Forums Outage This Morning

User avatar
Howard Mass
Site Admin
Site Admin
Posts: 66,448
And1: 16,353
Joined: Feb 20, 2001
Location: Longwood, Florida
Contact:
       

Forums Outage This Morning 

Post#1 » by Howard Mass » Tue Aug 17, 2021 10:18 pm

RealGM Users and Viewers,

Overnight, an individual seemingly located in Russia was able to guess a password of an admin. They were spotted and stopped by RealGM's host administrator in minutes. Then we did a survey of everything and performed maintenance with the boards offline (the boards are entirely separate in database and hosting from any other area of RealGM). Nobody's accounts were accessed but this one, and the person did not get any backend access to RealGM's systems so it was not a hack in that way. The person basically logged in like a user (the admin user) would from their computer and played around. They sent a mass email that many received, announcing their feat, and then changed some names of the forums (not usernames), etc., powers that are given to admins but that don't involve deeper access -- essentially the person did some criminal mischief. We restored everything to the most recent backup so some topics and posts are missing. We've made changes on the one user account they accessed so that it has a new password. Pardon the inconvenience and thank you for reading.
R.I.P. Dharam Raghubir (A.K.A. Magnumt)

:beer:
User avatar
Schad
Retired Mod
Retired Mod
Posts: 58,758
And1: 18,143
Joined: Feb 08, 2006
Location: The Goat Rodeo
     

Re: Forums Outage This Morning 

Post#2 » by Schad » Tue Aug 17, 2021 10:43 pm

Let this be a lesson: B4NTH3M4LL might be a satisfying password for an admin, but it's a mite too obvious.
Image
**** your asterisk.
bulls_troy
General Manager
Posts: 8,676
And1: 270
Joined: Apr 09, 2002
 

Re: Forums Outage This Morning 

Post#3 » by bulls_troy » Tue Aug 17, 2021 10:53 pm

Wondered what happened
Twitter: @bulls_troy
User avatar
Sofia
GOTB: Mean Girls
Posts: 30,427
And1: 34,271
Joined: Aug 03, 2008

Re: Forums Outage This Morning 

Post#4 » by Sofia » Tue Aug 17, 2021 11:21 pm

How could Neato do this to us?
lottery is rigged militia
President of the Pharmcat Fanclub
President of the GreatWhiteStiff Fanclub
Free OKCFanSinceSGA
Reddyplayerone = my RealGM bae
NuggetsWY
Retired Mod
Retired Mod
Posts: 10,392
And1: 4,125
Joined: Oct 28, 2015
Location: Cheyenne, WY
 

Re: Forums Outage This Morning 

Post#5 » by NuggetsWY » Wed Aug 18, 2021 12:22 am

People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.
Buzzard
RealGM
Posts: 12,853
And1: 7,524
Joined: May 16, 2018
     

Re: Forums Outage This Morning 

Post#6 » by Buzzard » Wed Aug 18, 2021 4:28 am

NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.

I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.
BAF Pacers: Unleash Trae!

PG Ice Trae
SG Buddy Hield/Luke Kennard/Brandin Podziemski
SF OG Anunoby/Terrence Ross/Kris Murray
PF Richaun Holmes/JaMychal Green/Chris Livingston
C KAT/Mark Williams
User avatar
bwgood77
Global Mod
Global Mod
Posts: 98,287
And1: 61,061
Joined: Feb 06, 2009
Location: Austin
Contact:
   

Re: Forums Outage This Morning 

Post#7 » by bwgood77 » Wed Aug 18, 2021 4:30 pm

Buzzard wrote:
NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.

I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.


It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".
Prokorov
RealGM
Posts: 43,027
And1: 14,679
Joined: Dec 06, 2013

Re: Forums Outage This Morning 

Post#8 » by Prokorov » Wed Aug 18, 2021 4:32 pm

Howard Mass wrote:RealGM Users and Viewers,

Overnight, an individual seemingly located in Russia was able to guess a password of an admin. They were spotted and stopped by RealGM's host administrator in minutes. Then we did a survey of everything and performed maintenance with the boards offline (the boards are entirely separate in database and hosting from any other area of RealGM). Nobody's accounts were accessed but this one, and the person did not get any backend access to RealGM's systems so it was not a hack in that way. The person basically logged in like a user (the admin user) would from their computer and played around. They sent a mass email that many received, announcing their feat, and then changed some names of the forums (not usernames), etc., powers that are given to admins but that don't involve deeper access -- essentially the person did some criminal mischief. We restored everything to the most recent backup so some topics and posts are missing. We've made changes on the one user account they accessed so that it has a new password. Pardon the inconvenience and thank you for reading.


Dont admins not use multi-factor authentication for their accounts?
Prokorov
RealGM
Posts: 43,027
And1: 14,679
Joined: Dec 06, 2013

Re: Forums Outage This Morning 

Post#9 » by Prokorov » Wed Aug 18, 2021 4:36 pm

bwgood77 wrote:
Buzzard wrote:
NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.

I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.


It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".


it likely wasnt guessed. that admins username/email + password combination was probably part of one of the larger breaches and broadcoast on the internet (Collection 1, Collection 2, linkedin breach, equifax breach, etc...)

The admin probably used the same password for realgM as they did for another site that was compromised. (referred to as "password resuse"). this is the most common cause of compromised credentials. In todays landscape, it is not a matter of "if" but "when" your credentials will be compromised on one, or many websites. and if you use a common password for multiple sites, attackers use automation to try that leaked passsword on millions of websites in a matter of minutes/hours and get reported on "hits" and then log in to see what damage they can do or what money they can extract

Anything at an admin level, or that houses critical info/access should at a MINIMUM employ:

1) multi-factor authentication (a code sent to a mobile device or token based code required post login for access)
2) a password management system that prohibits password resuse (LastPass is popular)
3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)
User avatar
bwgood77
Global Mod
Global Mod
Posts: 98,287
And1: 61,061
Joined: Feb 06, 2009
Location: Austin
Contact:
   

Re: Forums Outage This Morning 

Post#10 » by bwgood77 » Wed Aug 18, 2021 5:18 pm

Prokorov wrote:
bwgood77 wrote:
Buzzard wrote:I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.


It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".


it likely wasnt guessed. that admins username/email + password combination was probably part of one of the larger breaches and broadcoast on the internet (Collection 1, Collection 2, linkedin breach, equifax breach, etc...)

The admin probably used the same password for realgM as they did for another site that was compromised. (referred to as "password resuse"). this is the most common cause of compromised credentials. In todays landscape, it is not a matter of "if" but "when" your credentials will be compromised on one, or many websites. and if you use a common password for multiple sites, attackers use automation to try that leaked passsword on millions of websites in a matter of minutes/hours and get reported on "hits" and then log in to see what damage they can do or what money they can extract

Anything at an admin level, or that houses critical info/access should at a MINIMUM employ:

1) multi-factor authentication (a code sent to a mobile device or token based code required post login for access)
2) a password management system that prohibits password resuse (LastPass is popular)
3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)


Right, and not using the same password on multiple sites. But my "guessed" in quotes basically meant that it was hacked (I just used that in quotes since that is what Howard said). I didn't truly think someone was sitting around racking their brain trying to guess an admin's password.
gnif
Site Admin
Site Admin
Posts: 65
And1: 50
Joined: Jan 28, 2016

Re: Forums Outage This Morning 

Post#11 » by gnif » Wed Aug 18, 2021 11:37 pm

Prokorov wrote:3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)


Geo-fencing was effective back when VPNs were not so easy to have/use.

These days attacks like this usually come through a VPN provider like NordVPN. Some hosts block VPN providers specifically due to this issue, but there are many legitimate uses of VPNs like those that are being state-monitored. As such just like geo-fencing, blocking VPN providers is a band-aid fix at best and won't stop a determined attacker.

Usually, these attacks originate in Russia/China but are proxied through other compromised hosts in "trusted" countries, as such any form of Geo-Fencing is nothing more than a bit of an annoyance to the attacker, and a lot of annoyance to legitimate users that are blocked that should not be.

Full disclosure: Please note while I am an Administrator here I am not a RealGM employee, as such my views/opinions are my own and do not reflect the views and/or opinions of RealGM.
HostFission- Full server management monitoring and hosting solutions.
Prokorov
RealGM
Posts: 43,027
And1: 14,679
Joined: Dec 06, 2013

Re: Forums Outage This Morning 

Post#12 » by Prokorov » Thu Aug 19, 2021 2:01 pm

gnif wrote:
Prokorov wrote:3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)


Geo-fencing was effective back when VPNs were not so easy to have/use.

These days attacks like this usually come through a VPN provider like NordVPN. Some hosts block VPN providers specifically due to this issue, but there are many legitimate uses of VPNs like those that are being state-monitored. As such just like geo-fencing, blocking VPN providers is a band-aid fix at best and won't stop a determined attacker.

Usually, these attacks originate in Russia/China but are proxied through other compromised hosts in "trusted" countries, as such any form of Geo-Fencing is nothing more than a bit of an annoyance to the attacker, and a lot of annoyance to legitimate users that are blocked that should not be.

Full disclosure: Please note while I am an Administrator here I am not a RealGM employee, as such my views/opinions are my own and do not reflect the views and/or opinions of RealGM.


Security is about layers. Conditional Access is an important part of that. Geo fencing can be worked around as can most other measures. There is a strong use case for it, as it will block out a ton of volume of attacks that are non-VPN based. The goal isnt to stop 1 attacker, but as many as possible.

We list this as a minimum requirement, because it blocks out such a large volume with such a low cost for implementation. its like an umbrella, you will still get wet, but its blocking a ton of rain drops.

Again, these are just the minimums so you are not guaranteeing a hack (although the assumed breach mentality is ideal anyway). there are tons of better ways to minimize your risk closer to 0 and improve your methods of recovery and mitigation.

but not everyone has 10K a month to dump into a SOC/SIEM
truth18
RealGM
Posts: 38,601
And1: 42,854
Joined: Apr 17, 2011
Location: CELTICS NIGHTMARE

Re: Forums Outage This Morning 

Post#13 » by truth18 » Fri Aug 20, 2021 5:43 pm

This is unacceptable imo.
YOU LOSE
buffbrian
Ballboy
Posts: 12
And1: 2
Joined: Mar 01, 2021
 

Re: Forums Outage This Morning 

Post#14 » by buffbrian » Fri Aug 20, 2021 10:41 pm

Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?
User avatar
azcatz11
RealGM
Posts: 31,341
And1: 35,052
Joined: Apr 13, 2017
Location: Phoenix
     

Re: Forums Outage This Morning 

Post#15 » by azcatz11 » Sat Aug 21, 2021 12:12 am

Is our personal information secure?
Praying for Burrow
User avatar
BKlutch
RealGM
Posts: 18,165
And1: 16,247
Joined: Jan 11, 2015
Location: A magical land of rainbows and cotton candy trees where the Knicks D gonna F you up
   

Re: Forums Outage This Morning 

Post#16 » by BKlutch » Sat Aug 21, 2021 3:53 am

azcatz11 wrote:Is our personal information secure?

No, it never is, but not because of RealGm.
.

____________________
____________________


:basketball: * We have a Brunson Burnerâ„¢ * :basketball:
* Make the Knicks Champs Again *
:basketball: ** GO NY GO NY GO NY GO! ** :basketball:
____________________
____________________

.
.
User avatar
bwgood77
Global Mod
Global Mod
Posts: 98,287
And1: 61,061
Joined: Feb 06, 2009
Location: Austin
Contact:
   

Re: Forums Outage This Morning 

Post#17 » by bwgood77 » Sat Aug 21, 2021 7:22 pm

buffbrian wrote:Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?


Yes, a lot of people. I did.
power_bottom
Ballboy
Posts: 2
And1: 0
Joined: Jun 07, 2021

Re: Forums Outage This Morning 

Post#18 » by power_bottom » Sun Aug 22, 2021 8:54 am

buffbrian wrote:Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?


I did!
User avatar
NightbreeD
Sophomore
Posts: 164
And1: 93
Joined: Jan 18, 2008

Re: Forums Outage This Morning 

Post#19 » by NightbreeD » Mon Aug 23, 2021 5:25 pm

I received an identity monitoring alert this morning from my credit monitoring software that my information was on the dark web. It included my realGM login name, password, and email address. Has anyone else gotten this kind of alert?
User avatar
bwgood77
Global Mod
Global Mod
Posts: 98,287
And1: 61,061
Joined: Feb 06, 2009
Location: Austin
Contact:
   

Re: Forums Outage This Morning 

Post#20 » by bwgood77 » Mon Aug 23, 2021 7:55 pm

NightbreeD wrote:I received an identity monitoring alert this morning from my credit monitoring software that my information was on the dark web. It included my realGM login name, password, and email address. Has anyone else gotten this kind of alert?


I get an alert sometimes from a credit company telling me my realgm password is compromised but it has never been hacked. I have also changed it.

Return to Global Announcements