Print Page | Close Window

Forum Security

Printed From: Illyriad
Category: News & Announcements
Forum Name: News & Announcements
Forum Description: Changes, patch release dates, server launch dates, downtime notifications etc.
URL: http://forum.illyriad.co.uk/forum_posts.asp?TID=10724
Printed Date: 14 Aug 2020 at 03:54
Software Version: Web Wiz Forums 12.03 - http://www.webwizforums.com


Topic: Forum Security
Posted By: GM Stormcrow
Subject: Forum Security
Date Posted: 13 Dec 2019 at 18:44
Hi everyone,

At 12:04 today, an unauthorised person gained access to some of the admin functions of the Illyriad Forums, and replaced the header and footer of the forum with a note about the forum being hacked.

Our forums are provided and hosted by a third party provider, and they assure us that there is no underlying issue or vulnerability in the forum software or hosted environment.

Our forum provider says that it appears that a compromised password from an old administrative account was used to access the memberlist and layout functions of the forum.  It was this that enabled the intruder to replace the forum header with a message about the forum being hacked.   Attempts by this person to upload scripts and other files were blocked by further layers of our forum providers' security.

Please note that:

a) This breach in no way affected the game servers or game data itself.  The forum and the game are kept entirely separate (which is why you have different login credentials for each).  Different servers, different hosting providers, different login credentials, different datacenters.  

b) Our forum provider assures us that your passwords are all one-way encrypted, and that no-one (not even our forum provider) has access to your passwords. 

c) Whilst there is no bulk data export function from the forum's admin interface, it is possible that - by screen scraping each members' individual admin page - the intruder has a copy of the email address you provided to us when you first opened your forum account.  

d) To rectify the issue, our forum provider has: 
 i) taken the forum down, 
ii) changed all the admin passwords,
 iii) checked any and every file changed (such as the page headers and footers) & forum admin functions accessed,
iv) ran the forum back to this morning's backup (so any posts since about 0100 this morning will have disappeared), and 
v) brought the forum back to live

We believe that everything on the forum is back and running as normal, but we are certainly keeping a close eye on everything.  Our forum software provider is running further audits and security tests.

We've been in touch with the Information Commissioner's Office in the UK, and they have informed us that under the current circumstances this does not qualify as a personal data breach that requires formal reporting under the UK's Data Protection Act (2018).

Obviously - wherever the fault lies - we apologise unreservedly.

If you have any further questions, please feel free to ask them (as its regarding security, probably best via an ingame petition), and we'll get back to you as soon as we possibly can.

Regards,

SC



Replies:
Posted By: jamesroy
Date Posted: 18 Jun 2020 at 12:53
Thank u for your information.

-------------

Get to know about https://www.fieldengineer.com/skills/bisci-technician" rel="nofollow - BICSI Technician .



Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.03 - http://www.webwizforums.com
Copyright ©2001-2019 Web Wiz Ltd. - https://www.webwiz.net