LucasForums

LucasForums (http://www.lucasforums.com/index.php)
-   Forum Help & Feedback Center (http://www.lucasforums.com/forumdisplay.php?f=217)
-   -   LF security breach (http://www.lucasforums.com/showthread.php?t=208215)

stoffe 08-21-2011 03:35 PM

LF security breach
 
It came to our attention a couple of days ago when some friendly neighborhood hacker paid a visit with a stolen supermod account, that Lucasforums had a security breach that resulted in at least parts of its usernames and passwords being downloaded, including the login/password of a few staff members.

As far as I've been able to determine this breach seems to have happened over 3 years ago, before the forum was upgraded, though at least some of the account information stolen at the time is still valid.

From what I've been able to determine after a couple of days of frantic searching and code reading the SQL injection security vulnerability exploited to do this is no longer present in the version of vBulletin we currently use. I've also taken a few extra security precautions just in case.

The Blog feature has been disabled until I've had the time to check it thoroughly for vulnerabilities as well. No time table on how long that will take, but from what I've seen it wasn't used that much anyway, so it's pretty low priority at this point.

So, if you haven't changed your password in a while, now would probably be a good time to do it, just to be safe.

Apologies for the downtime over the past few days, but I felt it was better to play it safe and take the forum offline until this could be more thoroughly investigated and remedied.

Bob Lion54 08-21-2011 03:44 PM

Damnit! What is it lately with these hackers?!

Good to know you are on it, stoffe! Thanks for the great work you do to keep these forums going!

I am a bit sad to see that I won't be able to not blog for a while, though, but I wasn't in a great hurry to not blog anyway. Still, hopefully it doesn't turn into too big a hassle for you.

Liverandbacon 08-21-2011 04:34 PM

Quote:

Originally Posted by Bob Lion54 (Post 2788775)
Damnit! What is it lately with these hackers?!

It happened over 3 years ago.

Oh well, I'm glad it got resolved, and luckily my account here has never contained information that would cause any big problems for me if used or spread across the internet.

Bob Lion54 08-21-2011 04:57 PM

Quote:

Originally Posted by Liverandbacon (Post 2788779)
It happened over 3 years ago.

Oh, well it's alright then. :raise:

mimartin 08-21-2011 05:19 PM

stoffe has about every badge imaginable on the forum, but she deserves a forum savior badge. She goes above and beyond to keep the place running and everyone that enjoys hanging around this place owes her a debt of gratitude. She regularly gives up her weekends and sleep keeping that place afloat. stoffe does most of her work out of sight, but she in my opinion is the most important staff member only important staff member… well besides lynk. :xp:

So please help her out by changing your password to something more complicated than…cat.

Q 08-21-2011 07:08 PM

3 years ago? Wow. Was it found by mistake?

Thanks, stoffe. :)

Darth Avlectus 08-21-2011 07:25 PM

You know, I suspected something like this was going on but I had no way to prove it. I don't believe I ever used anything on here that would cause much a security concern. But um, yeah.

Thanks Stoffe. I hardly ever agree with mim anymore on a lot of things but yeah. I think there ought to be a Forum Savior badge specially made and given to her.

mimartin 08-21-2011 08:29 PM

Quote:

Originally Posted by GTA:SWcity (Post 2788797)
I hardly ever agree with mim anymore on a lot of things but yeah.

Just proves; Even a blind squirrel finds a nut once in a while. :xp:

purifier 08-21-2011 09:02 PM

Quote:

Originally Posted by mimartin (Post 2788802)
Just proves; Even a blind squirrel finds a nut once in a while. :xp:

Well now that depends...which nut are we talking about here?


*Ahem!*

Anyway, I agree with Mimartin and GTA, she deserves a Forum Savior Badge. Good job Stoffe and everyone else that was involved, helping her. :thmbup1:

Ulmont 08-21-2011 09:45 PM

Great job finding this! ;) (Even it it was a bit late)

Four's company, you deserve a badge.

http://img851.imageshack.us/img851/5109/forumsavior.png

acdcfanbill 08-22-2011 01:07 PM

We believe the user database dump is 3+ years old. The 'hack' was recent in that an smod account was used by a 3rd party for some suspicious purposes.

Darth Avlectus 08-23-2011 11:09 AM

Quote:

Originally Posted by mimartin (Post 2788802)
Just proves; Even a blind squirrel finds a nut once in a while. :xp:

Hmm, hunting aspirations for a blind rodent that is essentially a scavenger... I have a pretty good guess at the source of that bad taste in your mouth. :)

Lynk Former 08-23-2011 03:37 PM

Quote:

Originally Posted by GTA:SWcity (Post 2788797)
You know, I suspected something like this was going on but I had no way to prove it.

That's stupid.

Darth Avlectus 08-23-2011 06:03 PM

Quote:

Originally Posted by Lynk Former (Post 2789006)
That's stupid.

Why is that stupid? I was referring to how the blog section recently kept getting the same sort of crap about "watches carpets houses cars jewelry". I suspected it all from the same spammer source based on its appearance and substance--which apparently doesn't mean much evidence wise. Not until people are getting hurt anyway.

Lynk Former 08-23-2011 06:11 PM

Spambots and hackers are two entirely different things.


All times are GMT -4. The time now is 02:51 PM.

Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
LFNetwork, LLC ©2002-2011 - All rights reserved.