+ Post New Thread
Page 4 of 7 FirstFirst 1234567 LastLast
Results 46 to 60 of 105
General Chat Thread, Edugeek server security compromise in General; Originally Posted by Dos_Box Given the amount of people who have used the 'Contact us' method and have not manually ...
  1. #46

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,779
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Quote Originally Posted by Dos_Box View Post
    Given the amount of people who have used the 'Contact us' method and have not manually reset their passwords, it may take some time before Shaun can get them all done (it was a LOT), so we ask that you please bear with us.
    Do you have anything to comment regarding the original post please?

  2. #47

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,529
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    Quote Originally Posted by FN-GM View Post
    Do you have anything to comment regarding the original post please?
    He gave a comment... 'please bear with us'.

  3. #48
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,126
    Thank Post
    189
    Thanked 227 Times in 193 Posts
    Rep Power
    92
    If that is the only comment to be offered then it isn't good enough!
    RoF was spot on with her comment about 'valued' community. I fail to see any recognition of value.

    What is so difficult about saying "xx was compromised/stolen", "we think xx was compromised/stolen", or even the very honest "we haven't got a XX clue yet, sorry, bear with us!". Any is better than silence.

  4. Thanks to mb2k01 from:

    Netman (28th November 2011)

  5. #49
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    672
    Thank Post
    170
    Thanked 126 Times in 105 Posts
    Blog Entries
    1
    Rep Power
    47
    There may be very good reasons why information is not Available, for example legal and or protecting other sites using vb. I have no more info than anyone else. I suggest "please bear with us" is a good idea.

  6. #50

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,668
    Thank Post
    1,614
    Thanked 1,867 Times in 1,385 Posts
    Blog Entries
    2
    Rep Power
    400
    Think of it like this

    VBulletin has to be updated (every site that uses it) as its been compromised (well so I would think). If data has been compromised and your accounts have been taken or emails hacked etc, then it could be coincidence. I have no more information than anyone else but the please bare with us is a good thing, as you could well get a massive essay on what happened, how it happened and why it happened.

  7. #51

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,037
    Thank Post
    160
    Thanked 908 Times in 712 Posts
    Blog Entries
    3
    Rep Power
    270
    For the people who were following the downtime when this happened they will fully understand that so many hours (working through the night) were put in my ZH in order to get the forums up and running again safely. Along the way Shaun also would have had to investigate the cause etc. and also work very close with VB.

    None of us know any more than the next person, what i can probably take a very good guess at though is that Shaun is working on a report on what has happened to provide everyone with more information.

    We all are aware that the server was breached due to a bug in the VB software, and that as a precaution everyone was urged to change their passwords. I am sure Shaun is analysing log files in order to fill us all in... But as DosBox has had he also has to deal with users whom are still locked out of there account etc.

    I am sure we will all here something in due time, for now let’s sit back and enjoy edugeek!

    Happy Days! - EduHobNobs Anyone! -

    James.

  8. Thanks to EduTech from:

    sister_annex (26th November 2011)

  9. #52
    sister_annex's Avatar
    Join Date
    Jan 2009
    Location
    Wolverhampton
    Posts
    587
    Thank Post
    98
    Thanked 134 Times in 118 Posts
    Rep Power
    49
    I for one am just happy Edugeek is back, to some semblance of normality, I think people forget sometimes that it is a relatively small outfit that runs the site and they have a million and one things to do as well as keep us happy, I do agree an update to what went on would be nice but I also understand that @ZeroHour has spent many hours working to get services restored (and by now should have a very nice ass groove worked into his chair!).

    Patience is a virtue, I am sure the details will appear in time

  10. Thanks to sister_annex from:

    Little-Miss (28th November 2011)

  11. #53


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    TBH, a breach as serious as this - as WAS communicated, hashed passwords may have been compromised - you can safely assume that nothing is sacrosanct. There is no way for the admins to say for sure anything that could have been accessed was actually copied though.
    Presume ANYTHING you ever sent to the site may have been read.

    IMO the big password change is a sign that the admins are committed to security - this has obviously cost a lot of work, and has probably cost some members. A less scrupulous bunch might have pushed this under the rug.

    On the other hand - lads, get a statemnt out, if you need any help drafting it, I am happy to help in my capacity as professional security gobshite

  12. Thanks to tom_newton from:

    Netman (28th November 2011)

  13. #54
    markcuk's Avatar
    Join Date
    Sep 2005
    Posts
    586
    Thank Post
    29
    Thanked 60 Times in 55 Posts
    Rep Power
    37
    If there was such a bug in VB dont you think we would of heard about it!! When fasthosts brought down edugeek the news was everywhere (the register etc)

    Edugeek gets hacked or whatever no news anywhere.

    edit: just read the steam forum hack could of been a VB problem so prob related

    http://forums.steampowered.com/forum....php?t=2227097
    Last edited by markcuk; 26th November 2011 at 10:34 PM.

  14. #55

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by EduTech View Post
    We all are aware that the server was breached due to a bug in the VB software, and that as a precaution everyone was urged to change their passwords. I am sure Shaun is analysing log files in order to fill us all in... But as DosBox has had he also has to deal with users whom are still locked out of there account etc.
    I was not aware of it and as far as I know it has never been generally posted which is what people are a bit up in arms about. Its good that this much has come out as its a far better root cause than a root password set to 1234 or suchlike (did not think that this was the case, just an example).

    The fact that ZH has gone to as much trouble as he has reimplementing the site bit by bit and making it very clear about the breach is a good thing and does show commitment to security but the complete information vacum was a bit unfomfortable. Hopefully in a while when the dust has settled and VB have patched up their software we will get a better idea of what happened if that information is avalible.

  15. #56


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,709
    Thank Post
    220
    Thanked 2,615 Times in 1,926 Posts
    Rep Power
    777
    Quote Originally Posted by markcuk View Post
    If there was such a bug in VB dont you think we would of heard about it!!
    We did in a way. Valve's Steam Users' forums and Sony's MyResistance.net forums were hacked around the same time as EduGeek. Both use vBulletin and the latter is still offline!

    Steam forums taken offline following possible security breach - 09/11/2011
    The Steam forums, run by Valve, are down following an apparent security breach perpetrated by a group of hackers, Eurogamer reports. The outlet states that a message board in the forums was "defaced" Monday night; the forums were subsequently taken down and replaced with a message from Steam stating they are "offline for maintenance."

    Eurogamer reports that one Steam user contacted them saying that the hackers changed some text on the message board and sent some spam to registered users. The message board was redesigned to show a message from a website called Fkn0wned.com that documents video game hacks.

    Because some players have reported receiving spam with similar content to the material illicitly splashed across the forums, it's possible that whoever hacked the site may have obtained the e-mail addresses of users who have registered with the site. No other forum users have come forward saying they received spam since the initial outbreak, and Valve has neither made a public statement nor responded to Ars' requests for comment on the incident.

    As of this writing, the forums remain down and display only the maintenance message, telling players their "patience is appreciated." We'll be keeping an eye out for Valve's statement on the matter as well as for the forums to come back up. (Source Via)
    Resistance Site, Forums are Down; Hacking Alleged - 12/11/2011
    Visitors to MyResistance.net, the official site for the Resistance franchise of PS3 games, say the site was serving up malware yesterday. One of them alerted Insomniac Games, and now the entire site has been taken offline for maintenance.
    The hacking and malware allegations could not be immediately verified with Insomniac or Sony Computer Entertainment America. The site itself is owned by Sony, with Insomniac providing moderation and content support. The studio thus is referring inquiries directly to SCEA. This morning Kotaku reached out to representatives of both; any statement the studio or Sony makes will be updated here.

    This site outage comes a week after an attack and defacement of the Steam Forums that brought them down for nearly five days. Worse, Valve later said that a database containing user information, including encrypted credit card numbers, had been exposed in the attack, and advised users to monitor their credit card activity and change passwords elsewhere if it was the same as their Steam Forum login. (Source)

  16. #57

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,779
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Quote Originally Posted by localzuk View Post
    He gave a comment... 'please bear with us'.
    If you look back he was talking to another user!

  17. #58

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Quote Originally Posted by Negative Rep
    Oh hail to the high and mighty!
    Anyone gonna own up for this one?

  18. #59

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,529
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    Quote Originally Posted by FN-GM View Post
    If you look back he was talking to another user!
    Yes, but from the fact that he said they were working hard, due to a lot of people having used the contact us link, it still applies I think! Shaun is only one man, he can't be sorting people out on here at the same time as writing info on what happened as well as maintaining the site to ensure this sort of thing doesn't happen again, whilst also looking after his family.

    People suddenly seem to be behaving like this site is some giant commercial operation when it isn't. If everyone had had their credit card details disclosed or something I'd say sure, demand explanations, but as it stands they have done full-site password resets, they have advised people to use services such as LastPass, to ensure people don't use passwords for more than 1 site etc... What else do you want?

    As others have said, saying 'they stole X,Y and Z' is going to be basically impossible, so you should simply assume that they got the lot and change your passwords everywhere that uses the same one just in case. The worst you'll get out of this would be more spam I'd guess.

  19. #60

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,779
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    Surely a paragraph of some kind of explanation isnt allot to ask for? Shaun isnt the only one working on the site, there are other admins as well.

    I know my date of birth could have been taken, that is a security question banks use. Its only part of a puzzle but can result into something more serious. Personally i dont care about the password as it was unique.

    Was a copy of the database taken?
    Do we know what was actually seen by the hackers? At the moment its speculation.
    Do we know what the hackers actually did?

SHARE:
+ Post New Thread
Page 4 of 7 FirstFirst 1234567 LastLast

Similar Threads

  1. Print Server - Security Settings
    By reltihmd in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 8th October 2010, 01:45 PM
  2. Server 2008 R2 Terminal Server Security Settings
    By FN-GM in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 4th February 2010, 02:03 PM
  3. Server security issue
    By steve_nfi in forum Windows
    Replies: 5
    Last Post: 1st July 2008, 02:09 PM
  4. Mac OS X Server Security
    By Nij.UK in forum Mac
    Replies: 2
    Last Post: 23rd May 2007, 12:44 PM
  5. security of internally hosted web server
    By Wizzer in forum Web Development
    Replies: 7
    Last Post: 27th June 2006, 08:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •