Pages: (4) [1] 2 3 ... Last » ( Go to first unread post )
Topic Closed
New Topic
New Poll

 2017-06-13 - Important Forum Notice
Posted: Jun 13 2017, 02:19 AM


Group: Admin
Posts: 9,779
Member No.: 1
Joined: 3-August 07

I've recently been made aware of a security issue with the forum software. This issue would have allowed someone to access sensitive account data, such as e-mail addresses and encrypted passwords. I believe I have found the issue and fixed it to prevent further exploitation (as well as made as few changes reduce the chance of future security holes). This issue only affected the forums. Dragon Cave itself runs from a separate server and was not affected.

I do not have concrete evidence that any data was actually shared beyond the person who originally reported the issue to me; however, I strongly recommend changing your forum password. If your forum password is the same as some other site, you should change those passwords as well. In general, sharing passwords between sites is a bad idea for exactly this reason. There are tools that can help you manage unique passwords per-site, such as 1Password, KeePass, or LastPass.

While the security hole has likely been plugged, it does little to stop the sinking ship that is 14-year-old forum software. The forums have been showing their age for quite some time and are likely a single software upgrade away from falling apart. While I've been slowly working through the process of upgrading to software that is actively maintained, in light of this issue I'm going to be immediately prioritizing this. I don't yet have a timeframe, but the goal is ASAP.

After evaluating several possibilities (such as IPS 4, PHPBB, and vBulletin), the best option appears to be staying with Invision and upgrading to the latest version. The software has changed significantly in the last decade, but I believe it can be sufficiently customized to avoid too much churn. If you have any questions or concerns about this upgrade, feel free to voice them here (yes, I already know of a number of things that people don't like about the new version; don't worry).
Posted: Jun 13 2017, 02:28 AM

Oh hey there

Group: Members
Posts: 3,963
Member No.: 43,833
Joined: 14-July 09

Perhaps it would be helpful to add that you can change your password here.
Posted: Jun 13 2017, 02:48 AM

Level 4

Group: Members
Posts: 372
Member No.: 57,336
Joined: 21-March 10

All ready change my password.

Good luck to every that might be affected.
Posted: Jun 13 2017, 03:14 AM

Level 8

Group: Members
Posts: 1,040
Member No.: 6,820
Joined: 6-July 08

Done. Thank you for the heads up.
Draig Arian
Posted: Jun 13 2017, 03:41 AM

Level 3

Group: Members
Posts: 105
Member No.: 19,596
Joined: 27-October 08

Thanks for the warning!
Posted: Jun 13 2017, 04:49 AM

Coffee is the solution no matter what the problem.

Group: Members
Posts: 2,901
Member No.: 36,069
Joined: 13-March 09

Thank you, TJ, for letting us know and for taking care of the situation.

My paypal was also compromised recently, not sure if it had anything to do with this, but just putting it out there so others know. I did have the same password for both, lesson learned.

This post has been edited by sara4cows on Jun 13 2017, 09:28 AM
Posted: Jun 13 2017, 05:16 AM

Level 2

Group: Members
Posts: 77
Member No.: 211,253
Joined: 19-April 14

Thanks TJ for fixing the issue! Hope no one's info was stolen.
Ruby Eyes
Posted: Jun 13 2017, 05:23 AM

Custom member title

Group: Members
Posts: 9,760
Member No.: 38,969
Joined: 23-April 09

I'm rather happy that you don't plan on going to vBulletin *shudders*

Thanks for the heads up smile.gif
Posted: Jun 13 2017, 05:37 AM

Level 8

Group: Members
Posts: 1,155
Member No.: 76,921
Joined: 23-April 11

Thanks for letting us know TJ. and for taking care of future possible issues.
Posted: Jun 13 2017, 05:45 AM

Level 3

Group: Members
Posts: 144
Member No.: 218,988
Joined: 21-May 15

I know FeralFront migrated forums some time ago and everyone hated it, but I quite liked the new one (although a lot of functionality was gone.) I'm sure a newer forum would have not only better security but probably also more functions. anyways
Posted: Jun 13 2017, 06:12 AM

Level 10

Group: Members
Posts: 5,395
Member No.: 51,531
Joined: 29-November 09

Ok I will change my pw, thank you TJ for letting us know.
Posted: Jun 13 2017, 06:13 AM

Level 7

Group: Members
Posts: 889
Member No.: 51,422
Joined: 27-November 09

Changed my password. Thanks for the update and good luck with upgrading the software!
Posted: Jun 13 2017, 06:20 AM

Level 9

Group: Members
Posts: 1,907
Member No.: 199,626
Joined: 1-February 13

Thank you for the heads-up; hopefully the shift won't break too many things, for your own sanity.
Posted: Jun 13 2017, 06:23 AM

We need more fairy tales where Princess Reasonable saves the day

Group: Members
Posts: 3,645
Member No.: 54,081
Joined: 17-January 10

Thanks for the heads up smile.gif
Posted: Jun 13 2017, 06:24 AM

Last time I looked, I wasn't there.

Group: Members
Posts: 20,491
Member No.: 55,386
Joined: 10-February 10

Thanks heaps; password changed.

Issue already raised last time you suggested this - will you be able to find a way to archive messages to our computers ? (Yes I'm one who hates the LOOK of the place as it would be on the latest version, and the "conversations" instead of messages thing - but that I CAN live with for security.)

This post has been edited by fuzzbucket on Jun 13 2017, 08:32 AM
Posted: Jun 13 2017, 06:33 AM

Yesterday was Tuesday, right? But today is Tuesday, too!

Group: Members
Posts: 2,323
Member No.: 55,455
Joined: 11-February 10

Password changed, thanks for the heads up.
Posted: Jun 13 2017, 06:47 AM

Level 10

Group: Members
Posts: 2,065
Member No.: 7,210
Joined: 14-July 08

Changed my password. Thanks for letting us know.
Posted: Jun 13 2017, 06:47 AM

Cometh The Day...

Group: Members
Posts: 2,979
Member No.: 57,360
Joined: 21-March 10

Changed it, thanks.
Posted: Jun 13 2017, 06:48 AM

Level 7

Group: Members
Posts: 860
Member No.: 212,984
Joined: 8-July 14

Thanks for the notice - it was about time to change that old password of mine anyways. ohmy.gif I'm glad I haven't been using the same one on other sites for a while now.
Posted: Jun 13 2017, 07:39 AM

Level 9

Group: Members
Posts: 1,532
Member No.: 223,077
Joined: 15-January 16

Thank you for letting us know.
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options
Pages: (4) [1] 2 3 ... Last »
Topic Closed
New Topic
New Poll