TAZ Security

[The Sandman]

Will there be a notification sent out whether or not we were affected by this or not?

What do you mean by affected?

 

[JamesJ]

What do you mean by affected?

If the hacker(s) gained our email/username and/or password?

 

[The Sandman]

Everyone who logged in May 5 or 6 should assume their username/password was logged. Only a handful of accounts were logged into, so only those members could have had their email addresses or PCs looked at. I believe those few have been notified already but I will double check.

 

[WD]

I sent out an email but I'll post this here as well:

​

Clearly nobody read my post which said to remove test boards. I think this is one breach too many. It's honestly becoming a bloody joke now. TAZ has been hacked nearly more then vBulletin has!

If basic security isn't being taken then site clearly isn't safe for webmasters. I would have assumed after the last breach more would have been done more so when those live test boards were found. Clearly they were not removed which has lead to our logins being compromised for the 5th odd time.

I won't lie, I'm a little disappointed in the constant password changes which is why I don't really bother to come here much now.

Clearly somewhere somebody made mistakes. Leaving any dev board on a live server is a big no, More so when it's got vBulletin files or Brivium stuff.

If anything, Any dev/old sites should be kept on a seperate dev server meaning if they do get hacked the main site isn't at as much risk.

Another thing, Any dev server shouldn't use real data from the main site. Too often you're hearing about sites being hacked and due to a dev site using real data the main site is in turn compromised.

Hopefully now the site will be more secure.

I think what Danielx64 meant was there could possibly be a backdoor on the server. Some shells can't be detected and some are hidden within databases etc, I myself would have checked every single file. After the second breach I would have even reuploaded fresh files. You never know what could be left over. A backdoor can be less then 2kb in size. It's even possible that a backdoor could be runnning via the server.

Seeing as this is the 3rd/4th? breach I would do a total rebuild of the server myself, Fresh OS, DB checked for base64/etc then fresh xenforo files etc. Anything custom can be checked saving time.

 

[The Sandman]

Pointing out the obvious now doesn't affect the past. Yes the test board and old sites should not have been on the primary TAZ server. I personally wasn't aware of the risks beforehand. I don't recall any of those things being mentioned after the first intrusion even though there was a long thread about it. At that time recommendations were made and we followed them.

 

[Danielx64]

Right PoetJC and Neal, you both have some explaining to do. Why the hell did you rate my post "Paranoid"?

 

[WD]

Pointing out the obvious now doesn't affect the past. Yes the test board and old sites should not have been on the primary TAZ server. I personally wasn't aware of the risks beforehand. I don't recall any of those things being mentioned after the first intrusion even though there was a long thread about it. At that time recommendations were made and we followed them.

Basic security of any website is simple.

1, Random/unique passwords.
2, Two Step if you have it.
3, Remove old data fully.
4, Use a seperate dev server for testing/keeping old installations. (Also htaccess protect these.)
5, Rename/Htaccess protect admin. Htaccess would be a unique pass/user per staff member along with being locked down to IP's of those staff.
6, Keep scripts updated.
EDIT: 7, Remove unneeded staff. (almost forgot!)

I guess the one good thing you did do was inform us. Unlike vBulletin. So credit where it's due.

 

[Danielx64]

What was that for cheat_master30

 

[cheat_master30]

Sorry, couldn't resist a joke. Thought it was tempting fate.

But I can remove the rating, if you'd rather that.

 

[Danielx64]

Sorry, couldn't resist a joke. Thought it was tempting fate.

But I can remove the rating, if you'd rather that.

It's all good, I was a little under the impression that you were trolling, but as you said just joking around It still a little early for me, and I need more coffee.

 

[Amaury]

The Sandman, this thread can be probably be marked as resolved, it seems: https://theadminzone.com/threads/logged-out.140256/

 

[Avery]

I agree, better security both administrator/moderator password wise and even on the server should be improved. Why not have various checks so things like this doesn't happen so often?

I only recently just joined but getting an email about a recent hacking attempt tends to send the wrong message to any new members (along with administration approval on an honest note).

 

[Oldcrow]

Is the Test Board located on the same sever. Never use a test board on the same server..

My board is on one server and my Test Board is on my computer, no one has access to my test board but me..

It is a concern, but hackers are out there to get you, and not happy until they get in a destroy things..

How much security is enough..

Sandman, thanks for notifying me, appreciated..

Ron..

 

[Amaury]

Is the Test Board located on the same sever. Never use a test board on the same server..

He's realized this now. No need to keep repeating it.

 

[mafiaboy]

Sorry to hear about this. I run my own hosting company and when it comes to security I am about as paranoid as it gets, and it's this paranoia that keeps the rats out. I feel your frustration. You spend time and money to build something up and someone within the vast internet wants to destroy it.

 

[AdamD]

Hope you were able to get it all locked down, it's frustrating for sure, for staff and user alike.
Thanks for being open with your communications about it, too.