Follow Us On Follow us on Facebook Follow us on Twitter
Register



User Tag List

Results 1 to 7 of 7
  1. #1
    NG Administrator adamnp's Avatar
    Join Date
    Apr 2006
    Location
    Connecticut, USA
    Age
    41
    Posts
    6,459
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    100

    NG Logo Website Downtime -- PLEASE READ IF YOU CANT LOGIN --

    Hello,

    As most of you are aware - the website was breached earlier this month. In an immediate attempt to mitigate any further intrustion and minimize damage we immediately shut the site down. This was critical, because directly following the hack we were unaware of how the intruder gained acces. However upon nearly 2 weeks of examination we finally found the point of intrusion. That issue was resolved, and a few other issues we found along the way were also fixed. vBulletin was also upgraded as was several other scripts. We made several changes to the password algorithm as well. We were originally under the impression that the user/password tables were compromised and decrypted. That, fortunately, was not the case. We determined there to be a logger in place hidden in an area of the website that was actually saving usernames/passwords as you logged into the website. This was then published on the main page through the template system. We cannot be fully certain however that password hashes and salts were not taken and they are attempting to crack them using dictionarys/tables. SO, to combat such issues we have added hundreds of new rules to our firewalls, and are forcing a password reset on the entire boards, using the new higher encryption method. Everyone was sent a new password to login to the boards, if you did not get this email please check your spam folder or click the 'forgot password' link at the top of the page under the Login boxes, and follow the forms there to have a new password sent.

    Management and I take this incident extremely serious. Our relationship with you our members, and in particular the confidentiality of your subscriber information are critically important to me, and my vision for these boards. We have taken a secure and preventive approach from the very beginning and were happy to say this has never happened in the 11 years we have been at the helm. We unfortunately reset that number now, but are taking strides to ensure it doesn't happen again. We also are continuing to work closely with law enforcement in an investigation into the matter and will assist with the identification and prosecution of the individual(s) responsible. What was done is illegal, and not tolerated.

    If you notice any issues with the boards, please send me a PM -- or email me, [email protected] so I can investigate it immediately. Several changes were made, and it's nearly impossible to debug everything without some helping hands.


    Useful Link : Forgot Password ( Reset Password ) / NEVER RECEIVED NEW PASSWORD Link --- Lost Password Recovery Form - Noob Galore Gaming Community
    *You MUST have access to your email on file to utilize this link.


    Update: We have also disabled the BLOGS feature of the website, this area was utilized very little, and exposes potential security risks, so we nixed it. This may come back in a future update--All content has been retained and posts counts remain the same.
    Update: We have removed the ARCADE feature of the website, this area also posed significant threats with numerous points of injection. This will not be coming back.
    Update: Lastly, we have also removed the GROUPS feature of the website. This also exposes potential areas of abuse, and was utilized minimally as we typically utilize steam groups in favor of.


    UPDATE: IF YOU HAVE NOT RECEIVED YOUR PASSWORD BY 4/30/2015 at 4:00 PM EST then you can use the LOST PW feature to reset your password. Prior to the script ending, your password would then be reset, and need to be reset again. so please wait until that time period to utilize that link.

    UPDATE: If you use LIVE.COM, HOTMAIL.COM or other YAHOO/MSN email accounts chances are you will not receive the reset password email, and will need to use the forgot password link tomorrow evening. This is due to Yahoo's strict email rules, and them getting upset that we sent out emails, and more than 50 have returned with 'non exhistant user' (We obviously have people who change providers or emails change, and weve never sent a mass mailing so this will be our first time to be able and remove bouncebacks.) I apologize for this.

    Graciously,

    Adam
    Last edited by adamnp; 04-29-2015 at 06:56 PM.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  2. #2
    NG Administrator adamnp's Avatar
    Join Date
    Apr 2006
    Location
    Connecticut, USA
    Age
    41
    Posts
    6,459
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    100

    Default

    Placeholder for future updates.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3
    NG Forum VirGiN
    Join Date
    Sep 2008
    Age
    34
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0

    Default

    Well, I was banned soooooo long ago because I was a hacker (el oh el still not vac banned, CRWN mad because I wiped the floor with him so he banned me). I would have loved to forget about this site but now I hear my password has been compromised.

    Please tell me you didn't hash them with MD5 or SHA. I really hope you're bcrypting them so at least the person running the hashes has to take forever just to get them. Salting is a nice touch but only stops an attacker from using pre-generated tables in the attack, which isn't the only way to get passwords from hashes. Most passwords would be revealed by a simple dictionary pass and even more stragglers found by using dictionary plus smart brute force replacement. Salt has no affect on those attacks but even then bcrypt hashes mean it takes a long time to hash each guess. With MD5 and SHA (even new SHA2) they were designed specifically to be fast to hash which means its also fast for an attacker to go through each hash, trying to find your password.

    tl;dr Please upgrade your boards hashing algo to use bcrypt wherever possible, you'll be thanking yourself later when this happens again. Also take the time to set up some HIDS so you are alerted next time someone starts changing files or doing weird stuff. I recommend OSSEC-HIDS since its free and extremely powerful. It seems like nobody really noticed this breach until after it was too late. A HIDS would have alerted you much earlier to strange activity.

    Also whats more likely: That I somehow have the worlds most secret CS:S hack in the world and still haven't been banned? Or Crwn was a mad little girl when I wrecked his face in with an ak-47 so he decides to ban me without a demo because "Im just not that good". Just wanted to add that, I really don't like that Crwn guy.

    Have fun cleaning up your server, hopefully whoever broke in didn't leave a rootkit or some way to get back in.

    ^^,)


    edit: Also something is up with your email system, its adding two Content-Type headers to messages that go out, some email servers will complain about that.
    Last edited by The Real Banana; 04-30-2015 at 01:41 AM.

  4. #4
    NG Administrator adamnp's Avatar
    Join Date
    Apr 2006
    Location
    Connecticut, USA
    Age
    41
    Posts
    6,459
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    100

    Default

    Quote Originally Posted by The Real Banana View Post
    Well, I was banned soooooo long ago because I was a hacker (el oh el still not vac banned, CRWN mad because I wiped the floor with him so he banned me). I would have loved to forget about this site but now I hear my password has been compromised.

    Please tell me you didn't hash them with MD5 or SHA. I really hope you're bcrypting them so at least the person running the hashes has to take forever just to get them. Salting is a nice touch but only stops an attacker from using pre-generated tables in the attack, which isn't the only way to get passwords from hashes. Most passwords would be revealed by a simple dictionary pass and even more stragglers found by using dictionary plus smart brute force replacement. Salt has no affect on those attacks but even then bcrypt hashes mean it takes a long time to hash each guess. With MD5 and SHA (even new SHA2) they were designed specifically to be fast to hash which means its also fast for an attacker to go through each hash, trying to find your password.

    tl;dr Please upgrade your boards hashing algo to use bcrypt wherever possible, you'll be thanking yourself later when this happens again. Also take the time to set up some HIDS so you are alerted next time someone starts changing files or doing weird stuff. I recommend OSSEC-HIDS since its free and extremely powerful. It seems like nobody really noticed this breach until after it was too late. A HIDS would have alerted you much earlier to strange activity.

    Also whats more likely: That I somehow have the worlds most secret CS:S hack in the world and still haven't been banned? Or Crwn was a mad little girl when I wrecked his face in with an ak-47 so he decides to ban me without a demo because "Im just not that good". Just wanted to add that, I really don't like that Crwn guy.

    Have fun cleaning up your server, hopefully whoever broke in didn't leave a rootkit or some way to get back in.

    ^^,)


    edit: Also something is up with your email system, its adding two Content-Type headers to messages that go out, some email servers will complain about that.
    Ehhh.. thanks for the half sarcastic response. I will look into the email headers. Passwords are bcrypted.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  5. #5
    NG Forum VirGiN
    Join Date
    Sep 2008
    Age
    34
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0

    Default

    Hmm it may just be the notice you sent out to everyone because the automatic email reply I got about the reply to this thread was fine, only one content-type header. And awesome glad you bcrypted, hopefully the number of iterations is high enough to keep them at it for a while. Thanks for notifying us btw, a lot of sites just cover that sort of thing up and move on.

  6. #6
    NG Administrator adamnp's Avatar
    Join Date
    Apr 2006
    Location
    Connecticut, USA
    Age
    41
    Posts
    6,459
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    100

    Default

    Update: All passwords have now been sent, so if you didn't get yours or can't find it, please utilize the FORGOT password Link located on my Original POST!


    Thanks

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  7. #7
    NG Senior Community Admin Reno's Avatar
    Join Date
    Jan 2007
    Location
    New York
    Age
    37
    Posts
    1,219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    22

    Default

    Good to see the site back up! Lets get the servers back going too!!

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.



    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

 

 

Members who have read this thread : 0

You do not have permission to view the list of names.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •