328 replies to this topic

[Tice Daurus]

Guys...you can change your passwords.

When you log online with your e-mail, just click on FORGOT YOUR PASSWORD? and it will send you an e-mail to your addy with the ability to change your forum password and your logon password for the game.

EDIT: Ter beat me to it.

Edited by Tice Daurus, 13 December 2012 - 04:34 PM.

[anonymous175]

IPB = md5(md5($salt) . md5($password))

[SixstringSamurai]

Any word on when the malware warning for Chrome users will be fixed?

[Ter Ushaka]

If PGI has submitted the removal request with Google via the Google Webmaster tools, typically the delisting will occur within a matter of hours, so long as the Google scanners verify the site is clean.
*edit* When Google gives the all-clear, both Firefox and Chrome will stop reporting this as an attack site.

Edited by Ter Ushaka, 13 December 2012 - 04:45 PM.

[Pyrrho]

Still coming up as a reported attack site. New users are going to love this!

[Tressa]

Dear Bryan Ekman,

is there any kind of information what harm can/was done by the malicious script?

Infecting PCs?
Access passwords when entered on redirected site?

What are your recommendations for users who accessed the site (logged in, bought MC, etc..) during the time the vulnerability was present?


Thanks
Tressa

Edited by Tressa, 13 December 2012 - 04:40 PM.

[EternalCore]

Zeno Scarborough, on 13 December 2012 - 04:34 PM, said:

IPB = md5(md5($salt) . md5($password))

md5 is horrible for encrypting and it's incredibly easy to decrypt that a kid with a smart phone could decrypt it.

[kamakazie]

As of 4:42 p.m. PST chrome is still blocking the main site. just FYI

[Ter Ushaka]

I don't work for IGP/PGI, but the vulnerability only affected the forum, all other sections of mwomercs.com came up clear. The script redirected to an outside site, which attempted to install malicious software. Likely what was being tried would be some sort of fake anti-virus software, a root kit, maybe tools to allow zombie access for a DDoS, who knows really. In the end, perform an in-depth virus/malware scan, and it can't hurt to pre-emptively change the mwo password, especially if it has been re-used on other services.

Edited by Ter Ushaka, 13 December 2012 - 04:43 PM.

[CyBerkut]

I just had it come up when logging on with Firefox (which uses the Google bad site database to generate the warning). Looks like someone needs to give Google some milk and cookies...

[Kyle Polulak]

Tressa, on 13 December 2012 - 04:39 PM, said:

is there any kind of information what harm can/was done by the malicious script?

Infecting PCs?
Access passwords when entered on redirected site?

What are your recommendations for users who accessed the site (logged in, bought MC, etc..) during the time the vulnerability was present?

Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.

[STRONG LIKE BEAR]

Your website is now once again listed as an attack page on Firefox.

Nice

[nom de guerre]

Stone Wall, on 13 December 2012 - 04:17 PM, said:

PGI always on the ball.

not sure if serious...

[Mims]

When can we expect this to go away?

[Tressa]

Kyle Polulak, on 13 December 2012 - 04:45 PM, said:

Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.

Thank you. I bet some people *coughIboughtmctodaycough* are relieved to hear that!

Edited by Tressa, 13 December 2012 - 04:53 PM.

[Ter Ushaka]

Mims, on 13 December 2012 - 04:50 PM, said:

When can we expect this to go away?

Typically the delisting from Google's warning database will occur within a matter of hours, so long as the Google scanners verify the site is clean.

Edited by Ter Ushaka, 13 December 2012 - 04:51 PM.

[Felis]

Kyle Polulak, on 13 December 2012 - 04:45 PM, said:

Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.

Thanks for the details, still I am glad that I don't leave home without noscript and ghostery.

[Tice Daurus]

Kyle Polulak, on 13 December 2012 - 04:45 PM, said:

Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.

Kyle, I've always tried to support MW:O and you guys at PGI because I know you guys want this to succeed and so do the fans here. But to blunt, this is really bad all around. I mean...REALLY BAD. They may not have gotten into the database, but from a layman's POV like myself...we had people here who ID'd the problem quicker than you guys probably. I need to ask now, does PGI intend now to beef up security and use something else to make the website safer so this doesn't happen again?

And here's a suggestion...Ter Ushaka was able to ID this quickly. I have no stake in this, but if he's unemployed...how about hiring him and putting him on PGI's payroll so he can help PGI with the website/forums?

[Ter Ushaka]

Thank you for the recommendation but what I found was what most everyone else did, the javascript. The actual hunting through the haystack takes folks who know more about how the back-end is put together. Even with my rough understanding of how Kyle has structured the server setup for MWO, he's the much better option for this than I.

[bug3at3r]

Ter Ushaka orchestrated the whole thing in an attempted to find employment, calling it now.