SDS server compromised???

General Starfire discussion, including information about old products and editions.

Moderators: SDS Members, SDS Owner

Forum rules
1. Nothing obscene.
2. No advertising or spamming.
3. No personal information. Mostly aimed at the posting of OTHER people's information.
4. No flame wars. We encourage debate, but it becomes a flame when insults fly and tempers flare.

Try to stick with the forum's topic. Threads that belong to another forum will be moved to that forum.

SDS server compromised???

Postby Tesuji on Thu 02 Jun 2016 18:12

Hi guys!

I am a bit puzzled right now. It seems the server hosting the SDS webpage (=>http://www.starfiredesign.com/starfire)
has been compromised... Or isn't it?

I see some vandalism on the newsblog in Turkish language. And strangely my cursor became blue, which I would assume indicates my machine became hacked too...

Is it just me, or has anyone else seen this???

Worried greetings :-/

Harri
User avatar
Tesuji
Lieutenant JG
Lieutenant JG
 
Posts: 28
Joined: Fri 26 Jun 2015 13:00

Re: SDS server compromised???

Postby Cralis on Fri 03 Jun 2016 08:52

The server is not compromised, it looks like someone hacked the news database that we used for the front page. Fortunately, it is separate from the database for the forum and I've taken that part of the page offline until I figure out what happened.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 10750
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: SDS server compromised???

Postby Cralis on Fri 03 Jun 2016 15:11

Looks like this topic is getting a lot of attention.

It looks like the group that defaced our page did a brute force password hack on the front page news and downloads admin account. I have talked to Krenshala and we are going to rewrite the code to lock out the account if the password fails three times. Then we'll clean up the database and move on.

This does NOT affect the forum. They are entirely different databases (for this reason). It does look like they attempted to brute force the forum's admin account but phpbb already has a lockout coded. In any case, I've changed all the passwords and made them more than 30 characters long.

Bear with us. We're working on it.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 10750
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: SDS server compromised???

Postby Tesuji on Fri 03 Jun 2016 18:42

Thanks for the information on this matter!

I did not mean to stir panic or something with the chosen subject line... :oops:
After having seen lots of security breaches in internet projects in the last years, I may have become rather thin-skinned. :?
Good to hear your into it!

Running a check on the files in the download section may also be a good precaution, in case the were manipulated.

Crossing fingers 8-)
User avatar
Tesuji
Lieutenant JG
Lieutenant JG
 
Posts: 28
Joined: Fri 26 Jun 2015 13:00

Re: SDS server compromised???

Postby Cralis on Fri 03 Jun 2016 18:56

Tesuji wrote:Thanks for the information on this matter!

I did not mean to stir panic or something with the chosen subject line... :oops:
After having seen lots of security breaches in internet projects in the last years, I may have become rather thin-skinned. :?
Good to hear your into it!


I appreciate that you pointed it out. Admittedly, since I intend to rewrite that part of the site soon, I've been ignoring it.

Running a check on the files in the download section may also be a good precaution, in case the were manipulated.


They can change the url but without ftp access they cannot change the files. Either way, I have a backup and I'll reload the entire directory. But first, we need to fix the login so they cannot change stuff while we are fixing it.

It's interesting, they run mirrors on sites they deface. It's like bragging rights or something. I didn't think we'd be worth the trouble...

One thing I'm considering is removing the news from the front page and either directing to our announcements or our Facebook page. Analytics says that few people visit the front page anymore. What do ya'll think?
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 10750
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: SDS server compromised???

Postby Xveers on Fri 03 Jun 2016 19:42

Cralis wrote:
One thing I'm considering is removing the news from the front page and either directing to our announcements or our Facebook page. Analytics says that few people visit the front page anymore. What do ya'll think?


To be honest I usually link straight in to the forums >.>
User avatar
Xveers
Vice Admiral
Vice Admiral
 
Posts: 784
Joined: Wed 15 Jul 2009 02:26
Location: New Westminster, BC, Canada

Re: SDS server compromised???

Postby Cralis on Fri 03 Jun 2016 22:02

Just so everyone is aware, we are changing stuff on the website. You will see that the news is missing and the downloads page is completely gone.

If you find any page that is giving mysql errors, please post here or email me and let me know. We quarantined the database and those pages cannot connect, but we don't want to give out any information.

If you see anything else suspicious, please ask!

We are going to take the opportunity to recreate everything using the stuff we've learned over the last six years, update the site, etc.

Thank you for your patience :)
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 10750
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: SDS server compromised???

Postby aramis on Sat 04 Jun 2016 00:55

Cralis wrote: In any case, I've changed all the passwords and made them more than 30 characters long.

Bear with us. We're working on it.


You might want to check and see what the actual supported password length is. I know (from the online docs) that standard the encryption length is 128 bits; if it's also truncating the hash to 1 encryption word long, anything past the 16th is meaningless. I can't tell from a quick google for the API whether it's truncating or not.

I'm minded of the days of my college era, when I found out that the VMS password system allowed you to use any length password, but only checked the first 8 characters for accessing your account. (As in, if your password was XYZZY123abc, you could get in with XYZZY123FU or XYZZY123)
aramis
Rear Admiral
Rear Admiral
 
Posts: 288
Joined: Mon 01 Mar 2010 00:42
Location: Eagle River, Alaska

Re: SDS server compromised???

Postby Cralis on Sat 04 Jun 2016 01:01

Ah good point, will check on that.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 10750
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: SDS server compromised???

Postby SCC on Fri 17 Jun 2016 23:42

Tesuji wrote:And strangely my cursor became blue, which I would assume indicates my machine became hacked too...

Sorry for the late reply, but this doesn't mean your computer is being hacked, a VERY rarely used property is to set the cursor while it's over a section, sort of like how it changes to the normal text selection tool when over text.
SCC
Vice Admiral
Vice Admiral
 
Posts: 742
Joined: Fri 08 Mar 2013 15:11

Next

Return to General

Who is online

Users browsing this forum: No registered users and 4 guests