Downtime

Post Reply
User avatar
Liareth
General Admin
General Admin
Posts: 1167
Joined: Mon Sep 08, 2014 8:25 am

Downtime

Post by Liareth » Mon Oct 15, 2018 12:43 pm

As some of you may have noticed, earlier today the Arelith forums were taken down for several hours. Multiple users' accounts, including an administrator's, were compromised by one or more attackers. Our initial findings suggest that these accounts were accessed by using a copy of the forum database from a previous attack against our forums to brute force hashed + salted passwords which had not changed since then.

We believe the attackers have full access to the forum database, including a copy of all posts, private messages, and account information such as email addresses and hashed + salted passwords. There is no evidence to suggest that the attackers have access to any information from the game database, which would include things like CD keys or RPR information.

We will be taking the following steps:

1) All forum passwords will be reset. Users with an email address associated with their account can do this via the forums. Users without an email address associated with their account will need to use the -forum_password command in game (implementation pending, it won't work right now).

2) We will add two factor authentication to the admin control panel to prevent a compromised user account on the forums from obtaining destructive access in the future.

3) We will be editing our forum software to prevent exporting the forum database from the web interface.

4) We will implement a system which allows us to closely monitor any admin activity on the forum and verify it is legitimate.

What does this mean for you tl;dr: your hashed + salted forum passwords may have been compromised. The attackers can brute force these to obtain your real password. If you share your forum account password with any other services, you should change your passwords there immediately.

--

For reference, this is a copy of the statement left by the attackers to us:

Code: Select all

Arelith staff:

<snipped DM identities>

This is our message to you...

Unban everyone banned in last 3 months and we will be satisfied and leave you alone :-). If you do not unban these people in 72 hours we have something very special prepared for you all and today will look like childs play.

Tick tock said the clock ;-).
90% of ban appeals submitted to us in a respectful and introspective way are accepted and the user is allowed back onto Arelith. Only 10% of bans are upheld under appeal, particularly those which involve hacking the Arelith forums and leaving a ransom note in the style of '90s Computer Hacking Fiction Written By An Out Of Touch Father Who Desperately Wants To Be One Of The Kids'.

In response to this demand, we have decided that we will not be entertaining any ban appeals for users banned in the last 3 months. If you are a banned user who contacts us with credible information concerning the identity of the attacker then we will consider your ban appeal and take your forthrightness into account.

There is nothing we can do to prevent the attackers from leaking the information they have. As players, we know you will be tempted to uncover the player-side identities of the DM team and dive into the DM forums to read up on all the gossip.

We keep the player identities of our DMs secret so that they can play in peace without being hounded by requests or treated differently by players. The disconnect between player identity and DM identity is also an opportunity for the DM to act more objectively towards players without the bias of their player relationships influencing their decision. Please consider the impact on the DM that uncovering and spreading their player identity might have.

The DM forums are a private place for the DM team to discuss players behaviour in a candid way. These internal posts were never meant for public exposure. By reading the information posted within, you may be violating another player's privacy. In some cases, these posts becoming public will humiliate players and make them feel unwelcome on Arelith. The information will be out there - but you don't have to read it. Please consider actively avoiding these leaked posts and reporting players who spread them by contacting us anonymously.

Attacker ransom note tl;dr: imagine being such a loser that you'd have to hack the Arelith forums to get unbanned.

--

If you have any information that might help us discover the attackers' identities, please contact us directly:

Liareth#9765
arelith.server@gmail.com

User avatar
Dunshine
Emeritus Admin
Emeritus Admin
Posts: 1010
Joined: Mon Sep 08, 2014 9:24 am
Location: 51° 38′ NB, 4° 53′ OL

Re: Downtime

Post by Dunshine » Mon Oct 15, 2018 6:15 pm

"today will look like childs play"

It doesn't only look like childs play, it is. Since normal adults don't behave like this.

Post Reply