Thread: Recent Malicious Activity

Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32
  1. #21  
    Donator

    Join Date
    Jun 2014
    Age
    24
    Posts
    157
    Thanks given
    28
    Thanks received
    47
    Discord
    View profile
    Rep Power
    49
    thank you for the update on this.
    Reply With Quote  
     

  2. Thankful user:


  3. #22  
    Owner of Dawntained

    Mgt Madness's Avatar
    Join Date
    Oct 2011
    Age
    26
    Posts
    3,385
    Thanks given
    1,422
    Thanks received
    957
    Rep Power
    2134
    Thanks for the advice.

    Hacks are common even with big corporations, take Yahoo as an example
    Reply With Quote  
     

  4. Thankful users:


  5. #23  
    Head Veteran and Respected Member


    Thakiller's Avatar
    Join Date
    Dec 2006
    Age
    24
    Posts
    2,956
    Thanks given
    1,954
    Thanks received
    3,062
    Rep Power
    5000
    If you’re a server owner, you have a responsibility to keep your systems secure. You’re operating in a scene where people will jump onto any exploit they can and the onus is absolutely on you to keep these exploits to a minimum.
    So if the onus is on them, are they gonna be held accountable for hyping up and launching an unsecured server putting their entire playerbase (not to mention our community they advertise on) at risk? I wouldn't trust these people launching a server here ever again lol.
    Reply With Quote  
     


  6. #24  
    plz dont take my wizard mind bombs Women's Avatar
    Join Date
    Mar 2010
    Posts
    1,875
    Thanks given
    714
    Thanks received
    1,147
    Discord
    View profile
    Rep Power
    4534
    7.1 Malicious Conduct
    Malicious conduct may lead to severe account action. The malicious conduct can vary from denial of service attacks, group/mass spamming, registering an account with intent to cause trouble, and malicious software. This also includes providing software to engage in such acts.
    uwu

    i would assume events like this have happened many times throughout rune-servers history (dunno for sure tho) i'd be interested to know how it was handled in the past, as consistency is important here
    Reply With Quote  
     

  7. #25  






    Omar's Avatar
    Join Date
    Dec 2007
    Posts
    277
    Thanks given
    627
    Thanks received
    771
    Discord
    View profile
    Rep Power
    5000
    Quote Originally Posted by Thakiller View Post
    So if the onus is on them, are they gonna be held accountable for hyping up and launching an unsecured server putting their entire playerbase (not to mention our community they advertise on) at risk? I wouldn't trust these people launching a server here ever again lol.
    Mistakes happen, companies get hacked all the time. In this case, it was a bit of human error, but nothing too egregious. They disclosed the fact that they had been compromised and they were relatively timely about it. I don't think there is any point in punishing them.

    I don't want to start the precedent, really. It'll get messy quick if we start banning people for 0-day exploits in IPB and stuff like that.
    Reply With Quote  
     

  8. Thankful users:


  9. #26  
    Head Veteran and Respected Member


    Thakiller's Avatar
    Join Date
    Dec 2006
    Age
    24
    Posts
    2,956
    Thanks given
    1,954
    Thanks received
    3,062
    Rep Power
    5000
    Quote Originally Posted by Omar View Post
    Mistakes happen, companies get hacked all the time. In this case, it was a bit of human error, but nothing too egregious. They disclosed the fact that they had been compromised and they were relatively timely about it. I don't think there is any point in punishing them.

    I don't want to start the precedent, really. It'll get messy quick if we start banning people for 0-day exploits in IPB and stuff like that.
    Well, the bigger issue that Scu mentioned yesterday is that it's actually 5 servers that are affected, I figured it was just the 3 posted in the OP of this thread. If it was still in the 1-3 servers affected range, they absolutely should be disallowed from advertising any RSPS here in the future. That's what having responsibilities means, it means you face consequences if you don't carry them out. This situation is more unique than that though it seems.

    But with the number at 5 servers and possibly more we just don't know of, it speaks to there being a larger issue that the RSPS owners were in much less control of than originally thought (IPB exploit they couldn't do anything about or w.e). Makes it harder to ensure the "onus" *really is* on the RSPS owners in a situation like this.
    Reply With Quote  
     

  10. Thankful users:


  11. #27  
    Registered Member 2Wavy's Avatar
    Join Date
    May 2021
    Posts
    32
    Thanks given
    9
    Thanks received
    3
    Discord
    View profile
    Rep Power
    32
    Wow, actually had XLSTART on my computer. Didn't download any of the servers listed though, so even if you didn't log in to these 3 servers you might still wanna check.
    Reply With Quote  
     

  12. #28  
    Retired

    Raw Envy's Avatar
    Join Date
    Dec 2010
    Posts
    3,034
    Thanks given
    863
    Thanks received
    1,184
    Rep Power
    3046
    Quote Originally Posted by Thakiller View Post
    Well, the bigger issue that Scu mentioned yesterday is that it's actually 5 servers that are affected, I figured it was just the 3 posted in the OP of this thread. If it was still in the 1-3 servers affected range, they absolutely should be disallowed from advertising any RSPS here in the future. That's what having responsibilities means, it means you face consequences if you don't carry them out. This situation is more unique than that though it seems.

    But with the number at 5 servers and possibly more we just don't know of, it speaks to there being a larger issue that the RSPS owners were in much less control of than originally thought (IPB exploit they couldn't do anything about or w.e). Makes it harder to ensure the "onus" *really is* on the RSPS owners in a situation like this.
    Can't really ban people for 0 day IPB exploits like Omar said, this has been happening for years and the individual that does this is still allowed to own and advertise his server. That is the issue here really. Instead of blaming people the onus should be on the community to spread good security information and yeah still on owners of course but still... When I get time I will make a thread regarding this, but for now people can just view what I posted on the first page unless someone else beats me to making a thread.

    Quote Originally Posted by 2Wavy View Post
    Wow, actually had XLSTART on my computer. Didn't download any of the servers listed though, so even if you didn't log in to these 3 servers you might still wanna check.
    OS-Scape is now fully secure and this won't happen again, the hacker is a 1 trick pony so if you're not using IPB or he doesn't manage to hack an account from previous data leaks or bruteforce attempts the servers are fine.
    Last edited by Raw Envy; 08-09-2021 at 11:48 AM.


    Reply With Quote  
     

  13. Thankful user:


  14. #29  
    Registered MrClassic
    MrClassic's Avatar
    Join Date
    Oct 2008
    Age
    13
    Posts
    2,033
    Thanks given
    22,181
    Thanks received
    521
    Rep Power
    5000
    Maybe this could be helpful for people who are new to security. Just plain basic tutorials how to secure your linux server. Because changing permissions of folders and files won't really do much if you haven't properly secured your server.


    You can easily follow these step-by-step!

    https://www.thefanclub.co.za/how-to/...-part-1-basics

    https://www.informaticar.net/securit...-ubuntu-20-04/

    EDIT:

    Also in this tutorial it shows you how to accept more incoming/outgoing IP's, ports, services... If you need it.

    https://www.digitalocean.com/communi...n-ubuntu-18-04
    Last edited by MrClassic; 08-10-2021 at 12:47 PM.
    Reply With Quote  
     

  15. Thankful user:


  16. #30  
    Registered Member
    Join Date
    Aug 2021
    Posts
    2
    Thanks given
    0
    Thanks received
    5
    Rep Power
    0
    Quote Originally Posted by MrClassic View Post
    Maybe this could be helpful for people who are new to security. Just plain basic tutorials how to secure your linux server. Because changing permissions of folders and files won't really do much if you haven't properly secured your server.


    You can easily follow these step-by-step!

    https://www.thefanclub.co.za/how-to/...-part-1-basics

    https://www.informaticar.net/securit...-ubuntu-20-04/

    EDIT:

    Also in this tutorial it shows you how to accept more incoming/outgoing IP's, ports, services... If you need it.

    https://www.digitalocean.com/communi...n-ubuntu-18-04
    You'd think the top servers would be better at the basics!!!
    Reply With Quote  
     

  17. Thankful users:


Page 3 of 4 FirstFirst 1234 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 53
    Last Post: 09-20-2014, 11:03 AM
  2. My most recent
    By Javotoshop in forum Showcase
    Replies: 2
    Last Post: 06-06-2007, 05:27 AM
  3. Replies: 2
    Last Post: 05-28-2007, 02:11 AM
  4. Recent sigs..Rate them.
    By Da grizzley in forum Showcase
    Replies: 2
    Last Post: 05-18-2007, 02:13 AM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •