Thuum.org

A community for the dragon language of The Elder Scrolls V: Skyrim

Thuum.org

A community for the dragon language of The Elder Scrolls V: Skyrim

Home > Site Update February 24, 2016
Page 1 of 2
Site Update February 24, 2016  1  2 > >>  

Mehrunes Dragon

February 24, 2016

If you've been trying to access the site this evening, we apologize for the downtime and thank you for your patience.

We received an email from our web host notifying us that our websites had been compromised and that unsafe files had been loaded onto the server. Our web host quarantined those files, but in addition quarantined the entire web directory, which was why the site was offline for a time. We do not know how the compromise occurred, but believe it may have been through a Wordpress vulnerability on another site hosted on the same server. Thuum.org has been restored now, and we've taken all the steps on our end to address the situation.

Existing site files were not compromised, and neither was the database. At this time we have no reason to believe that any database information was accessed, such as personal or login information. All the same, we encourage you to keep a strong password and change it on a regular basis.

We will keep you updated if we find out more about the situation as we keep chaos and destruction at bay. Thanks again for your patience. Su'um ahrk morah.

paarthurnax
Administrator
February 24, 2016

With that obligatory notice out of the way, this was not the most fun way to spend a Monday night. Unlike the November 2013 hack, which was completely my fault, I'm not entirely sure how this one happened. I've identified Wordpress on another site as the culprit, so I've locked it down until I can pick apart what's going on there.

As far I am currently aware, the only thing that happened as a result of the compromise was a series of obscure files being uploaded to the server (obviously now removed), which triggered the web host's security systems and quarantined the entire directory.

I'll be sure to keep you all updated if I find out more. Meanwhile, business as usual. Keep on doing dragon things.
by paarthurnax
February 24, 2016

With that obligatory notice out of the way, this was not the most fun way to spend a Monday night. Unlike the November 2013 hack, which was completely my fault, I'm not entirely sure how this one happened. I've identified Wordpress on another site as the culprit, so I've locked it down until I can pick apart what's going on there.

As far I am currently aware, the only thing that happened as a result of the compromise was a series of obscure files being uploaded to the server (obviously now removed), which triggered the web host's security systems and quarantined the entire directory.

I'll be sure to keep you all updated if I find out more. Meanwhile, business as usual. Keep on doing dragon things.


Ahkrinfeynvokun
February 24, 2016

Well, that sounds like a fun night. Glad to hear things are back up and running though.

 

It's strange that another site of yours was the source of the whole thing. But I've heard of stramger attacks happen.
by Ahkrinfeynvokun
February 24, 2016

Well, that sounds like a fun night. Glad to hear things are back up and running though.

 

It's strange that another site of yours was the source of the whole thing. But I've heard of stramger attacks happen.


Malboviing
February 24, 2016

Hey, the good thing is, it was stopped (Whatever "it" was). Now all that is left is to figure what that "it" is. 
by Malboviing
February 24, 2016

Hey, the good thing is, it was stopped (Whatever "it" was). Now all that is left is to figure what that "it" is. 


Totem Dovah
February 24, 2016 		Well its been awhile since I have been here So I haven't been able to witness the problem.
[I was quite busy with my pack. My alpha told me I'm the only Dovah in the pack. Mostly grohiik are in the pack.]
by Totem Dovah
February 24, 2016
Well its been awhile since I have been here So I haven't been able to witness the problem.
[I was quite busy with my pack. My alpha told me I'm the only Dovah in the pack. Mostly grohiik are in the pack.]

DovahKiinZaan
February 24, 2016 		Wow, that was unexpected. And I will keep doing 'dragon things'.
by DovahKiinZaan
February 24, 2016
Wow, that was unexpected. And I will keep doing 'dragon things'.

Stormtrooper
February 25, 2016

we are under attack by lizard squad, GET DOWN!
by Stormtrooper
February 25, 2016

we are under attack by lizard squad, GET DOWN!


Totem Dovah
February 25, 2016 		@Haunter�[Lol That was a good pun. Honestly I feel that Lizard Squad should be confronted by Anonymous]
by Totem Dovah
February 25, 2016
@Haunter�[Lol That was a good pun. Honestly I feel that Lizard Squad should be confronted by Anonymous]

scrptrx
February 25, 2016 		Ugh, some people. I've had an entire site deleted before, but that was likely a personal hack attack. I'm not slick enough to know how to 1) hack and 2) prevent hacking, which is one reason I've left the web game. lol. sigh. I don't envy you. Hope your Tuesday was better.
by scrptrx
February 25, 2016
Ugh, some people. I've had an entire site deleted before, but that was likely a personal hack attack. I'm not slick enough to know how to 1) hack and 2) prevent hacking, which is one reason I've left the web game. lol. sigh. I don't envy you. Hope your Tuesday was better.

paarthurnax
Administrator
February 25, 2016
Brynja
Ugh, some people. I've had an entire site deleted before, but that was likely a personal hack attack. I'm not slick enough to know how to 1) hack and 2) prevent hacking, which is one reason I've left the web game. lol. sigh. I don't envy you. Hope your Tuesday was better.

Yes! Tuesday was better. I don't think this was personal or targeted. I suspect it was some kind of automated script that crawled through and did its thing when it found a vulnerability.
by paarthurnax
February 25, 2016
Brynja
Ugh, some people. I've had an entire site deleted before, but that was likely a personal hack attack. I'm not slick enough to know how to 1) hack and 2) prevent hacking, which is one reason I've left the web game. lol. sigh. I don't envy you. Hope your Tuesday was better.

Yes! Tuesday was better. I don't think this was personal or targeted. I suspect it was some kind of automated script that crawled through and did its thing when it found a vulnerability.


onikmey
February 26, 2016 		Error message is "mehrunes dragon". That pun makes my day
by onikmey
February 26, 2016
Error message is "mehrunes dragon". That pun makes my day

Katherine
February 28, 2016 		Surely passwords are properly salt'd with some pepper before being stored, or are they plaintext?
by Katherine
February 28, 2016
Surely passwords are properly salt'd with some pepper before being stored, or are they plaintext?

DovahKiinZaan
February 28, 2016 		I hope they're not plaintext.
by DovahKiinZaan
February 28, 2016
I hope they're not plaintext.

paarthurnax
Administrator
February 28, 2016
Katherine
Surely passwords are properly salt'd with some pepper before being stored, or are they plaintext?

Yes, they are absolutely encrypted. They are not stored as plaintext.
by paarthurnax
February 28, 2016
Katherine
Surely passwords are properly salt'd with some pepper before being stored, or are they plaintext?

Yes, they are absolutely encrypted. They are not stored as plaintext.


paarthurnax
Administrator
March 1, 2016

Well, same shit different day.

It looks like not all of the malicious files were quarantined, and the malicious files were being used to send spam email, which resulted in the web hosting account being suspended.

The website has been reuploaded entirely from scratch, so it should be completely clean. Let me know if you see anything that might be missing or broken.
by paarthurnax
March 1, 2016

Well, same shit different day.

It looks like not all of the malicious files were quarantined, and the malicious files were being used to send spam email, which resulted in the web hosting account being suspended.

The website has been reuploaded entirely from scratch, so it should be completely clean. Let me know if you see anything that might be missing or broken.


Zero The Legend
March 1, 2016

I honestly strongly dislike the new translator...change it back to the original one please? or maybe a combonation of the two? 
by Zero The Legend
March 1, 2016

I honestly strongly dislike the new translator...change it back to the original one please? or maybe a combonation of the two? 

 1  2 > >>  

Language

Community

Social

This is an independent site and is not affiliated with Bethesda Softworks, LLC
Background art by Adam Adamowicz