Thread: Recent Malicious Activity

Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32
  1. #1 Recent Malicious Activity 
    So when I'm free, I'm free


    Jay Gatsby's Avatar
    Join Date
    Jun 2010
    Posts
    2,307
    Thanks given
    1,148
    Thanks received
    1,982
    Rep Power
    5000
    Hi,

    It’s recently come to our attention that a handful of servers have unfortunately been targeted in a string of malicious attacks. As a result of this, user details have been compromised and users may still be infected.

    The servers that we know have had user data compromised are:


    • OS-Scape
    • Luminite
    • Solak


    If you have downloaded any files from the above three servers, we recommend doing a comprehensive malware scan to ensure you’re not infected. You should also change your passwords immediately.

    In the case of OS-Scape, you should search for a file called ‘ScapeFiles.jar’, particularly in the following directories:
    Code:
    %appdata%/Roaming/os-scape
    %appdata%/Local/os-scape
    In the case of Luminite & Solak, you should search for a file called ‘XLSTART.jar’, particularly in the following directory:
    Code:
    %appdata%/Roaming/Microsoft/Excel
    Please note that in the above examples, you should scan your entire PC for these files, they may be hidden elsewhere. You can use a tool such as https://www.voidtools.com/ to search your entire PC for a particular file.

    As a reminder, you should, where possible, be taking full advantage of two factor authentication as well as performing regular scans and sandboxing any files that come from providers you do not completely trust.

    All of the servers above have informed their existing user bases about the breach and we believe that, whilst there was a level of negligence here, the management behind these servers weren’t acting maliciously. As such we won’t be taking action against these servers. We will be continuing to observe the response time of servers notifying users about breaches, and if we feel they’re intentionally misleading or delaying users of these breaches, we will likely take action.


    If you’re a server owner, you have a responsibility to keep your systems secure. You’re operating in a scene where people will jump onto any exploit they can and the onus is absolutely on you to keep these exploits to a minimum. There are lots of documented ways to do this and below are some guides that may help with this:


    Thanks,
    Rune-Server Staff
    Last edited by Jay Gatsby; 08-02-2021 at 10:48 PM.
    Reply With Quote  
     


  2. #2  
    Blurite

    Corey's Avatar
    Join Date
    Feb 2012
    Age
    26
    Posts
    1,491
    Thanks given
    1,245
    Thanks received
    1,729
    Rep Power
    5000
    thanks dad
    Attached image
    Reply With Quote  
     


  3. #3  
    Vitality

    Raw Envy's Avatar
    Join Date
    Dec 2010
    Posts
    3,034
    Thanks given
    869
    Thanks received
    1,186
    Rep Power
    3054
    Cheers Jay, I'll be making a post at some point on some tips for securing a web server. I know obviously there were some shortcomings in OS-Scape configurations, but this was because of the various flaws in the IPB forum software and the unfortunate event of our admins password became compromised so the hacker had an entry point to exploit IPB's security shortcomings.

    For now, few things that RSPS owners can do to their websites:

    - Use CloudFlare Pro, its $20 a month and gives you a WAF (web application firewall) which has a bunch of useful built in rules to stop common exploits.
    - Only allow addresses originating from CloudFlare IPs
    - Disable all vulnerable PHP functions in your config
    - Ideally avoid IPB, but if you can't just make sure to allow only access for ANY staff member to login by using 2FA not just protected areas (as the admin hacked on OSS was compromised before he setup 2FA and then the hacker setup 2FA)
    - More IPB security tips: https://www.rootusers.com/how-to-sec...wer-board-ipb/
    - Use separate Docker containers for your main site and forum and use a different network interface for each
    - Ensure your folders use the following permission set: directories to 755 and your files to 644
    - Host client links external to your site and code sign where possible
    - Set your allowed file types to only accept images/videos for posts to avoid XSS attempts
    - Ensure you are using up to date application versions
    Reply With Quote  
     


  4. #4  
    Banned

    Join Date
    Mar 2015
    Age
    31
    Posts
    1,332
    Thanks given
    215
    Thanks received
    329
    Rep Power
    0
    thanks buddy
    Reply With Quote  
     

  5. Thankful user:


  6. #5  
    Registered Member

    Join Date
    Feb 2010
    Posts
    3,253
    Thanks given
    1,145
    Thanks received
    909
    Rep Power
    2081
    Good thread
    Reply With Quote  
     

  7. Thankful user:


  8. #6  
    'Slutty McFur'

    Owain's Avatar
    Join Date
    Sep 2014
    Age
    26
    Posts
    2,894
    Thanks given
    2,360
    Thanks received
    2,200
    Rep Power
    5000
    Thanks, was wondering if a proper announcement was going to be made or not.


    Spoiler for wat:
    Attached image
    Attached image

    Attached image


    Reply With Quote  
     

  9. Thankful user:


  10. #7  
    Extreme Donator

    Day's Avatar
    Join Date
    Dec 2014
    Posts
    125
    Thanks given
    25
    Thanks received
    140
    Rep Power
    1410
    sad to think people still do this kind of thing to servers..
    Reply With Quote  
     

  11. Thankful user:


  12. #8  
    08-13, SpawnScape Owner

    jet kai's Avatar
    Join Date
    Dec 2009
    Age
    28
    Posts
    870
    Thanks given
    630
    Thanks received
    957
    Rep Power
    5000
    Great write-up Jay! I am almost done with my little Jar Scanner web app which may help players who don’t understand how to decompile and inspect suspicious code.
    Reply With Quote  
     

  13. Thankful users:


  14. #9  
    "We don’t worry about warnings; we only worry about errors."
    Rozo's Avatar
    Join Date
    Dec 2013
    Posts
    573
    Thanks given
    53
    Thanks received
    70
    Rep Power
    49
    Thanks for the informative post Jay, i'm sure this will help clear some things in the air and help the infected victims and prevent this from happening in the future.
    A man is smoking a cigarette and blowing smoke rings into the air. His girlfriend becomes irritated with the smoke and says, “Can’t you see the warning on the cigarette pack? Smoking is hazardous to your health!”

    To which the man replies, “I am a programmer. We don’t worry about warnings; we only worry about errors.” -Mod Ash

    Attached image
    Reply With Quote  
     

  15. Thankful user:


  16. #10  
    Extreme Donator

    Benneh's Avatar
    Join Date
    Nov 2015
    Posts
    199
    Thanks given
    133
    Thanks received
    102
    Rep Power
    464
    Daddy
    Quote Originally Posted by Corey View Post
    Vouch for Benneh

    Worked with him for a month. He's professional and always on time with posts, always interested in how the server is doing and how he can can improve and help in any way.
    Reply With Quote  
     

  17. Thankful user:


Page 1 of 4 123 ... LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 53
    Last Post: 09-20-2014, 11:03 AM
  2. My most recent
    By Javotoshop in forum Showcase
    Replies: 2
    Last Post: 06-06-2007, 05:27 AM
  3. Replies: 2
    Last Post: 05-28-2007, 02:11 AM
  4. Recent sigs..Rate them.
    By Da grizzley in forum Showcase
    Replies: 2
    Last Post: 05-18-2007, 02:13 AM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •