Author Topic: Forum Issues  (Read 7115 times)

the.derp

  • Guest
Forum Issues
« on: January 15, 2012, 04:24:05 PM »
The past couple of days have seen the forums with an issue.  Someone broke into a few admin accounts and decided to ban every user and then break the forums.  We have done what we can, but we need you to do something.

Change your passwords now.  And make sure it is secure.

Good password guidelines:
http://www.microsoft.com/security/online-privacy/passwords-create.aspx

Offline JF

  • Gold Member
  • *
  • Posts: 2,257
  • Awards [OCRP Award] Social Player [OCRP Award] You Own The Mall [OCRP Award] Junkie
    • View Profile
    • Awards
Re: Forum Issues
« Reply #1 on: January 15, 2012, 04:28:43 PM »
I suggest people tell their friends that use CG about this ASAP.
Made by HilariousPlayer
http://www.catalyst-gaming.net/index.php?topic=5623.0
http://www.catalyst-gaming.net/index.php?topic=141.0
- Amazing threads that will keep you un-forum banned!

Offline Nicknero

  • Hatsune Miku
  • Gold Member
  • *
  • Posts: 5,032
  • Awards [OCRP Award] Millionaire [OCRP Award] Evo City Marathon [OCRP Award] Social Player [GMR2 Award] 100 MPH
    • View Profile
    • Awards
Re: Forum Issues
« Reply #2 on: January 15, 2012, 04:31:59 PM »
Whoever is doing this isn't to smart though.

Anyways, I already change my password of course.
Check out my Youtube channel with all kinds of cool videos including LP's which I'm currently working at. Don't forget to give feedback as well. ;)


Offline Lil_Killa

  • *
  • Posts: 12
    • View Profile
    • Awards
Re: Forum Issues
« Reply #3 on: January 15, 2012, 10:31:00 PM »
Very sad, there are so many haters in this world  :'(.

Offline CrazyNinja

  • No dad please
  • Gold Member
  • *
  • Posts: 933
  • Awards [OCRP Award] Dedicated Player [OCRP Award] Millionaire [OCRP Award] Secret Phrase [OCRP Award] Social Player
    • View Profile
    • Awards
Re: Forum Issues
« Reply #4 on: January 16, 2012, 12:32:43 AM »
Hopefully this won't happen again.  I changed my password already as well.  Any ideas on who it was?

Offline Technical Abbreviations

  • Acolyte Of The Carp God Baby
  • Gold Member
  • *
  • Posts: 1,036
  • Awards [OCRP Award] Evo City Half Marathon [OCRP Award] Social Player [OCRP Award] Comrades [OCRP Award] Junkie
    • View Profile
    • Awards
Re: Forum Issues
« Reply #5 on: January 16, 2012, 12:35:32 AM »
Mind explaining what you mean by "broke in"?
I enjoy the specifics of things, and I think I ought to know what may/may not bring me issues
Spoiler for :D:
\\r\\nWe live in the explosion of a bomb that has not yet finished exploding. You and everything you love are debris. Have a good day ^_^\\\'\\\'\\r\\nJiggerFrizz: Who is talking?\\r\\nJiggerFrizz: They sound hot\\r\\nJiggerFrizz: The background\\r\\nDegtyarev: They are 11 :l

Offline Adrian ?NoRagrets

  • *
  • Posts: 38
    • View Profile
    • Awards
Re: Forum Issues
« Reply #6 on: January 16, 2012, 01:54:01 AM »
Mind explaining what you mean by "broke in"?
I enjoy the specifics of things, and I think I ought to know what may/may not bring me issues

Either it's:

a) Some douche who had access to privileged information.

b) -snipped so we don't give people ideas-

I doubt very much that it's b. 
« Last Edit: January 16, 2012, 02:41:26 AM by RoflWaffle »

Offline smt

  • lemon flavor lubricant
  • Gold Member
  • *
  • Posts: 0
  • Awards [OCRP Award] Secret Phrase [OCRP Award] Social Player
    • View Profile
    • Awards
Re: Forum Issues
« Reply #7 on: January 16, 2012, 02:48:18 AM »
Mind explaining what you mean by "broke in"?
I enjoy the specifics of things, and I think I ought to know what may/may not bring me issues

from what i heard no one changed the DB password since it was leaked 8 months ago, unless some of your admins are making up bull shit on the spot



Offline Somone77

  • Developer
  • *
  • Posts: 652
    • View Profile
    • Awards
Re: Forum Issues
« Reply #8 on: January 16, 2012, 03:44:24 AM »
My assumption was a lot of RTLK's scripts for handling bans were completely insecure and required no authentication, only a steamID.

If he actually followed the new developer guidelines instead of assuming he's above them, as usual, that wouldn't be a problem. It's most likely that it was a type of SQL injection.

Offline smt

  • lemon flavor lubricant
  • Gold Member
  • *
  • Posts: 0
  • Awards [OCRP Award] Secret Phrase [OCRP Award] Social Player
    • View Profile
    • Awards
Re: Forum Issues
« Reply #9 on: January 16, 2012, 03:50:42 AM »
you should switch back to mysql 4, no one takes the time to find table names them selves

oh and why are people being asked to change their passwords? smf hashes/salts them?



Offline Somone77

  • Developer
  • *
  • Posts: 652
    • View Profile
    • Awards
Re: Forum Issues
« Reply #10 on: January 16, 2012, 04:41:30 AM »
It only uses the salt under specific circumstances. The hash for SMF is sha1(username+password) which should be nearly impossible to get just through has tables.

And about mysql, we have no options coming to that and downgrading to an old version is a idiotic decision to just practicing better coding habits.

Offline smt

  • lemon flavor lubricant
  • Gold Member
  • *
  • Posts: 0
  • Awards [OCRP Award] Secret Phrase [OCRP Award] Social Player
    • View Profile
    • Awards
Re: Forum Issues
« Reply #11 on: January 16, 2012, 04:46:29 AM »
meh, this is why i dont like smf, im sure if you know what you're doing its secure, but the fact the database info is (defaultly) stored as plaintext in the files is pretty eeghh



Offline alaskan thunderfuck

  • Owner
  • *
  • Posts: 3,510
  • Awards [OCRP Award] Dedicated Player [OCRP Award] Millionaire [OCRP Award] Evo City Marathon [OCRP Award] Secret Phrase
    • View Profile
    • Awards
Re: Forum Issues
« Reply #12 on: January 16, 2012, 05:31:11 AM »
Mind explaining what you mean by "broke in"?
I enjoy the specifics of things, and I think I ought to know what may/may not bring me issues

from what i heard no one changed the DB password since it was leaked 8 months ago, unless some of your admins are making up bull shit on the spot
admins are full of shit, not only did we change the password multiple times since then but its IP locked so it wouldn't matter

what really happened was a certain group of kiddies got a hold of two admins passwords which happened to be incredibly insecure and decided to ban all
Nothing on CGs side was compromised.
Please don't PM me regarding bans or anything having to do with in-game situations. Only PM me if you've been told I am the only one who can solve your issue.

Re: Forum Issues
« Reply #13 on: January 16, 2012, 06:20:06 AM »
Mind explaining what you mean by "broke in"?
I enjoy the specifics of things, and I think I ought to know what may/may not bring me issues

from what i heard no one changed the DB password since it was leaked 8 months ago, unless some of your admins are making up bull shit on the spot
admins are full of shit, not only did we change the password multiple times since then but its IP locked so it wouldn't matter

what really happened was a certain group of kiddies got a hold of two admins passwords which happened to be incredibly insecure and decided to ban all
Nothing on CGs side was compromised.
If nothing was compromised, why are we being told to change our passwords?

Offline Adrian ?NoRagrets

  • *
  • Posts: 38
    • View Profile
    • Awards
Re: Forum Issues
« Reply #14 on: January 16, 2012, 06:26:47 AM »
Mind explaining what you mean by "broke in"?
I enjoy the specifics of things, and I think I ought to know what may/may not bring me issues

from what i heard no one changed the DB password since it was leaked 8 months ago, unless some of your admins are making up bull shit on the spot
admins are full of shit, not only did we change the password multiple times since then but its IP locked so it wouldn't matter

what really happened was a certain group of kiddies got a hold of two admins passwords which happened to be incredibly insecure and decided to ban all
Nothing on CGs side was compromised.
If nothing was compromised, why are we being told to change our passwords?

Using the SMF adminCP, assuming these admins had access to it, you can backup any sql table. And yes SMT, passwords are salted and hashed, but they can still be bruted.

 

SimplePortal 2.3.7 © 2008-2024, SimplePortal