Announcement 3.9.1 | Welcome Back

Discussion in 'Announcements' started by Wazez, Sep 20, 2017.

Thread Status:
Not open for further replies.
  1. Wazez

    Wazez Owner
    Staff Member Owner

    Joined:
    Sep 18, 2017
    Messages:
    12
    Likes Received:
    22
    On the 17th of September 2017, an account with administrative privileges was comprised and abused to delete forum threads, email some users, copy a list of our emails and cause some damage in game. Our staff were quick to respond to the situation and we were able to prevent any further damage from happening and restored the game servers to their normal state.

    The forums on the other hand was simply my fault. To restore a backed up database you have to delete the existing database (in this case the griefed forums) and then replace it with the backup database. As I was unzipping our huge backup, I went ahead and deleted the existing forums database and to my surprise, everything was backed up except the forums. We have multiple backups but they all skipped on backing up the forums database for some reason. We then had no forums and have since been remaking it.

    What was hacked?
    • An account with FULL permission access to the website/server
    What did the hackers do?
    • Deleted forum threads and announcements
    • Mass emailed some users advertising their website/service
    • Copied a list of about 52,000 emails from our forums database
    What does this mean and should you be worried?
    As mentioned above, the hackers do not have any passwords, only a copy of the emails used to sign up to the forums. However, the problem is that since people use the same emails and password for other web services, if one web service has leaked account and password information, it becomes easier to hack into accounts from other web services.

    We encourage you to change passwords to websites that store sensitive data (like emails, Minecraft, Skype, Discord etc). We also encourage looking into 2FA (a second step/layer of protection on top of your password, e.g sending a text to your phone or a code to an app or a confirmation to your email) our new forums will now support 2FA, which you can do here (once logged in).

    If you receive emails with suspicious links, don't click them.

    What's next?
    We've already begun taking extra precautions, all Admin/Developer accounts now have 2FA enforced, and we've updated our more than 2 year old infrastructure (which could have lead to more security issues had this not been a wake-up call).

    Our forums is in the process of being remade so please excuse any missing features or systems, since we are starting from scratch. The Admins will update some of the forum categories and support sections for the better. We will have a new register process to ensure all our forum accounts are Minecraft players from our server.

    The servers are unaffected and they should be running as normal. We'll get back to releasing updates as usual very soon.

    New forum registration process
    To register a forum account, simply to login to mineheroes.net and type:
    • /register (email)
    This will create a new forum account for you, using your Minecraft name/uuid and generate a new and safe password for you.
    You will then receive a confirmation email from [email protected] with the subject MineHeroes - Minecraft Server Account Confirmation Required. (Could also appear in your junk mail)
    Then click on the link in the email to confirm your account and login to the forums with the password generated by the server. If you want to change your password, visit this link: https://www.mineheroes.net/account/security or hover over your name in the user menu above and click on Password

    If you are banned from the server, you can login to register.mineheroes.net and run the command /register (email)

    Parents (or anyone that does not have a Minecraft account) can email our support team ([email protected]) and they will generate an account manually for you.

    Lessons learned from this experience:
    • Enable and enforce 2FA everywhere
    • Use different passwords for different services
    • Regularly ensure backups are working
    Final comments
    As one of the bigger servers in the Minecraft community, it's our responsibility to ensure things like this don't happen, especially after 5 years of being in this industry and knowing how common it is. This was a pretty big fail on my end personally and a let down to other servers/communities in our space. We should be leading and innovating the game and not be dragged back by simple security flaws. This is a big wake up call for the MineHeroes team and myself going forward.
     
    • Like Like x 9
    • Informative Informative x 2
    • Optimistic Optimistic x 2
    • Creative Creative x 1
  2. Jaybehh

    Jaybehh Active Member
    Ultimate

    Joined:
    Feb 21, 2015
    Messages:
    41
    Likes Received:
    32
    Very nice
     
  3. Norwegiian

    Norwegiian Helper
    Staff Member Helper Zume

    Joined:
    Mar 4, 2016
    Messages:
    671
    Likes Received:
    471
    Welcome back everyone! Sucks that this happened D: I'm liking the new layout, though
     
  4. BasicallyLouis

    BasicallyLouis Moderator
    Staff Member Moderator Ultimate

    Joined:
    Mar 30, 2017
    Messages:
    335
    Likes Received:
    186
    Welcome back everyone! :)
     
  5. Norwegiian

    Norwegiian Helper
    Staff Member Helper Zume

    Joined:
    Mar 4, 2016
    Messages:
    671
    Likes Received:
    471
    cheater !!! D:<
     
  6. James2434

    James2434 Moderator
    Staff Member Moderator

    Joined:
    Mar 4, 2017
    Messages:
    64
    Likes Received:
    70
    OG day1 MH forums player, shout out me
     
  7. Fragmints

    Fragmints Well-Known Member
    Manos

    Joined:
    Apr 26, 2015
    Messages:
    88
    Likes Received:
    30
    poor thing
     
  8. iiStriker300

    iiStriker300 Moderator
    Staff Member Moderator Ultimate

    Joined:
    Feb 22, 2015
    Messages:
    101
    Likes Received:
    54
    Welcome back to the forums everyone!
     
  9. SimplyCasual

    SimplyCasual Well-Known Member
    Gyra

    Joined:
    Sep 16, 2016
    Messages:
    320
    Likes Received:
    183
    Good to be back on the forums, thank you for giving a thorough explanation as to what happened, much appreciated.
     
  10. KTPerkins

    KTPerkins Member
    Ultimate

    Joined:
    Feb 21, 2015
    Messages:
    24
    Likes Received:
    18
    2FA, noice
    wb everyone

    edit: DISLIKES ARE BACK YE
     
  11. Fragmints

    Fragmints Well-Known Member
    Manos

    Joined:
    Apr 26, 2015
    Messages:
    88
    Likes Received:
    30
    they are going to remove it ;c
     
  12. KTPerkins

    KTPerkins Member
    Ultimate

    Joined:
    Feb 21, 2015
    Messages:
    24
    Likes Received:
    18
    can I dislike that
     
  13. PotDropAndRole

    PotDropAndRole Well-Known Member
    Legend

    Joined:
    Feb 20, 2015
    Messages:
    85
    Likes Received:
    47
    Nice to see the forums back.
     
  14. 0beyMe

    0beyMe Member
    Gyra

    Joined:
    Mar 29, 2016
    Messages:
    20
    Likes Received:
    12
    Woop woop its good to be back
     
  15. SimplyCasual

    SimplyCasual Well-Known Member
    Gyra

    Joined:
    Sep 16, 2016
    Messages:
    320
    Likes Received:
    183
    Rip, they are being removed, rip rip. They had a brief moment of life
     
  16. ReAnatra

    ReAnatra New Member
    Ultimate

    Joined:
    Feb 21, 2015
    Messages:
    2
    Likes Received:
    1
    welp, rip the accounts, nice that we are back tho


    EDIT::: WHERE ARE RATINGS OR AM I BLIND
     
  17. Shackman

    Shackman Well-Known Member
    Gyra

    Joined:
    Feb 21, 2015
    Messages:
    48
    Likes Received:
    99
    It sucks, I have to post farm again to get to 1000 posts.
     
  18. TBNRPlebster

    TBNRPlebster New Member
    Zume

    Joined:
    Oct 18, 2015
    Messages:
    4
    Likes Received:
    3
    Nice to see the forums up again
     
  19. BrokeWolf

    BrokeWolf New Member
    Ultimate

    Joined:
    Sep 13, 2017
    Messages:
    2
    Likes Received:
    0
    Thank you for telling us what happened, its great to see that the forums are back online!! Thanks for your help and time :)
     
  20. Norwegiian

    Norwegiian Helper
    Staff Member Helper Zume

    Joined:
    Mar 4, 2016
    Messages:
    671
    Likes Received:
    471
    NOT ON THE ANNOUNCEMENT SECTION DON’T WORRY
     
Thread Status:
Not open for further replies.

Share This Page