Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#21 Tice Daurus

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,001 posts
  • Facebook: Link
  • LocationOak Forest, IL

Posted 13 December 2012 - 04:34 PM

Guys...you can change your passwords.

When you log online with your e-mail, just click on FORGOT YOUR PASSWORD? and it will send you an e-mail to your addy with the ability to change your forum password and your logon password for the game.

EDIT: Ter beat me to it.

Edited by Tice Daurus, 13 December 2012 - 04:34 PM.


#22 anonymous175

    Member

  • PipPipPipPipPipPipPipPip
  • Bad Company
  • 1,195 posts

Posted 13 December 2012 - 04:34 PM

IPB = md5(md5($salt) . md5($password))

#23 SixstringSamurai

    Member

  • PipPipPipPipPipPipPip
  • The 1 Percent
  • 930 posts
  • Twitch: Link
  • LocationYou Guys Are So Bad I'm Moving To The Moon

Posted 13 December 2012 - 04:36 PM

Any word on when the malware warning for Chrome users will be fixed?

#24 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 04:38 PM

If PGI has submitted the removal request with Google via the Google Webmaster tools, typically the delisting will occur within a matter of hours, so long as the Google scanners verify the site is clean.
*edit* When Google gives the all-clear, both Firefox and Chrome will stop reporting this as an attack site.

Edited by Ter Ushaka, 13 December 2012 - 04:45 PM.


#25 Pyrrho

    Member

  • PipPipPipPipPipPipPip
  • Bad Company
  • 854 posts

Posted 13 December 2012 - 04:38 PM

Still coming up as a reported attack site. New users are going to love this! :)

#26 Tressa

    Rookie

  • 9 posts
  • LocationAustria

Posted 13 December 2012 - 04:39 PM

Dear Bryan Ekman,

is there any kind of information what harm can/was done by the malicious script?

Infecting PCs?
Access passwords when entered on redirected site?

What are your recommendations for users who accessed the site (logged in, bought MC, etc..) during the time the vulnerability was present?


Thanks
Tressa

Edited by Tressa, 13 December 2012 - 04:40 PM.


#27 EternalCore

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,195 posts
  • LocationCanada

Posted 13 December 2012 - 04:40 PM

View PostZeno Scarborough, on 13 December 2012 - 04:34 PM, said:

IPB = md5(md5($salt) . md5($password))

md5 is horrible for encrypting and it's incredibly easy to decrypt that a kid with a smart phone could decrypt it.

#28 kamakazie

    Member

  • Pip
  • Veteran Founder
  • Veteran Founder
  • 13 posts
  • LocationOregon

Posted 13 December 2012 - 04:41 PM

As of 4:42 p.m. PST chrome is still blocking the main site. just FYI

#29 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 04:42 PM

I don't work for IGP/PGI, but the vulnerability only affected the forum, all other sections of mwomercs.com came up clear. The script redirected to an outside site, which attempted to install malicious software. Likely what was being tried would be some sort of fake anti-virus software, a root kit, maybe tools to allow zombie access for a DDoS, who knows really. In the end, perform an in-depth virus/malware scan, and it can't hurt to pre-emptively change the mwo password, especially if it has been re-used on other services.

Edited by Ter Ushaka, 13 December 2012 - 04:43 PM.


#30 CyBerkut

    Member

  • PipPipPipPipPipPipPip
  • 609 posts
  • LocationSomewhere north of St. Petersburg

Posted 13 December 2012 - 04:42 PM

I just had it come up when logging on with Firefox (which uses the Google bad site database to generate the warning). Looks like someone needs to give Google some milk and cookies... :)

#31 Kyle Polulak

    <member/>

  • Overlord
  • Overlord
  • 584 posts
  • LocationVancouver, BC

Posted 13 December 2012 - 04:45 PM

View PostTressa, on 13 December 2012 - 04:39 PM, said:

is there any kind of information what harm can/was done by the malicious script?

Infecting PCs?
Access passwords when entered on redirected site?

What are your recommendations for users who accessed the site (logged in, bought MC, etc..) during the time the vulnerability was present?


Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.

#32 STRONG LIKE BEAR

    Member

  • PipPipPip
  • 88 posts

Posted 13 December 2012 - 04:48 PM

Your website is now once again listed as an attack page on Firefox.

Nice

#33 nom de guerre

    Member

  • PipPipPipPipPip
  • 185 posts
  • LocationNew Avalon

Posted 13 December 2012 - 04:49 PM

View PostStone Wall, on 13 December 2012 - 04:17 PM, said:

PGI always on the ball.



not sure if serious...

#34 Mims

    Member

  • PipPipPipPipPip
  • Knight Errant
  • 185 posts

Posted 13 December 2012 - 04:50 PM

When can we expect this to go away?

#35 Tressa

    Rookie

  • 9 posts
  • LocationAustria

Posted 13 December 2012 - 04:50 PM

View PostKyle Polulak, on 13 December 2012 - 04:45 PM, said:


Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.


Thank you. :) I bet some people *coughIboughtmctodaycough* are relieved to hear that!

Edited by Tressa, 13 December 2012 - 04:53 PM.


#36 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 04:51 PM

View PostMims, on 13 December 2012 - 04:50 PM, said:

When can we expect this to go away?

Typically the delisting from Google's warning database will occur within a matter of hours, so long as the Google scanners verify the site is clean.

Edited by Ter Ushaka, 13 December 2012 - 04:51 PM.


#37 Felis

    Member

  • PipPip
  • Bridesmaid
  • Bridesmaid
  • 23 posts

Posted 13 December 2012 - 04:51 PM

View PostKyle Polulak, on 13 December 2012 - 04:45 PM, said:


Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.

Thanks for the details, still I am glad that I don't leave home without noscript and ghostery.

#38 Tice Daurus

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,001 posts
  • Facebook: Link
  • LocationOak Forest, IL

Posted 13 December 2012 - 04:54 PM

View PostKyle Polulak, on 13 December 2012 - 04:45 PM, said:


Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.


Kyle, I've always tried to support MW:O and you guys at PGI because I know you guys want this to succeed and so do the fans here. But to blunt, this is really bad all around. I mean...REALLY BAD. They may not have gotten into the database, but from a layman's POV like myself...we had people here who ID'd the problem quicker than you guys probably. I need to ask now, does PGI intend now to beef up security and use something else to make the website safer so this doesn't happen again?

And here's a suggestion...Ter Ushaka was able to ID this quickly. I have no stake in this, but if he's unemployed...how about hiring him and putting him on PGI's payroll so he can help PGI with the website/forums?

#39 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 04:58 PM

Thank you for the recommendation but what I found was what most everyone else did, the javascript. The actual hunting through the haystack takes folks who know more about how the back-end is put together. Even with my rough understanding of how Kyle has structured the server setup for MWO, he's the much better option for this than I. :)

#40 bug3at3r

    Member

  • PipPipPipPipPipPip
  • 275 posts

Posted 13 December 2012 - 04:59 PM

Ter Ushaka orchestrated the whole thing in an attempted to find employment, calling it now.





8 user(s) are reading this topic

0 members, 8 guests, 0 anonymous users