Forums Outage This Morning
Forums Outage This Morning
- Howard Mass
- Site Admin
- Posts: 65,548
- And1: 15,954
- Joined: Feb 20, 2001
- Location: Longwood, Florida
- Contact:
Forums Outage This Morning
RealGM Users and Viewers,
Overnight, an individual seemingly located in Russia was able to guess a password of an admin. They were spotted and stopped by RealGM's host administrator in minutes. Then we did a survey of everything and performed maintenance with the boards offline (the boards are entirely separate in database and hosting from any other area of RealGM). Nobody's accounts were accessed but this one, and the person did not get any backend access to RealGM's systems so it was not a hack in that way. The person basically logged in like a user (the admin user) would from their computer and played around. They sent a mass email that many received, announcing their feat, and then changed some names of the forums (not usernames), etc., powers that are given to admins but that don't involve deeper access -- essentially the person did some criminal mischief. We restored everything to the most recent backup so some topics and posts are missing. We've made changes on the one user account they accessed so that it has a new password. Pardon the inconvenience and thank you for reading.
Overnight, an individual seemingly located in Russia was able to guess a password of an admin. They were spotted and stopped by RealGM's host administrator in minutes. Then we did a survey of everything and performed maintenance with the boards offline (the boards are entirely separate in database and hosting from any other area of RealGM). Nobody's accounts were accessed but this one, and the person did not get any backend access to RealGM's systems so it was not a hack in that way. The person basically logged in like a user (the admin user) would from their computer and played around. They sent a mass email that many received, announcing their feat, and then changed some names of the forums (not usernames), etc., powers that are given to admins but that don't involve deeper access -- essentially the person did some criminal mischief. We restored everything to the most recent backup so some topics and posts are missing. We've made changes on the one user account they accessed so that it has a new password. Pardon the inconvenience and thank you for reading.
R.I.P. Dharam Raghubir (A.K.A. Magnumt)
Re: Forums Outage This Morning
- Schad
- Retired Mod
- Posts: 57,724
- And1: 17,384
- Joined: Feb 08, 2006
- Location: The Goat Rodeo
Re: Forums Outage This Morning
Let this be a lesson: B4NTH3M4LL might be a satisfying password for an admin, but it's a mite too obvious.
**** your asterisk.
Re: Forums Outage This Morning
-
- General Manager
- Posts: 8,676
- And1: 270
- Joined: Apr 09, 2002
Re: Forums Outage This Morning
- Sofia
- GOTB: Mean Girls
- Posts: 29,318
- And1: 31,731
- Joined: Aug 03, 2008
Re: Forums Outage This Morning
How could Neato do this to us?
Founder - Wembanyama GOAT club - waitlist registrations being accepted
President of the Pharmcat Fanclub
President of the GreatWhiteStiff Fanclub
President of the Pharmcat Fanclub
President of the GreatWhiteStiff Fanclub
Re: Forums Outage This Morning
-
- Retired Mod
- Posts: 10,323
- And1: 4,056
- Joined: Oct 28, 2015
- Location: Cheyenne, WY
Re: Forums Outage This Morning
People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.
There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.
People often use the same password for everything in the world --- understandable, but dangerous.
There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.
Re: Forums Outage This Morning
-
- RealGM
- Posts: 12,853
- And1: 7,522
- Joined: May 16, 2018
Re: Forums Outage This Morning
NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.
There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.
I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.
BAF Pacers: Unleash Trae!
PG Ice Trae
SG Buddy Hield/Luke Kennard/Brandin Podziemski
SF OG Anunoby/Terrence Ross/Kris Murray
PF Richaun Holmes/JaMychal Green/Chris Livingston
C KAT/Mark Williams
PG Ice Trae
SG Buddy Hield/Luke Kennard/Brandin Podziemski
SF OG Anunoby/Terrence Ross/Kris Murray
PF Richaun Holmes/JaMychal Green/Chris Livingston
C KAT/Mark Williams
Re: Forums Outage This Morning
- bwgood77
- Global Mod
- Posts: 94,731
- And1: 58,392
- Joined: Feb 06, 2009
- Location: Austin
- Contact:
Re: Forums Outage This Morning
Buzzard wrote:NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.
There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.
I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.
It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".
Re: Forums Outage This Morning
-
- RealGM
- Posts: 43,027
- And1: 14,677
- Joined: Dec 06, 2013
Re: Forums Outage This Morning
Howard Mass wrote:RealGM Users and Viewers,
Overnight, an individual seemingly located in Russia was able to guess a password of an admin. They were spotted and stopped by RealGM's host administrator in minutes. Then we did a survey of everything and performed maintenance with the boards offline (the boards are entirely separate in database and hosting from any other area of RealGM). Nobody's accounts were accessed but this one, and the person did not get any backend access to RealGM's systems so it was not a hack in that way. The person basically logged in like a user (the admin user) would from their computer and played around. They sent a mass email that many received, announcing their feat, and then changed some names of the forums (not usernames), etc., powers that are given to admins but that don't involve deeper access -- essentially the person did some criminal mischief. We restored everything to the most recent backup so some topics and posts are missing. We've made changes on the one user account they accessed so that it has a new password. Pardon the inconvenience and thank you for reading.
Dont admins not use multi-factor authentication for their accounts?
Re: Forums Outage This Morning
-
- RealGM
- Posts: 43,027
- And1: 14,677
- Joined: Dec 06, 2013
Re: Forums Outage This Morning
bwgood77 wrote:Buzzard wrote:NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.
There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.
I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.
It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".
it likely wasnt guessed. that admins username/email + password combination was probably part of one of the larger breaches and broadcoast on the internet (Collection 1, Collection 2, linkedin breach, equifax breach, etc...)
The admin probably used the same password for realgM as they did for another site that was compromised. (referred to as "password resuse"). this is the most common cause of compromised credentials. In todays landscape, it is not a matter of "if" but "when" your credentials will be compromised on one, or many websites. and if you use a common password for multiple sites, attackers use automation to try that leaked passsword on millions of websites in a matter of minutes/hours and get reported on "hits" and then log in to see what damage they can do or what money they can extract
Anything at an admin level, or that houses critical info/access should at a MINIMUM employ:
1) multi-factor authentication (a code sent to a mobile device or token based code required post login for access)
2) a password management system that prohibits password resuse (LastPass is popular)
3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)
Re: Forums Outage This Morning
- bwgood77
- Global Mod
- Posts: 94,731
- And1: 58,392
- Joined: Feb 06, 2009
- Location: Austin
- Contact:
Re: Forums Outage This Morning
Prokorov wrote:bwgood77 wrote:Buzzard wrote:I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.
It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".
it likely wasnt guessed. that admins username/email + password combination was probably part of one of the larger breaches and broadcoast on the internet (Collection 1, Collection 2, linkedin breach, equifax breach, etc...)
The admin probably used the same password for realgM as they did for another site that was compromised. (referred to as "password resuse"). this is the most common cause of compromised credentials. In todays landscape, it is not a matter of "if" but "when" your credentials will be compromised on one, or many websites. and if you use a common password for multiple sites, attackers use automation to try that leaked passsword on millions of websites in a matter of minutes/hours and get reported on "hits" and then log in to see what damage they can do or what money they can extract
Anything at an admin level, or that houses critical info/access should at a MINIMUM employ:
1) multi-factor authentication (a code sent to a mobile device or token based code required post login for access)
2) a password management system that prohibits password resuse (LastPass is popular)
3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)
Right, and not using the same password on multiple sites. But my "guessed" in quotes basically meant that it was hacked (I just used that in quotes since that is what Howard said). I didn't truly think someone was sitting around racking their brain trying to guess an admin's password.
Re: Forums Outage This Morning
-
- Site Admin
- Posts: 65
- And1: 50
- Joined: Jan 28, 2016
Re: Forums Outage This Morning
Prokorov wrote:3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)
Geo-fencing was effective back when VPNs were not so easy to have/use.
These days attacks like this usually come through a VPN provider like NordVPN. Some hosts block VPN providers specifically due to this issue, but there are many legitimate uses of VPNs like those that are being state-monitored. As such just like geo-fencing, blocking VPN providers is a band-aid fix at best and won't stop a determined attacker.
Usually, these attacks originate in Russia/China but are proxied through other compromised hosts in "trusted" countries, as such any form of Geo-Fencing is nothing more than a bit of an annoyance to the attacker, and a lot of annoyance to legitimate users that are blocked that should not be.
Full disclosure: Please note while I am an Administrator here I am not a RealGM employee, as such my views/opinions are my own and do not reflect the views and/or opinions of RealGM.
HostFission- Full server management monitoring and hosting solutions.
Re: Forums Outage This Morning
-
- RealGM
- Posts: 43,027
- And1: 14,677
- Joined: Dec 06, 2013
Re: Forums Outage This Morning
gnif wrote:Prokorov wrote:3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)
Geo-fencing was effective back when VPNs were not so easy to have/use.
These days attacks like this usually come through a VPN provider like NordVPN. Some hosts block VPN providers specifically due to this issue, but there are many legitimate uses of VPNs like those that are being state-monitored. As such just like geo-fencing, blocking VPN providers is a band-aid fix at best and won't stop a determined attacker.
Usually, these attacks originate in Russia/China but are proxied through other compromised hosts in "trusted" countries, as such any form of Geo-Fencing is nothing more than a bit of an annoyance to the attacker, and a lot of annoyance to legitimate users that are blocked that should not be.
Full disclosure: Please note while I am an Administrator here I am not a RealGM employee, as such my views/opinions are my own and do not reflect the views and/or opinions of RealGM.
Security is about layers. Conditional Access is an important part of that. Geo fencing can be worked around as can most other measures. There is a strong use case for it, as it will block out a ton of volume of attacks that are non-VPN based. The goal isnt to stop 1 attacker, but as many as possible.
We list this as a minimum requirement, because it blocks out such a large volume with such a low cost for implementation. its like an umbrella, you will still get wet, but its blocking a ton of rain drops.
Again, these are just the minimums so you are not guaranteeing a hack (although the assumed breach mentality is ideal anyway). there are tons of better ways to minimize your risk closer to 0 and improve your methods of recovery and mitigation.
but not everyone has 10K a month to dump into a SOC/SIEM
Re: Forums Outage This Morning
-
- RealGM
- Posts: 38,601
- And1: 42,854
- Joined: Apr 17, 2011
- Location: CELTICS NIGHTMARE
Re: Forums Outage This Morning
-
- Ballboy
- Posts: 12
- And1: 2
- Joined: Mar 01, 2021
Re: Forums Outage This Morning
Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?
Re: Forums Outage This Morning
- azcatz11
- RealGM
- Posts: 24,616
- And1: 29,069
- Joined: Apr 13, 2017
- Location: Phoenix
Re: Forums Outage This Morning
Is our personal information secure?
Re: Forums Outage This Morning
- BKlutch
- RealGM
- Posts: 16,159
- And1: 13,859
- Joined: Jan 11, 2015
- Location: A magical land of rainbows and cotton candy trees where the Knicks D gonna F you up
Re: Forums Outage This Morning
azcatz11 wrote:Is our personal information secure?
No, it never is, but not because of RealGm.
.
__________________________________________________________
__________________________________________________________
The SuperNova Knicks lighting up the NBA!
__________________________________________________________
__________________________________________________________
.
.
__________________________________________________________
__________________________________________________________
The SuperNova Knicks lighting up the NBA!
__________________________________________________________
__________________________________________________________
.
.
Re: Forums Outage This Morning
- bwgood77
- Global Mod
- Posts: 94,731
- And1: 58,392
- Joined: Feb 06, 2009
- Location: Austin
- Contact:
Re: Forums Outage This Morning
buffbrian wrote:Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?
Yes, a lot of people. I did.
Re: Forums Outage This Morning
-
- Ballboy
- Posts: 2
- And1: 0
- Joined: Jun 07, 2021
Re: Forums Outage This Morning
buffbrian wrote:Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?
I did!
Re: Forums Outage This Morning
- NightbreeD
- Sophomore
- Posts: 162
- And1: 88
- Joined: Jan 18, 2008
Re: Forums Outage This Morning
I received an identity monitoring alert this morning from my credit monitoring software that my information was on the dark web. It included my realGM login name, password, and email address. Has anyone else gotten this kind of alert?
Re: Forums Outage This Morning
- bwgood77
- Global Mod
- Posts: 94,731
- And1: 58,392
- Joined: Feb 06, 2009
- Location: Austin
- Contact:
Re: Forums Outage This Morning
NightbreeD wrote:I received an identity monitoring alert this morning from my credit monitoring software that my information was on the dark web. It included my realGM login name, password, and email address. Has anyone else gotten this kind of alert?
I get an alert sometimes from a credit company telling me my realgm password is compromised but it has never been hacked. I have also changed it.
Return to Global Announcements