Join us on Discord!
You can help CodeWalrus stay online by donating here.

Important security notice about your CodeWalrus account

Started by Dream of Omnimaga, December 06, 2015, 04:31:35 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Dream of Omnimaga

We were supposed to have a programming contest and a newsletter tomorrow, but first, we have some much more important news for all of our forum members, which will also be included in the newsletter header, which will also exceptionally be sent to every member, regardless of if they have opted in or out of e-mail notifications:


Yesterday, Omnimaga got hacked and both KermMartian and Geekboy1011's accounts were compromised elsewhere. The Omnimaga website has since been restored after hours of downtime, but the database content has been leaked and compromised. This includes all members personal information, ranging from private messages to passwords. According to Eeems, it looks like SMF doesn't salt+hash their passwords in a very secure way, something very possible due to how quickly the hacker managed to get Kerm and Geek's password. The passwords were re-used to attempt logging in on Cemetech.

If you have an Omnimaga account, then we heavily recommend that you change your password on any website (including CodeWalrus) on which you used the same password and we recommend that you use different passwords everywhere. No matter how hard it is for the hacker to decrypt the passwords, it's better to be safe than sorry!

We do not know how the attack occurred, we know that Omnimaga was two SMF versions behind and Omnimaga was not the only place attacked, as one of KermMartian e-mail account was also hit. Also, according to the Omnimaga topic and their IRC logs, the IP address used by the hacker is from France (although we do not know what it is).

On our side, we are going to investigate about what the IP address is and if it was used on CodeWalrus and our servers.

Source:
https://www.omnimaga.org/news/downtime-22209/
http://chat.eeems.ca/?server=irc.omnimaga.org%206667&channel=omnimaga&date=Sat%20Dec%2005%202015
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

bb010g

This is also a good time to bring up password managers. (Anytime is a good time, really.)

KeePass and KeePassX are solid.
pass is simple (in the Unix way) and on pretty much all platforms if you're willing to put in some setup.
1Password is very nice, but closed source and not on Linux.
  • Calculators owned: HP 50g, Prime, 28S, 35S, Casio Prizm, dead Nspire CX CAS

Dream of Omnimaga

#2
We're out of luck so far to get the hacker IP address, because all Omni admins are offline. Ideally the other sites should do a forum scan of that IP in case it matches someone there. That's unless the hacker was using Tor or a proxy, though, then maybe we're out of luck.

I notified Planète-Casio of the attack because some of their members have Omnimaga accounts.

Thanks for the programs by the way. I just hope there is a way to retrieve the passwords from them so if my computer crashes and has to be reformated, then I am not locked out of all my Internet accounts.

EDIT: @Juju got one suspicious IP address, and is running scans on our server right now. Please report here once done.

He gave me the IP and I did scans on the forums. No matches could be found:
https://usercontent.irccloud-cdn.com/file/3EzvCLx2/
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Yuki

Found 2 matches in the logs, both seems to be images linked from Omnimaga or TI-Planet. Also me looking for that IP. Nothing found here, really.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Dream of Omnimaga

#4
Apparently, there was a lot of stuff on TI-Planet, though, in the server logs.

EDIT: According to Kerm, the password was freely given to the hacker. He also finds it weird that most recent community attacks and trolling always target Omni and Cemetech (eg Ephraim ban evasion, the sucks.fyi trolling via strange hostnames and now this) and never other sites.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Snektron

Well, he suck.fyi guy was here too. Also i've updated my password too :)
  • Calculators owned: TI-84+
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


novenary

Quote from: bb010g on December 06, 2015, 04:43:01 AM
This is also a good time to bring up password managers. (Anytime is a good time, really.)

KeePass and KeePassX are solid.
pass is simple (in the Unix way) and on pretty much all platforms if you're willing to put in some setup.
1Password is very nice, but closed source and not on Linux.
Indeed, it's high time I switched to something like that. Thanks for the recommendations.

Snektron

We used KeePassX on my dad's linux computer. The problem was he deleted the database one time and said it was my own fault <_<
  • Calculators owned: TI-84+
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


brentmaas

I tried a bit of research into the IP, but all I could find was a physical adress.
Lel I glitched Omni

novenary

Just set pass up and changed most of my passwords for 32 character passwords, different for each site. I suppose that's enough to keep me covered. :P

Dream of Omnimaga

32 chars is a bad idea imho. Some sites upgrade their softwares and end up lowering the max lenght in fields and I remember yAronet password or nickname change field allowed more chars than than the login fields and I was unable to login anymore. 24 chars is safer against such admin mishaps.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Travis

Quote from: DJ Omnimaga on December 06, 2015, 05:48:49 AMThanks for the programs by the way. I just hope there is a way to retrieve the passwords from them so if my computer crashes and has to be reformated, then I am not locked out of all my Internet accounts.

KeePassX saves the database in a location you specify, so if you keep that file backed up and don't forget the master password to decrypt it, you should be fine. It can also export everything to a .txt file in case you need that.
  • Calculators owned: TI-81, TI-82, TI-85, TI-86, TI-89, TI-89 Titanium, 2 × HP 50g

critor

Quote from: DJ Omnimaga on December 06, 2015, 08:45:28 AMAccording to Kerm, the password was freely given to the hacker. He also finds it weird that most recent community attacks and trolling always target Omni and Cemetech (eg Ephraim ban evasion, the sucks.fyi trolling via strange hostnames and now this) and never other sites.

How would he know about other sites ? Is he omniscient ?

And apparently, he quickly forgot about this :
https://codewalr.us/index.php?topic=647.0

Yuki

Well, the most recent ones, as in, the last 3 incidents or so. He knows about other sites because we told him so.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Dream of Omnimaga

#14
Guys, I found something strange on Omnimaga: Netham45 account is no longer listed in the member list (even if we do a search) and he isn't in the staff list either. I don't know how long it has been like that, though:

https://www.omnimaga.org/team

His account is still intact, but he is no longer in the staff groups and his signature changed was changed to "Omnimaga admin" instead of the broken Space Invader animation. He also last logged in on December 4th 2015.


Normally, when an existing SMF forum account no longer shows up in the member list, this means it is currently banned. Did he ask that on request due to a long hiatus or was his account compromised?


EDIT: An attempt to break into @Ivoah forum account on CodeWalrus has been recorded over three hours ago:

QuoteIP address   Display name   Message   Date
90.11.159.131   Guest   Password incorrect - Ivoah
?action=login2   Today at 07:34:23 pm

EDIT: There was also an attempt by 80.119.166.103 to login into my account, but it doesn't match anything else out of the ordinary on the forums. Mind doing a scan on CW server @Juju and on TI-Planet @Adriweb ? It was over an hour before Ivoah account was hit.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Powered by EzPortal