Author Topic: Downtime (Read 22710 times)

Sorunome · « **on:** December 05, 2015, 05:23:16 pm »

We got some quite unfortunate news concerning the downtime we experienced today - we got hacked!

We currently don't have any information yet as to whom is behind the attacks, we are still in the process of investigation.

As per things lost - we have 0% data loss! Still restoring the attachments and downloads, but the website is back up already.

Password hashes were stolen so we recommend you to change your password on other websites ADMINs accounts HAVE been accessed by the hackers

We apologize for the inconvenience and hope things will be going smoothly from now on.

KermMartian · « **Reply #1 on:** December 05, 2015, 06:21:36 pm »

It appears probable that plaintext passwords were stolen as well, so be aware of that. My and geekboy's accounts elsewhere were both attempted compromised elsewhere. Change your password.

Edit: It's also worth pointing out that if plaintext passwords were stored or logged somewhere, you should NOT change your password to anything you use elsewhere, because nothing about password storage has changed.

Eeems · « **Reply #2 on:** December 05, 2015, 06:36:13 pm »

Quote from: KermMartian on December 05, 2015, 06:21:36 pm

It appears probable that plaintext passwords were stolen as well, so be aware of that. My and geekboy's accounts elsewhere were both attempted compromised elsewhere. Change your password.

Edit: It's also worth pointing out that if plaintext passwords were stored or logged somewhere, you should NOT change your password to anything you use elsewhere, because nothing about password storage has changed.

We shouldn't have had any plaintext passwords. It looks like SMF doesn't salt+hash their passwords in a very secure way. Sorunome is looking into cleaning that up.

Luckily it looks like the damage was contained to Omnimaga's database itself and they didn't get at any of our other databases or anything. There is a lot of data they can sort through though and possibly some personal information.

KermMartian · « **Reply #3 on:** December 05, 2015, 06:38:27 pm »

Quote from: Eeems on December 05, 2015, 06:36:13 pm

We shouldn't have had any plaintext passwords. It looks like SMF doesn't salt+hash their passwords in a very secure way. Sorunome is looking into cleaning that up.

Given how quickly my account was attacked last night (with my Omnimaga password), and geekboy's account was attacked today (ditto), I'm concerned.

Quote from: Eeems on December 05, 2015, 06:36:13 pm

Luckily it looks like the damage was contained to Omnimaga's database itself and they didn't get at any of our other databases or anything. There is a lot of data they can sort through though and possibly some personal information.

Geekboy said that nothing in the admin forum was particularly sensitive, but I guess PMs and the Private Matters subforum are of concern?

Sorunome · « **Reply #4 on:** December 05, 2015, 06:39:47 pm »

Quote from: KermMartian on December 05, 2015, 06:38:27 pm

Quote from: Eeems on December 05, 2015, 06:36:13 pm
We shouldn't have had any plaintext passwords. It looks like SMF doesn't salt+hash their passwords in a very secure way. Sorunome is looking into cleaning that up.
Given how quickly my account was attacked last night (with my Omnimaga password), and geekboy's account was attacked today (ditto), I'm concerned.

SMF currently uses the sha1 method for hashing passwords, i'm writing a mod right now to make it use bcrypt as i couldn't find any existing one.

Eeems · « **Reply #5 on:** December 05, 2015, 06:41:36 pm »

Quote from: KermMartian on December 05, 2015, 06:38:27 pm

Quote from: Eeems on December 05, 2015, 06:36:13 pm
We shouldn't have had any plaintext passwords. It looks like SMF doesn't salt+hash their passwords in a very secure way. Sorunome is looking into cleaning that up.
Given how quickly my account was attacked last night (with my Omnimaga password), and geekboy's account was attacked today (ditto), I'm concerned.

Quote from: Eeems on December 05, 2015, 06:36:13 pm
Luckily it looks like the damage was contained to Omnimaga's database itself and they didn't get at any of our other databases or anything. There is a lot of data they can sort through though and possibly some personal information.
Geekboy said that nothing in the admin forum was particularly sensitive, but I guess PMs and the Private Matters subforum are of concern?

Correct, lots of PMs and private posts.
I'm not that happy with how easy it is for them to get the passwords from how SMF stores them.

Sorununome, would you mind opening an issue on SMFs stuff complaining about it?

Escheron · « **Reply #6 on:** December 05, 2015, 09:40:00 pm »

Someone recently tried to access my PSN account, which I haven't used for months since I no longer have a PS3. Sony sent me an email to notify me that my password was automatically reset to counteract any suspicious activity. When I got rid of my PS3, I removed any personal info and card data from that account, so luckily it's not an issue. Everybody else may nonetheless want to double-check any accounts they have connected to their Omnimaga email address.

My email was also bombarded with spam.

Juju · « **Reply #7 on:** December 06, 2015, 12:55:26 am »

No one attempted anything on any of my accounts as far as I know other than the usual "there was security breaches on some other website that isn't ours and we think your account may be compromised so we've reset your password" (last one in date was Netflix btw, got one on Patreon and Adobe too, these breaches seems to be everywhere). Thankfully, nothing happened on CodeWalrus as the attacker could easily have tried there a well. Anyway, if you guys know the IP of the offender, please tell me so I can check on my side.

squalyl · « **Reply #8 on:** December 06, 2015, 05:03:03 am »

Seriously, plain text passwords in 2015 ?

Sorunome · « **Reply #9 on:** December 06, 2015, 05:32:49 am »

Quote from: squalyl on December 06, 2015, 05:03:03 am

Seriously, plain text passwords in 2015 ?

Not plain text, sha1 hashes, which are VERY weak.
And yeah, I was thinking the same "Seriously? Why would SMF even do that?"

I'm working right now on a thing so that the passwords will be stored using bcrypt

Streetwalrus · « **Reply #10 on:** December 06, 2015, 06:40:16 am »

It's more because SMF only salts the hashes with the username. A good password hasher also has a secret salt stored outside the database.
Let us know when your mod is done, so that we can deploy it on CW as well, and also so that I can change my password here. I'm in the process of changing all my other passwords.

Sorunome · « **Reply #11 on:** December 06, 2015, 09:59:43 am »

The attachments should be all up now, if something is missing please tell me! Still need to upload the downloads

NanoWar · « **Reply #12 on:** December 07, 2015, 04:14:51 am »

RevSoft got hacked, too. phpBB3 still uses looped MD5 hashing

And with, I belive, another admin's credentials they got access to our admin panel, changed files and downloaded the database (including the pw hashes).

Sorunome · « **Reply #13 on:** December 07, 2015, 05:43:14 am »

why would they even use md5......you should report it to phpBB devs ^.^

c4ooo · « **Reply #14 on:** December 07, 2015, 10:27:57 am »

It seems nothing ever changes until something goes wrong

It is nice to see that no data was lost here

Author Topic: Downtime (Read 22710 times)

Sorunome

Downtime

KermMartian

Re: Downtime

Eeems

Re: Downtime

KermMartian

Re: Downtime

Sorunome

Re: Downtime

Eeems

Re: Downtime

Escheron

Re: Downtime

Juju

Re: Downtime

squalyl

Re: Downtime

Sorunome

Re: Downtime

Streetwalrus

Re: Downtime

Sorunome

Re: Downtime

NanoWar

Re: Downtime

Sorunome

Re: Downtime

c4ooo

Re: Downtime