Good to be back!

Discussion in 'Public General Chat' started by No_Smoking, Jun 22, 2008.

  1. No_Smoking
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    766
    Likes Received:
    4
    Location:
    Springfield OR
    Sucks about the forums, its never cool to get hacked. but starting fresh is sometimes the best thing to do.

    I wonder if it was the forum software that had a exploit in it.. have you guys thought about getting different software? I've been a fan of Invision's feel and look.. don't know how secure it is as its been a while since I've seen it. the other down side is you have to pay for it. =/

    anyhow glad you guys are back up =)
     
  2. Edan
    Guest

    I am so glad too, outside of the forums, I have no way to contact other xen members and it was driving my crazy. I am so happy it is back up, and I am totally in love with Jeb right now.
     
  3. Jeb
    Guest

    Joined:
    Jun 21, 2008
    Messages:
    2,309
    Likes Received:
    6
    I looked at invision and while it had some nice features I hated the admin stuff... besides it's a pain forum like VB which we already paid for so it didn't make much sense to move to that unless it had something to offer we really wanted. I told dash I'd buy it if we wanted to switch though...

    I am not sure how they got in, it looks like it was subdreamer at first, but it could have been vb since we were a few updates behind... I found a lot of the holes they created but I couldn't be sure I hadn't missed some, so this was the safest way...
     
  4. Zarash
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,338
    Likes Received:
    3
    Occupation:
    Student
    Location:
    Ontario
    The good thing about new forums is that it gives us a chance to make things better
     
  5. Rubius
    Veteran Xenforcer

    Joined:
    Jun 22, 2008
    Messages:
    5,043
    Likes Received:
    14
    Occupation:
    Software Engineer
    Location:
    YYZ, Ontario
    Feels nice to be home again :)
     
  6. PhoenixDog
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,798
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Delivery Receiver - Sears/Futureshop/Bestbuy
    Location:
    Mississauga, ON
    I felt so alone without the forums. So desperately alone.
     
  7. Vanguard
    Guest

    I don't like that I have to change all my passwords.

    What kind of bored-fuck would hack a game forum, anyway?
     
  8. PhoenixDog
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,798
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Delivery Receiver - Sears/Futureshop/Bestbuy
    Location:
    Mississauga, ON
    I think you should be fine, Vanguard. I use pretty much the same password for everything except maybe a couple games or other forums and I haven't run into anything.
     
  9. Vanguard
    Guest

    So do I, which is exactly what makes it dangerous if some asshole has a list of our passwords somewhere.
     
  10. PhoenixDog
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,798
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Delivery Receiver - Sears/Futureshop/Bestbuy
    Location:
    Mississauga, ON
    Meh, I have nothing really to lose. A 16 DT on AoC, and a 55 commander on CoD. Both I can get back in a couple days :p
     
  11. Vanguard
    Guest

    I visit 20ish forums and websites. I'd like to keep all that >_>
     
  12. Meemo
    Guest

    Probably someone with something against XoO.

    As for my password, everything I care about already has a different password. And of the things I don't care about, I can only see the hacker finding my yahoo account from here. But I doubt they want it.
     
  13. Jeb
    Guest

    Joined:
    Jun 21, 2008
    Messages:
    2,309
    Likes Received:
    6
    I would just change your passwords as you log in... but anything like game accounts or banks or email I would change asap.

    It might not be an issue, but some of the scripts did appear to be able to download the database. It's possible they didn't get to that, but the ability was there.

    I am no longer going to set any forum passwords to those that I also use for emails or or online games or anything like that.
     
  14. Zarash
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,338
    Likes Received:
    3
    Occupation:
    Student
    Location:
    Ontario
    I use the same password for everything but there isn't really anything I would care about if I lost
     
  15. No_Smoking
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    766
    Likes Received:
    4
    Location:
    Springfield OR
    Isn't the passwords encrypted anyway though? I helped run a few forums and not even database admins could see the passwords.

    I'm sure its still possible (and in peoples best interest to change their passwords), I mean if someone wants them they WILL get them, its just a matter of time.. but for some reason I would doubt they would waste the time as I would think it would take hours/days/weeks per password to crack.

    Unless they believe someone would use the same account name/password for a game? That there might be sufficient reason to spend the time to hack passwords.
     
  16. PhoenixDog
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,798
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Delivery Receiver - Sears/Futureshop/Bestbuy
    Location:
    Mississauga, ON
    I don't believe the XoO forum passwords were encrypted. I recall the admins changing a banned members password or something once or twice.
     
  17. Zarash
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,338
    Likes Received:
    3
    Occupation:
    Student
    Location:
    Ontario
    I've run a forum before and you can't see them but you can give them a new password

    And the main reason someone would attack a gaming forum is for game passwords or they don't like us for some reason
     
  18. hendricks
    Guest

    Joined:
    Jun 23, 2008
    Messages:
    45
    Likes Received:
    0
    the passwords ARE encrypted. and no the admin CANNOT read them even directly from the database. HOWEVER, the admin CAN assign a new one he knows then tell it to the user. :)
     
  19. hendricks
    Guest

    Joined:
    Jun 23, 2008
    Messages:
    45
    Likes Received:
    0
    also, it is UNLIKELY, although not impossible, that the entry was made through vb. the running version was 3.6.4 and had all the patches for html and sql injections already in it. the versions after that addressed XSS flaw (3.6.8 pl1), CSRF flaw (3.6.10) and additional features, like support for Safari 3.0 on Windows (not security related fixes). both flaws would require an admin to go to a third party site and do something like submit a form webpage to start a hack. i doubt that happened.

    based on the notices i get from vb, those are the only 2 security patches issued after the version we were running.

    however, there WAS a known security issue with the Groups Communce plugin. i doubt it has ever been fixed adequately, even though we updated it to the "fixed" version last October.

    whenever you add plugins to a system there is always a possiblity of adding bad code.
     
  20. PhoenixDog
    Veteran

    Joined:
    Jun 22, 2008
    Messages:
    1,798
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Delivery Receiver - Sears/Futureshop/Bestbuy
    Location:
    Mississauga, ON
    Ah, that must have been it. Thanks for the clarification.
     

Share This Page