1. Updated Resource Submission Rules: All model & skin resource submissions must now include an in-game screenshot. This is to help speed up the moderation process and to show how the model and/or texture looks like from the in-game camera.
    Dismiss Notice
  2. The Results have come out of the old ARENA oven. Check out who won the 30th Texturing Contest!
    Dismiss Notice
  3. Hey guys, we've posted the Results for the 30th Modeling Contest. Check them out!
    Dismiss Notice
  4. The 15th Mini-Mapping Contest came to an end. The Secrets of Warcraft 3 are soon to be revealed! Come and vote in the public poll for your favorite maps.
    Dismiss Notice
  5. The 12th incarnation of the Music Contest is LIVE! The theme is Synthwave. Knight Rider needs a song to listen to on his journey. You should definitely have some fun with this theme!
    Dismiss Notice
  6. Join other hivers in a friendly concept-art contest. The contestants have to create a genie coming out of its container. We wish you the best of luck!
    Dismiss Notice
  7. Check out the Staff job openings thread.
    Dismiss Notice
Dismiss Notice
60,000 passwords have been reset on July 8, 2019. If you cannot login, read this.

Haxxored

Discussion in 'Latest Updates and News' started by Ralle, Apr 21, 2016.

  1. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,181
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    Hey guys,

    Last night was tough. About an hour before I had planned to go to bed, Shar Dundred messaged me about the site returning a 404 File not Found when visiting it. I was shocked and checked it out myself. Yep, the site was gone. I logged onto the server and confirmed that the site was removed. Speechless I logged onto my home server and confirmed that I had a backup. It was only five hours old. But simply recovering the data would not protect us against what happened. It might as well happen again.
    In the database I found plug-in which would give an attacker a backdoor. On disk I found a script that did the same. I removed these and started recovering from backup. I also found that multiple admin accounts had new passwords so those were reset. But I still hadn't found the security hole. Ash showed me a website where you can find exploits. We found one for an addon we use and how to protect against it. The company that develops this add-on is not in business any more but there were instructions on how to patch it.
    I'm glad I set up backup on The new server, it's only a few days old. I have updated my backup script to back up files every four hours instead of every 24. We lost five hours worth of pastebin entries, resource images, custom avatars and custom profile pictures. This is almost nothing, whew. The rest of the site is stored in a different location and was not affected.
    This is while also part of the reason why I want to move to XenForo. It is maintained and generally more secure than our current setup. I know there are still many things I need to change for it to be in all aspects as good or better than this.
    The site was down for maybe 20 minutes but it took a few hours to get all the pastebin entries back.
    I have written a script that monitors the the web server for code changes. If any file is changed, added or removed I will get an email immediately. This should help with monitoring if something happens.

    Ralle
     
  2. Roland

    Roland

    Joined:
    Feb 18, 2012
    Messages:
    2,209
    Resources:
    2
    Models:
    1
    Icons:
    1
    Resources:
    2
    I think this is the second time that this site was hacked..
     
  3. Rheiko

    Rheiko

    Joined:
    Aug 27, 2013
    Messages:
    2,936
    Resources:
    7
    Icons:
    2
    Spells:
    3
    Tutorials:
    2
    Resources:
    7
    I've been waiting for your explanation regarding that thing on notice board. Hang in there, hive! We're about to move to a safer location soon!
     
  4. APproject

    APproject

    Joined:
    Jun 27, 2008
    Messages:
    2,503
    Resources:
    19
    Icons:
    4
    Maps:
    15
    Resources:
    19
    Ah, crap. Very sad and also good news, considering it could have turned out much worse. I suppose the only way to have more protection is to move to Hive 2?
     
  5. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,181
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    Well, a security hole was patched, so right now I am not aware of any issues. The site is safe AFAIK. But this is indeed the second time (I am aware of) that we have been hacked. Both times it has been because of an add-on we're using called vBSEO. That is the one that gives us pretty URLs and other SEO stuff. Removing it would break all links, so I don't see that as much of an option. The source code for vBSEO is unreadable. So it's scary to have unmaintained code on the site that even I am unable to maintain.
    But the site is safe for now. But in the long run it's better to be on something more recent and readable. But no matter what, the most important thing is backing up and we're good at that :).
    I would feel more comfortable with moving to Hive 2 as it's in many ways simpler and more readable code.
     
  6. ~Nightmare

    ~Nightmare

    Texture Reviewer

    Joined:
    Jan 25, 2011
    Messages:
    2,100
    Resources:
    144
    Models:
    2
    Icons:
    111
    Packs:
    5
    Skins:
    26
    Resources:
    144
    This what I'm actually thinking because of the new beta site, someone will hack. But good thing it was fixed lightning-fast. Good job Ralle! I adore you so much more.
     
  7. terrio

    terrio

    Joined:
    Oct 19, 2014
    Messages:
    74
    Resources:
    2
    Models:
    2
    Resources:
    2
    personaly, think wasting 5 hours is beter than removing any leftovers from cialis and viagra spam botters getting the admin accounts, they can be pain in the arse to recover if it that happens
     
  8. Almia

    Almia

    Joined:
    Apr 24, 2012
    Messages:
    4,861
    Resources:
    35
    Spells:
    30
    Tutorials:
    4
    JASS:
    1
    Resources:
    35
    I was shocked when this was posted on FB. good thing it was fixed quickly.

    Good job Ralle. Hope we can relocate to the new site as fast as possible.
     
  9. Rex.

    Rex.

    Joined:
    Aug 6, 2014
    Messages:
    825
    Resources:
    4
    Packs:
    1
    Maps:
    3
    Resources:
    4
    Who the heck wants to hack Hive?
     
  10. Roland

    Roland

    Joined:
    Feb 18, 2012
    Messages:
    2,209
    Resources:
    2
    Models:
    1
    Icons:
    1
    Resources:
    2
    Reason: Ralle's No-Shave beard..

     
  11. Squiggy

    Squiggy

    Joined:
    Mar 25, 2008
    Messages:
    2,603
    Resources:
    18
    Maps:
    2
    Spells:
    15
    Tutorials:
    1
    Resources:
    18
    At least, only five hours were gone as opposed to a full day cycle.
    I can't even think of a reason as to why anyone would hack a wacraft 3 related forum unless he's mentally challenged, especially since it's purely done with an evil intent of deleting/modifying data for no logical reason.
    While we're still on vB, may I suggest to delete the vbseo footer message stating the version number since only knowing that makes finding exploits way easier?
    I'm well aware the source code states to not remove the text but vBSEO is dead anyways so there's no reason to not do it (or just remove the version number).
    This at least keeps the lowest and most unskilled scriptkiddies away.
    Yay for continuous backups and delocalized data storage I guess...
     
  12. Chaosy

    Chaosy

    Joined:
    Jun 9, 2011
    Messages:
    10,575
    Resources:
    18
    Maps:
    1
    Spells:
    11
    Tutorials:
    6
    Resources:
    18
    my rep is safe.
     
  13. Directive255

    Directive255

    Joined:
    Nov 4, 2010
    Messages:
    2,262
    Resources:
    0
    Resources:
    0
    I just don't understand why would anyone want to hack the Hive...
    Will they benefit from it aside from getting some fun?

    Or... are they trying to hijack the site and insert malicious stuffs like ransomwares to get some money?
     
  14. APproject

    APproject

    Joined:
    Jun 27, 2008
    Messages:
    2,503
    Resources:
    19
    Icons:
    4
    Maps:
    15
    Resources:
    19
    Because they can, I suppose. They must be feeling powerful and in charge, some primitive instincts driving their behaviour. They spent some time learning how to do it and they won't let it go wasted.
     
  15. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,277
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    And moreover, why *delete* things ? And why try to lock admins out, if all the attacker wants is to destroy the site's resources ?

    Looks like mindless vandalism to me.

    Great work on mitigating this issue, Ralle.
    Hope we can all move to a safer (and easier to manage) place soon.
     
  16. The Dark Wizard

    The Dark Wizard

    Joined:
    Nov 3, 2007
    Messages:
    237
    Resources:
    1
    Maps:
    1
    Resources:
    1
    Just another reason to look forward to that import to xenforo.
     
  17. Valenvai

    Valenvai

    Joined:
    Sep 15, 2012
    Messages:
    307
    Resources:
    1
    Maps:
    1
    Resources:
    1
    I wish I could offer more than moral support.
    I am happy to hear you managed to stabilize things.

    As for why would someone hit HiveWorkshop is beyond me but as some previous poster said, looks like vandalism.
    It's sad that some people don't seem to respect an interesting and helpful site like this.

    My best wishes to everyone!
     
  18. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,277
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    Except imho the new site will not be bulletproof, too. Because no site is. Admins will trade an old bunch of problems for another, mostly different bunch of problems. But those issues will hopefully be easier to manage.

    Security is a comfortable illusion. Even Ralle's current fix looks like an unsupported (thus unofficial) patch/hack to me. This is why I say the issue with vBSEO was *mitigated*, not solved. But I trust it works "good enough" for the time being.

    That being said, I understand the Hive had only two major problems since more than 10 years. And it recovered both times. We obviously have great admins here.
     
  19. Shocking and so close before the moving..

    Is our personal data secured/affected ( mail, IP addresses and stuff) ?
     
  20. Chaosy

    Chaosy

    Joined:
    Jun 9, 2011
    Messages:
    10,575
    Resources:
    18
    Maps:
    1
    Spells:
    11
    Tutorials:
    6
    Resources:
    18
    On another note, I was playing on a WoW private server back in the day.
    Some rather famous guy (on the server) got perm banned for whatever and ddosed the server demanding his ban to be lifted.

    If this is somewhat similar, Roland is the main suspect. He want his rep and infractions back.
    [​IMG]