Pages: (4) [1] 2 3 ... Last » ( Go to first unread post )
Topic Closed
New Topic
New Poll

 2017-06-13 - Important Forum Notice
TJ09TJ09TJ09
Posted: Jun 13 2017, 02:19 AM


(☞゚ヮ゚)☞
************

Group: Admin
Posts: 9,779
Member No.: 1
Joined: 3-August 07



 
I've recently been made aware of a security issue with the forum software. This issue would have allowed someone to access sensitive account data, such as e-mail addresses and encrypted passwords. I believe I have found the issue and fixed it to prevent further exploitation (as well as made as few changes reduce the chance of future security holes). This issue only affected the forums. Dragon Cave itself runs from a separate server and was not affected.

I do not have concrete evidence that any data was actually shared beyond the person who originally reported the issue to me; however, I strongly recommend changing your forum password. If your forum password is the same as some other site, you should change those passwords as well. In general, sharing passwords between sites is a bad idea for exactly this reason. There are tools that can help you manage unique passwords per-site, such as 1Password, KeePass, or LastPass.

While the security hole has likely been plugged, it does little to stop the sinking ship that is 14-year-old forum software. The forums have been showing their age for quite some time and are likely a single software upgrade away from falling apart. While I've been slowly working through the process of upgrading to software that is actively maintained, in light of this issue I'm going to be immediately prioritizing this. I don't yet have a timeframe, but the goal is ASAP.

After evaluating several possibilities (such as IPS 4, PHPBB, and vBulletin), the best option appears to be staying with Invision and upgrading to the latest version. The software has changed significantly in the last decade, but I believe it can be sufficiently customized to avoid too much churn. If you have any questions or concerns about this upgrade, feel free to voice them here (yes, I already know of a number of things that people don't like about the new version; don't worry).
Corteo
Posted: Jun 13 2017, 02:28 AM


Oh hey there
**********

Group: Members
Posts: 3,963
Member No.: 43,833
Joined: 14-July 09



 
Perhaps it would be helpful to add that you can change your password here.
Remy400
Posted: Jun 13 2017, 02:48 AM


Level 4
****

Group: Members
Posts: 372
Member No.: 57,336
Joined: 21-March 10



 
All ready change my password.

Good luck to every that might be affected.
Alayajoy
Posted: Jun 13 2017, 03:14 AM


Level 8
********

Group: Members
Posts: 1,040
Member No.: 6,820
Joined: 6-July 08



 
Done. Thank you for the heads up.
Draig Arian
Posted: Jun 13 2017, 03:41 AM


Level 3
***

Group: Members
Posts: 105
Member No.: 19,596
Joined: 27-October 08



 
Thanks for the warning!
sara4cows
Posted: Jun 13 2017, 04:49 AM


Coffee is the solution no matter what the problem.
**********

Group: Members
Posts: 2,901
Member No.: 36,069
Joined: 13-March 09



 
Thank you, TJ, for letting us know and for taking care of the situation.

My paypal was also compromised recently, not sure if it had anything to do with this, but just putting it out there so others know. I did have the same password for both, lesson learned.

This post has been edited by sara4cows on Jun 13 2017, 09:28 AM
KiraLwolf
Posted: Jun 13 2017, 05:16 AM


Level 2
**

Group: Members
Posts: 77
Member No.: 211,253
Joined: 19-April 14



 
Thanks TJ for fixing the issue! Hope no one's info was stolen.
Ruby Eyes
Posted: Jun 13 2017, 05:23 AM


Custom member title
**********

Group: Members
Posts: 9,760
Member No.: 38,969
Joined: 23-April 09



 
I'm rather happy that you don't plan on going to vBulletin *shudders*

Thanks for the heads up smile.gif
velvet_paw
Posted: Jun 13 2017, 05:37 AM


Level 8
********

Group: Members
Posts: 1,155
Member No.: 76,921
Joined: 23-April 11



 
Thanks for letting us know TJ. and for taking care of future possible issues.
-Frost-Fire-
Posted: Jun 13 2017, 05:45 AM


Level 3
***

Group: Members
Posts: 144
Member No.: 218,988
Joined: 21-May 15



 
I know FeralFront migrated forums some time ago and everyone hated it, but I quite liked the new one (although a lot of functionality was gone.) I'm sure a newer forum would have not only better security but probably also more functions. anyways
Shajana
Posted: Jun 13 2017, 06:12 AM


Level 10
**********

Group: Members
Posts: 5,395
Member No.: 51,531
Joined: 29-November 09



 
Ok I will change my pw, thank you TJ for letting us know.
Sheriziya
Posted: Jun 13 2017, 06:13 AM


Level 7
*******

Group: Members
Posts: 889
Member No.: 51,422
Joined: 27-November 09



 
Changed my password. Thanks for the update and good luck with upgrading the software!
Guillotine
Posted: Jun 13 2017, 06:20 AM


Level 9
*********

Group: Members
Posts: 1,907
Member No.: 199,626
Joined: 1-February 13



 
Thank you for the heads-up; hopefully the shift won't break too many things, for your own sanity.
herk
Posted: Jun 13 2017, 06:23 AM


We need more fairy tales where Princess Reasonable saves the day
**********

Group: Members
Posts: 3,645
Member No.: 54,081
Joined: 17-January 10



 
Thanks for the heads up smile.gif
fuzzbucket
Posted: Jun 13 2017, 06:24 AM


Last time I looked, I wasn't there.
**********

Group: Members
Posts: 20,491
Member No.: 55,386
Joined: 10-February 10



Thanks heaps; password changed.

Issue already raised last time you suggested this - will you be able to find a way to archive messages to our computers ? (Yes I'm one who hates the LOOK of the place as it would be on the latest version, and the "conversations" instead of messages thing - but that I CAN live with for security.)

This post has been edited by fuzzbucket on Jun 13 2017, 08:32 AM
aqua17
Posted: Jun 13 2017, 06:33 AM


Yesterday was Tuesday, right? But today is Tuesday, too!
**********

Group: Members
Posts: 2,323
Member No.: 55,455
Joined: 11-February 10



 
Password changed, thanks for the heads up.
inlaterdays
Posted: Jun 13 2017, 06:47 AM


Level 10
**********

Group: Members
Posts: 2,065
Member No.: 7,210
Joined: 14-July 08



 
Changed my password. Thanks for letting us know.
quinney
Posted: Jun 13 2017, 06:47 AM


Cometh The Day...
**********

Group: Members
Posts: 2,979
Member No.: 57,360
Joined: 21-March 10



 
Changed it, thanks.
CottonKatt
Posted: Jun 13 2017, 06:48 AM


Level 7
*******

Group: Members
Posts: 860
Member No.: 212,984
Joined: 8-July 14



 
Thanks for the notice - it was about time to change that old password of mine anyways. ohmy.gif I'm glad I haven't been using the same one on other sites for a while now.
andromedae
Posted: Jun 13 2017, 07:39 AM


Level 9
*********

Group: Members
Posts: 1,532
Member No.: 223,077
Joined: 15-January 16



 
Thank you for letting us know.
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options
Pages: (4) [1] 2 3 ... Last »
Topic Closed
New Topic
New Poll