Results 1 to 3 of 3

Thread: Spam Posts and Compromised Accounts

  1. #1
    H
    H is offline
    Hymn-Slinging Mod
    H's Avatar
    Join Date

    Sep 2008
    Location

    The U-easy-anna
    Posts

    3,440

    Spam Posts and Compromised Accounts

    Some of you might have noticed that there have been some spam post from actual verified accounts lately.

    As always, if you see something strange or that doesn't look right regardless of who might have posted it, please use the report button. And, of course, please do not click on suspicious links.

    The issue is being investigated but overall the site itself should be secure.

    Thanks.

    EDIT: Also see the announcement on the top of the page. (I'll quote it here just in case.)

    Quote Originally Posted by colo
    Dear The Source users,

    as has only recently come to my attention, The Source's user database was compromised and in part downloaded (usernames and password hashes) more than a year ago. The vulnerability that was used to gain system-level access to dump parts of the database is currently unknown, but I've taken precautions at a lower level that it is much less likely for someone to successfully abuse it again. As with all complicated things in life, success is not guaranteed.

    Zilla's account was broken into most recently as far as I know, and I've since disabled/banned his account. He will be reinstated after I've sorted out this mess and managed to get ahold of him to talk over our next steps.

    In the meantime, I've invalidated all current sessions, and beseech you to rotate your The Source account passwords at your earliest convenience.

    Thanks very much, and sorry for the terrible inconvenience.

    colo



    PS: If you have any questions concerning this incident, please reach out to me by email at c0l0 at gmx dot at.
    So, please change your password when you get a chance. Thanks.
    "The Ancients teach us that if we can but last, we shall prevail."
    Kaysa, Elder Druid of the Juniper Order
    Reply With Quote Reply With Quote  
  2. #2
    Wrath of Pie
    Wrath of Pie is offline
    Member
    Wrath of Pie's Avatar
    Join Date

    Feb 2019
    Posts

    1,017

    Re: Spam Posts and Compromised Accounts

    Is the issue related to the outdated version of vBulletin being used?
    Reply With Quote Reply With Quote  
  3. #3
    colo
    colo is offline
    Administrator
    Join Date

    Sep 2009
    Location

    Vienna, AT
    Posts

    475

    Re: Spam Posts and Compromised Accounts

    I am not 100% sure what the vulnerability used to dump the hashes was, but I am rather confident I found it, and fixed it in the meantime. If true, it was a vulnerable configuration (conditional CGI execution enabled for a directory containing user-uploaded files with both their names and content under the attacker's control) that I unknowingly ported over to the new machine when we migrated The Source to a new server several years ago :(
    Reply With Quote Reply With Quote  
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)