Jump to content


Photo

Security Issue & Resolution


  • Please log in to reply
10 replies to this topic

#1 Christian

Christian

    Dear Leader

  • Senior Administrator
  • 984 posts

Awards Bar:

Users Awards

Posted 03 August 2014 - 01:15 PM

Hey guys,

 

Last night I was contacted by Fenway in regards to the issue posted in this topic.  I was away from the computer but within minutes I got in contact with Josh, who then looked further into the issue.

 

It turns out that someone managed to gain unauthorized access to our host directory and uploaded a few spammy files that were causing redirection to another spam website.  This person also modified a few .htaccess files, which dictate how your browser navigates through the site when you visit it.

 

Two of the pages (which we have now removed) that were added by the attacker were were:

From what I can see, it doesn't sound like many people were actually affected by the redirection.  This makes me believe that the attack was likely carried out by a bot who just attempted to brute force its way into our ftp accounts (and succeeded), and then automatically uploaded the files.

 

In response to this issue we have:

  1. Removed the malicious files
  2. Fixed the behavior of our .htaccess files
  3. Changed all of the passwords to our FTP accounts
  4. Contacted Hostgator (our host company) and requested a security scan of our website

There are a few other measures I plan on taking to help ensure this type of thing doesn't happen again.  In addition to this, as far as I can tell, our database was not compromised and user accounts, passwords, emails, etc. should still be 100% safe.

 

All in all, this issue could have been a lot more serious but we managed to catch and repair it relatively quickly.  I would also like to thank UrASmurf for reporting the problem and Josh for taking time to resolve it.

 

-Christian


  • Spaciouz, Seán and UrASmurf like this
"I hereby swear to abandon all fear; to question everything; to trust in myself; to honor those before me as I excel, and to support those who follow as they ascend. I swear that I will never accept another’s standard for success, as I set mine one measure higher. When I am finished, no one will ever look at me the same way again."

#2 Steph

Steph

    The People's Messiah

  • Senior Member
  • PipPipPipPipPipPipPipPipPipPip
  • 3942 posts

Awards Bar:

Users Awards

Posted 03 August 2014 - 03:34 PM

Anyway to check the database? Seems like the first person someone would go if they gained access to the FTP account
Posted Image

Attack - Strength - Defence - Constitution - Herblore - Prayer - Construction - Firemaking - Ranged - Cooking
Spoiler

#3 Christian

Christian

    Dear Leader

  • Senior Administrator
  • 984 posts

Awards Bar:

Users Awards

Posted 03 August 2014 - 05:47 PM

Database has a separate login and is accessed differently.  In fact, it can't be accessed through FTP at all.  There's no indication they had anything other than FTP access (or performed some sort of cross-site scripting).


"I hereby swear to abandon all fear; to question everything; to trust in myself; to honor those before me as I excel, and to support those who follow as they ascend. I swear that I will never accept another’s standard for success, as I set mine one measure higher. When I am finished, no one will ever look at me the same way again."

#4 UrASmurf

UrASmurf

    Court Jester

  • Clan Member
  • Others: Recruitment Team
  • PipPipPipPipPipPipPipPipPipPip
  • 1556 posts
  • Steam: UrASmurf
  • LocationQuick, look behind you!
  • RSN: UrASmurf
  • Minecraft:UrASmurf

Awards Bar:

Users Awards

Posted 03 August 2014 - 11:53 PM

Yep looks like the tag is gone now. Thanks to fenway and josh as well as christian for checking it out and reporting back with what was what.


Spoiler

qXSpaNp.png

My Steam Profile (from SteamDB)

  • Worth: $991
  • Games owned: 95
  • Games not played: 35
  • Percentage: 45%
  • Hours spent: 1,484.3h

#5 Fenway

Fenway

    Director of RuneScape Affairs

  • Administrator
  • 4124 posts

Awards Bar:

Users Awards

Posted 04 August 2014 - 01:32 PM

Yep looks like the tag is gone now. Thanks to fenway and josh as well as christian for checking it out and reporting back with what was what.

 

I have no idea how to do computers, but hey I was on point with telling the big boys


Director of Runescape Affairs
Fenway.png
Fenway.png
Fenway.png
Fenway.png
 


#6 Seán

Seán

    Forum Slut

  • Senior Member
  • PipPipPipPipPipPipPipPipPipPip
  • 3279 posts

Awards Bar:

Users Awards

Posted 04 August 2014 - 01:58 PM

Nice work, that could have been pretty bad for people looking to join or just check out our site.

 

(PS what does FTP stand for?)


'ᶦ ˢʷᵉᵃʳ ᵗᵒ ᵍᵒᵈ ᶦᶠ ᵃᶰʸ ᵒᶠ ʸᵒᵘ ᵐᵒᵗʰᵉʳʳᶠᵘᶜᵏᵉʳˢ ᶜᵒᵖʸ ᵃᶰᵈ ᵖᵃˢᵗᵉ ᵗʰᶦˢ ʸᵒᵘ ʷᶦᶫᶫ ᵇᵉ ᶦᶰ ˢᵉʳᶦᵒᵘˢ ᵗʳᵒᵘᵇᶫᵉ' ~ Holy 2014


Posted Image




Ye Olde Cape Raque


Posted Image /o\ <- Divination Cape /#\ <- Firemaking Cape


#7 Holy

Holy

    Moe

  • Senior Member
  • PipPipPipPipPipPipPipPipPipPip
  • 4647 posts

Awards Bar:

Users Awards

Posted 04 August 2014 - 02:58 PM

(PS what does FTP stand for?)

 

http://lmgtfy.com/?q=ftp


  • Joshua and DJ Knight77 like this

#8 Seán

Seán

    Forum Slut

  • Senior Member
  • PipPipPipPipPipPipPipPipPipPip
  • 3279 posts

Awards Bar:

Users Awards

Posted 05 August 2014 - 11:03 AM

 

Thanks. I'm ashamed to say that I used bing and did not get that result. :(


'ᶦ ˢʷᵉᵃʳ ᵗᵒ ᵍᵒᵈ ᶦᶠ ᵃᶰʸ ᵒᶠ ʸᵒᵘ ᵐᵒᵗʰᵉʳʳᶠᵘᶜᵏᵉʳˢ ᶜᵒᵖʸ ᵃᶰᵈ ᵖᵃˢᵗᵉ ᵗʰᶦˢ ʸᵒᵘ ʷᶦᶫᶫ ᵇᵉ ᶦᶰ ˢᵉʳᶦᵒᵘˢ ᵗʳᵒᵘᵇᶫᵉ' ~ Holy 2014


Posted Image




Ye Olde Cape Raque


Posted Image /o\ <- Divination Cape /#\ <- Firemaking Cape


#9 Turds

Turds

    Forum Whore

  • Clan Friend
  • PipPipPipPipPipPipPipPipPipPip
  • 3329 posts
  • LocationKentucky
  • RSN: Turds

Awards Bar:

Users Awards

Posted 05 August 2014 - 12:21 PM

I used bing


There's your problem. Just remember..
Bing - Porn
Google - Everything else.

RS3:
user1-light.png
OSRS:
MrTurds.png


#10 Seán

Seán

    Forum Slut

  • Senior Member
  • PipPipPipPipPipPipPipPipPipPip
  • 3279 posts

Awards Bar:

Users Awards

Posted 05 August 2014 - 12:36 PM

Bing - Porn
Google - Everything else.

 

I'm interested to hear why you think that...

 

 

Pervert...


'ᶦ ˢʷᵉᵃʳ ᵗᵒ ᵍᵒᵈ ᶦᶠ ᵃᶰʸ ᵒᶠ ʸᵒᵘ ᵐᵒᵗʰᵉʳʳᶠᵘᶜᵏᵉʳˢ ᶜᵒᵖʸ ᵃᶰᵈ ᵖᵃˢᵗᵉ ᵗʰᶦˢ ʸᵒᵘ ʷᶦᶫᶫ ᵇᵉ ᶦᶰ ˢᵉʳᶦᵒᵘˢ ᵗʳᵒᵘᵇᶫᵉ' ~ Holy 2014


Posted Image




Ye Olde Cape Raque


Posted Image /o\ <- Divination Cape /#\ <- Firemaking Cape


#11 UrASmurf

UrASmurf

    Court Jester

  • Clan Member
  • Others: Recruitment Team
  • PipPipPipPipPipPipPipPipPipPip
  • 1556 posts
  • Steam: UrASmurf
  • LocationQuick, look behind you!
  • RSN: UrASmurf
  • Minecraft:UrASmurf

Awards Bar:

Users Awards

Posted 05 August 2014 - 02:06 PM

I'm interested to hear why you think that...

 

 

Pervert...

 

Because google filters all that and Bing is surprisingly amazing for it.


Spoiler

qXSpaNp.png

My Steam Profile (from SteamDB)

  • Worth: $991
  • Games owned: 95
  • Games not played: 35
  • Percentage: 45%
  • Hours spent: 1,484.3h








Bitcoin (฿): 1D4Jxg4Xt2EZNZoYuDvDeYBPQ7ABKDHGbA (Click for QR Code)
Litecoin (Ł): Lfx3Rm1yCEaaRDqenUUqfSBGCZRdFEx6a9 (Click for QR Code)