compromised even in the encrypted form. We also suggest you review the private messages you have on the forum to assess the impact of their disclosure to you personally. We are looking for a way to provide more accurate information about who was effected by this but as yet do not have a definitive list. We don't believe there are any further back-doors but may have to close the forum and restore from a backup to be absolutely sure. This is something we need to wait for GHDpro to handle. If we do, we will endeavour to sanitize and keep any posts more recent than the backup used. Any other steps we take will depend on further investigation. Attack Details We do not yet know how the initial account break happened, except to say that a some-what dormant staff account was used to create an announcement that injected a malicious script in each forum-viewing page, which in turn compromised the forum for each user (and resulted in private messages being downloaded). It is possible your own browser will have a record of this happening, as it was noticed as a back-button problem by some. If you block java-scripts by default you may have been protected. Unfortunately the full impact of this was not fully understood at first; while the threat was being removed, it may have inadvertently given the attacker access to update another part of the forum, which they then used to download information from the user database. We have since disabled the staff account used in the initial attack, made our access restrictions stricter, and will review how we deal with old and dormant accounts, particularly those with privilege access. Again, you have our deepest apologies for not better protecting your information and not making you aware of this problem much sooner. Update May 13 - Forum Server Rebuild Complete (by GHDpro) Due to this security issue we felt it necessary to completely wipe & rebuild the forum server and restore from backups. The backup that was restored is about two weeks old. However three tables were kept from before the rebuild: users, posts and threads. This means all user accounts (including password changes you may have already done) and posts and threads should have been preserved. However, anything else posted, changed or uploaded in that time may have been lost, including visitor messages, PMs and any changes to pictures and albums, just to name a few. If you changed your avatar in the past two weeks you might also have to upload it again. Due to the server rebuild (which took much longer than expected, sorry about that) and the way we restored the forum some things may be broken or not working correctly. Please notify us about this by posting in this thread, thank you. Last edited by GHDpro; 2014-05-13 at 06:41. |
2014-05-12, 08:49 | Link #2 |
Index III was a mistake
Join Date: Jul 2013
Location: Sydney, Australia
Age: 32
|
This is pretty serious. I assume the announcement in question is that random one that appeared in all forums that simply said 'test' and 'do not delete'. In hindsight that was obviously suspicious from the beginning.
__________________
|
2014-05-12, 09:00 | Link #3 |
Banned
Join Date: Dec 2006
Age: 38
|
Online forums such as these are perfect targets because they have weak security, little motivation to keep security up to and above current standards (which are shit), and enormous user information databases that opens doors elsewhere. It CANNOT be stressed enough that if you use the same OR similar passwords on other sites/services, and have something of worth to lose, you or your organization are most likely fucked.
|
2014-05-12, 09:07 | Link #4 |
Fallere825
Join Date: Dec 2009
Location: Inside my mind
|
As OH&S mentioned, that test announcement was pretty suspicious. It sucks that something like this happens, but I don't keep compromising information on the discussion forums I visit. I also make sure my passwords to other sites/services like e-mail are completely unique.
I hope no one suffers because of this.
__________________
|
2014-05-12, 09:10 | Link #5 |
Princess or Plunderer?
Join Date: May 2009
Location: the Philippines
|
I don't want to start the blame game, but that particular announcement from that mod has been up for several days. If that was the start of a hacker chomping his way into AnimeSuki's security, then we have all been screwed way before the actual attack had been detected.
Personally, I assumed that it was a new mod that was "testing" his new powers. But then I quickly asked myself that such an event should have been announced earlier.
__________________
|
2014-05-12, 09:20 | Link #7 |
True Dragon
Join Date: Nov 2013
Location: Riding on Great Red head
Age: 28
|
You can have a 54 character password if you have a keylloger in your pc , or something like that you ar done for. MD5 is pretty vulnerable . That announce was very suspicious , and when i accesed it , it was only a post ( I have Zone Alarm extreme security fully paid but it didn`t show me any alert) whit something like : Please do not delete it , it is only for a test , or something like that .
__________________
|
2014-05-12, 09:27 | Link #9 |
Unfair
Join Date: Nov 2003
|
I also did notice the announcement. But I didn't think much about it since I knew the guy who made it was a long-time moderator/admin. Thanksfully my animesuki password was already some random password I had gotten from a reset since I forgot it a few years ago. Didn't bother changing it, I guess that was a good idea.
__________________
|
2014-05-12, 09:28 | Link #10 | |
Call me MK! :)
Graphic Designer
Join Date: Oct 2009
Location: The top of the world.
Age: 34
|
Well this sucks big time!
Was this attack similar to the one in 2005? I also noticed that the whole staff team is gone from "View Forum Leaders"? Is there anything we as members can do to protect our self's? Beside simple changing our passwords? Quote:
__________________
|
|
2014-05-12, 09:29 | Link #12 |
Not Bennia Lover
Join Date: Oct 2013
Age: 26
|
When I checked said announcement, I figured it was a staff member testing for a possible vulnerability, but I didn't suspect it was an actual attack. Either way, I don't have anything compromising on my account, and I'll be sure to change my password again.
Anything 18 characters and up is pretty secure, but 20 characters minimum is usually safest. Hopefully no one will suffer due to this.
__________________
|
2014-05-12, 09:30 | Link #13 |
Constellation
Graphic Designer
Join Date: Jan 2008
Location: Pearl of the Orient Seas
Age: 31
|
Does this mean that our passwords and other related stuff that uses the same e-mail we use here, might be compromised?
will changing our current e-mail used help?
__________________
|
2014-05-12, 09:31 | Link #15 |
RUN, YOU FOOLS!
Join Date: Jun 2006
Location: Formerly Iwakawa base and Chaldea. Now Teyvat, the Astral Express & the Outpost
Age: 44
|
I didn't read moderators and administrators' announcements if those were not active in forums or had not posted before. And announcements that read "test" were just too suspicious when Asuki's announcements were usually never for such frivolous things.
|
2014-05-12, 09:32 | Link #16 | |
No time to sleep, 不幸だ
Join Date: Aug 2012
Location: The Big Apple
Age: 30
|
Quote:
I don't know much about internet connections and stuff...
__________________
|
|
2014-05-12, 09:35 | Link #17 |
True Dragon
Join Date: Nov 2013
Location: Riding on Great Red head
Age: 28
|
1) Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name example.ooo might translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned. (2) Short for digital nervous system,a term coined by Bill Gates to describe a network of personal computers that make it easier to obtain and understand information. And DNS can`t be changed unless you buy another pc or go to another internet provider . But DNS is hard to get unless you have acces to the pc in question
__________________
|
2014-05-12, 09:37 | Link #18 |
AS Oji-kun
Join Date: Nov 2006
Age: 74
|
Accounts with anything other than ordinary user access should be closed once a person has retired from administrative duties; at most allow a one or two month grace period. The fact that an admin account was used for this exploit is its most troubling aspect, as I'm sure you all know.
__________________
|
2014-05-12, 09:37 | Link #19 | |
No time to sleep, 不幸だ
Join Date: Aug 2012
Location: The Big Apple
Age: 30
|
Quote:
__________________
|
|
|
|