Posted June 13, 2017 I've recently been made aware of a security issue with the forum software. This issue would have allowed someone to access sensitive account data, such as e-mail addresses and encrypted passwords. I believe I have found the issue and fixed it to prevent further exploitation (as well as made as few changes reduce the chance of future security holes). This issue only affected the forums. Dragon Cave itself runs from a separate server and was not affected. I do not have concrete evidence that any data was actually shared beyond the person who originally reported the issue to me; however, I strongly recommend changing your forum password. If your forum password is the same as some other site, you should change those passwords as well. In general, sharing passwords between sites is a bad idea for exactly this reason. There are tools that can help you manage unique passwords per-site, such as 1Password, KeePass, or LastPass. While the security hole has likely been plugged, it does little to stop the sinking ship that is 14-year-old forum software. The forums have been showing their age for quite some time and are likely a single software upgrade away from falling apart. While I've been slowly working through the process of upgrading to software that is actively maintained, in light of this issue I'm going to be immediately prioritizing this. I don't yet have a timeframe, but the goal is ASAP. After evaluating several possibilities (such as IPS 4, PHPBB, and vBulletin), the best option appears to be staying with Invision and upgrading to the latest version. The software has changed significantly in the last decade, but I believe it can be sufficiently customized to avoid too much churn. If you have any questions or concerns about this upgrade, feel free to voice them here (yes, I already know of a number of things that people don't like about the new version; don't worry). Share this post Link to post
Posted June 13, 2017 Perhaps it would be helpful to add that you can change your password here. Share this post Link to post
Posted June 13, 2017 All ready change my password. Good luck to every that might be affected. Share this post Link to post
Posted June 13, 2017 (edited) Thank you, TJ, for letting us know and for taking care of the situation. My paypal was also compromised recently, not sure if it had anything to do with this, but just putting it out there so others know. I did have the same password for both, lesson learned. Edited June 13, 2017 by sara4cows Share this post Link to post
Posted June 13, 2017 Thanks TJ for fixing the issue! Hope no one's info was stolen. Share this post Link to post
Posted June 13, 2017 I'm rather happy that you don't plan on going to vBulletin *shudders* Thanks for the heads up Share this post Link to post
Posted June 13, 2017 Thanks for letting us know TJ. and for taking care of future possible issues. Share this post Link to post
Posted June 13, 2017 I know FeralFront migrated forums some time ago and everyone hated it, but I quite liked the new one (although a lot of functionality was gone.) I'm sure a newer forum would have not only better security but probably also more functions. anyways Share this post Link to post
Posted June 13, 2017 Ok I will change my pw, thank you TJ for letting us know. Share this post Link to post
Posted June 13, 2017 Changed my password. Thanks for the update and good luck with upgrading the software! Share this post Link to post
Posted June 13, 2017 Thank you for the heads-up; hopefully the shift won't break too many things, for your own sanity. Share this post Link to post
Posted June 13, 2017 (edited) Thanks heaps; password changed. Issue already raised last time you suggested this - will you be able to find a way to archive messages to our computers ? (Yes I'm one who hates the LOOK of the place as it would be on the latest version, and the "conversations" instead of messages thing - but that I CAN live with for security.) Edited June 13, 2017 by fuzzbucket Share this post Link to post
Posted June 13, 2017 Thanks for the notice - it was about time to change that old password of mine anyways. I'm glad I haven't been using the same one on other sites for a while now. Share this post Link to post
Posted June 13, 2017 Thanks for protecting our data TJ!!! Hugs!!! I hope things can go well!!! Share this post Link to post
Posted June 13, 2017 LastPass is wonderful highly recommend it to anyone and thank you TJ for letting us know. Share this post Link to post
Recommended Posts