lfnetwork.com mark read register faq members calendar

Thread: LF security breach
Thread Tools Display Modes
Post a new thread. Indicate all threads in this forum as read. Subscribe to this forum. RSS feed: this forum RSS feed: all forums
Prev Previous Post   Next Post Next
Old 08-21-2011, 03:35 PM   #1
stoffe
Network Caretaker
 
stoffe's Avatar
 
Status: Administrator
Join Date: Apr 2002
Posts: 5,833
Helpful! 10 year veteran! Notable contributor 
LF security breach

It came to our attention a couple of days ago when some friendly neighborhood hacker paid a visit with a stolen supermod account, that Lucasforums had a security breach that resulted in at least parts of its usernames and passwords being downloaded, including the login/password of a few staff members.

As far as I've been able to determine this breach seems to have happened over 3 years ago, before the forum was upgraded, though at least some of the account information stolen at the time is still valid.

From what I've been able to determine after a couple of days of frantic searching and code reading the SQL injection security vulnerability exploited to do this is no longer present in the version of vBulletin we currently use. I've also taken a few extra security precautions just in case.

The Blog feature has been disabled until I've had the time to check it thoroughly for vulnerabilities as well. No time table on how long that will take, but from what I've seen it wasn't used that much anyway, so it's pretty low priority at this point.

So, if you haven't changed your password in a while, now would probably be a good time to do it, just to be safe.

Apologies for the downtime over the past few days, but I felt it was better to play it safe and take the forum offline until this could be more thoroughly investigated and remedied.
stoffe is offline   you may: quote & reply,
Post a new thread. Indicate all threads in this forum as read. Subscribe to this forum. RSS feed: this forum RSS feed: all forums
Go Back   LucasForums > Network > Forum Help & Feedback Center > LF security breach

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:08 PM.

LFNetwork, LLC ©2002-2011 - All rights reserved.
Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.