Thread: Recent Malicious Activity

Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32
  1. #1 Recent Malicious Activity 
    DONDA DONDA DONDA DONDA


    Jay Gatsby's Avatar
    Join Date
    Jun 2010
    Posts
    2,275
    Thanks given
    1,070
    Thanks received
    1,731
    Discord
    View profile
    Rep Power
    5000
    Hi,

    It’s recently come to our attention that a handful of servers have unfortunately been targeted in a string of malicious attacks. As a result of this, user details have been compromised and users may still be infected.

    The servers that we know have had user data compromised are:


    • OS-Scape
    • Luminite
    • Solak


    If you have downloaded any files from the above three servers, we recommend doing a comprehensive malware scan to ensure you’re not infected. You should also change your passwords immediately.

    In the case of OS-Scape, you should search for a file called ‘ScapeFiles.jar’, particularly in the following directories:
    Code:
    %appdata%/Roaming/os-scape
    %appdata%/Local/os-scape
    In the case of Luminite & Solak, you should search for a file called ‘XLSTART.jar’, particularly in the following directory:
    Code:
    %appdata%/Roaming/Microsoft/Excel
    Please note that in the above examples, you should scan your entire PC for these files, they may be hidden elsewhere. You can use a tool such as https://www.voidtools.com/ to search your entire PC for a particular file.

    As a reminder, you should, where possible, be taking full advantage of two factor authentication as well as performing regular scans and sandboxing any files that come from providers you do not completely trust.

    All of the servers above have informed their existing user bases about the breach and we believe that, whilst there was a level of negligence here, the management behind these servers weren’t acting maliciously. As such we won’t be taking action against these servers. We will be continuing to observe the response time of servers notifying users about breaches, and if we feel they’re intentionally misleading or delaying users of these breaches, we will likely take action.


    If you’re a server owner, you have a responsibility to keep your systems secure. You’re operating in a scene where people will jump onto any exploit they can and the onus is absolutely on you to keep these exploits to a minimum. There are lots of documented ways to do this and below are some guides that may help with this:


    Thanks,
    Rune-Server Staff
    Last edited by Jay Gatsby; 08-02-2021 at 10:48 PM.
    Reply With Quote  
     


  2. #2  
    zen2
    Corey's Avatar
    Join Date
    Feb 2012
    Age
    24
    Posts
    1,426
    Thanks given
    1,129
    Thanks received
    1,579
    Discord
    View profile
    Rep Power
    5000
    thanks dad
    Reply With Quote  
     


  3. #3  
    OS-Scape

    Raw Envy's Avatar
    Join Date
    Dec 2010
    Posts
    3,029
    Thanks given
    861
    Thanks received
    1,179
    Rep Power
    3021
    Cheers Jay, I'll be making a post at some point on some tips for securing a web server. I know obviously there were some shortcomings in OS-Scape configurations, but this was because of the various flaws in the IPB forum software and the unfortunate event of our admins password became compromised so the hacker had an entry point to exploit IPB's security shortcomings.

    For now, few things that RSPS owners can do to their websites:

    - Use CloudFlare Pro, its $20 a month and gives you a WAF (web application firewall) which has a bunch of useful built in rules to stop common exploits.
    - Only allow addresses originating from CloudFlare IPs
    - Disable all vulnerable PHP functions in your config
    - Ideally avoid IPB, but if you can't just make sure to allow only access for ANY staff member to login by using 2FA not just protected areas (as the admin hacked on OSS was compromised before he setup 2FA and then the hacker setup 2FA)
    - More IPB security tips: https://www.rootusers.com/how-to-sec...wer-board-ipb/
    - Use separate Docker containers for your main site and forum and use a different network interface for each
    - Ensure your folders use the following permission set: directories to 755 and your files to 644
    - Host client links external to your site and code sign where possible
    - Set your allowed file types to only accept images/videos for posts to avoid XSS attempts
    - Ensure you are using up to date application versions


    Reply With Quote  
     


  4. #4  
    Registered Member
    CABLE's Avatar
    Join Date
    Mar 2015
    Age
    29
    Posts
    1,264
    Thanks given
    193
    Thanks received
    303
    Discord
    View profile
    Rep Power
    748
    thanks buddy
    Reply With Quote  
     

  5. Thankful user:


  6. #5  
    Registered Member

    Join Date
    Feb 2010
    Posts
    3,236
    Thanks given
    1,140
    Thanks received
    873
    Discord
    View profile
    Rep Power
    1872
    Good thread
    Reply With Quote  
     

  7. Thankful user:


  8. #6  
    Ⱨ₳Ɽ₳₥ ₳₴ ₣Ʉ₵₭

    Owain's Avatar
    Join Date
    Sep 2014
    Age
    24
    Posts
    2,839
    Thanks given
    2,274
    Thanks received
    2,132
    Discord
    View profile
    Rep Power
    5000
    Thanks, was wondering if a proper announcement was going to be made or not.



    The pioneering custom server network

    Spoiler for wat:








    Reply With Quote  
     

  9. Thankful user:


  10. #7  
    Day
    Day is offline
    Extreme Donator

    Day's Avatar
    Join Date
    Dec 2014
    Posts
    106
    Thanks given
    18
    Thanks received
    89
    Discord
    View profile
    Rep Power
    836
    sad to think people still do this kind of thing to servers..
    Reply With Quote  
     

  11. Thankful user:


  12. #8  
    08-13, SpawnScape Owner

    jet kai's Avatar
    Join Date
    Dec 2009
    Age
    26
    Posts
    865
    Thanks given
    596
    Thanks received
    815
    Discord
    View profile
    Rep Power
    5000
    Great write-up Jay! I am almost done with my little Jar Scanner web app which may help players who don’t understand how to decompile and inspect suspicious code.
    Reply With Quote  
     

  13. Thankful users:


  14. #9  
    "We don’t worry about warnings; we only worry about errors."
    Rozo's Avatar
    Join Date
    Dec 2013
    Posts
    574
    Thanks given
    51
    Thanks received
    69
    Discord
    View profile
    Rep Power
    49
    Thanks for the informative post Jay, i'm sure this will help clear some things in the air and help the infected victims and prevent this from happening in the future.
    A man is smoking a cigarette and blowing smoke rings into the air. His girlfriend becomes irritated with the smoke and says, “Can’t you see the warning on the cigarette pack? Smoking is hazardous to your health!”

    To which the man replies, “I am a programmer. We don’t worry about warnings; we only worry about errors.” -Mod Ash

    Reply With Quote  
     

  15. Thankful user:


  16. #10  
    Glory-PS Owner

    Benneh's Avatar
    Join Date
    Nov 2015
    Posts
    196
    Thanks given
    129
    Thanks received
    93
    Discord
    View profile
    Rep Power
    464
    Daddy
    Quote Originally Posted by Corey View Post
    Vouch for Benneh

    Worked with him for a month. He's professional and always on time with posts, always interested in how the server is doing and how he can can improve and help in any way.
    Reply With Quote  
     

  17. Thankful user:


Page 1 of 4 123 ... LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 53
    Last Post: 09-20-2014, 11:03 AM
  2. My most recent
    By Javotoshop in forum Showcase
    Replies: 2
    Last Post: 06-06-2007, 05:27 AM
  3. Replies: 2
    Last Post: 05-28-2007, 02:11 AM
  4. Recent sigs..Rate them.
    By Da grizzley in forum Showcase
    Replies: 2
    Last Post: 05-18-2007, 02:13 AM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •