Search the Community

On May 5th, 2016, TAZ had its security breached for the second time. Unlike the previous intrusion, this was a sophisticated attack where the hacker was somehow able to upload a malicious file onto TAZ's test board (perhaps by exploiting a Brivium add-on installed on the old Admin Extra site which was still on the server) which then allowed them to give themselves SFTP access to the nginx user account and run commands. They then altered several core XenForo files in order to begin logging member username/password combinations, logging out members forcing them to log in again, and finally by preventing the File Health Check from reporting the file modifications. Due to some of the safeguards we installed last time we were attacked, were were able to identify this intrusion almost immediately and take steps to block the hacker, limiting the time the login logger was operational to a matter of hours. We then forced a password reset for all members. It's certainly unfortunate that TAZ was hacked again and I take full responsibility for it - the test site should not have been kept on the primary TAZ server nor should the old TAZ sites have been there. The previous intrusion was a much simpler exploitation of a staff member's username/password being harvested from another site and being used to gain access to the AdminCP to alter the login templates. We took a number of steps to prevent this kind of thing from happening again - forced 2FA for staff members and htaccess on the AdminCP for example. There are good things to do, but in a way it gave us a false sense of security that left us vulnerable to the second, much more sophisticated attack. The hacker was not able to gain access to the server root. Using the logs we were able to see exactly what changes the hacker made and undo them. Many other security measures have been put in place to prevent this from happening again, and several more are planned. Please keep in mind that unlike commercial sites, TAZ does not collect sensitive data about its members - we don't collect your full name, address, social security number, or credit card numbers for example. All a hacker can get here is your username, password, and email address. You can protect yourself by using a unique password on each site (or at the very least, use unique passwords on all of your important sites), and not using your primary email address as your registration email address (better to use a secondary email address for forum registrations, a different one for really important sites like banking sites, government sites, etc. and perhaps even a third one for semi-important things like your server hosting, registrar, etc.). Finally, do not put any "secret" information (such as access codes for your server) into a forum's personal or private message system - use secure email for that. If you follow these simple steps on TAZ (or any discussion forum) you won't be at risk even if the site is hacked. Again, my apologies for this security breach. I made some mistakes which made TAZ vulnerable. We are doing everything possible to prevent any further intrusions. Howard (The Sandman)

This is a law passed in 2014 in order to help protect members of web sites when those web sites experience data breaches. Read about it here: Senate Bill 1524 (2014) - The Florida Senate In part: This rule appears to fit the situation that TAZ recently experienced, data breaches, possible vulnerabilities, password hacking attempts, with not much information from TheAdminZone.com LLC. I'd like to keep this thread updated with facts about information that people DO KNOW about these hacking attempts, breaches, or whatever is going on at TAZ. As I understand it, there have been at least 3 known incidents of security breaches at TAZ. ------------------------------------ In one instance, late May 2015, a password reset was performed for all members on TheAdminZone.com. At the time, members were told that a staff member's account had been "hacked" by a member of the Vietnamese site, Brivium.com. The staff member had accounts on both TAZ and Brivium.com. At first, there was an explanation that the staff member's password between TAZ and Brivium were "similar, but not identical". I'm still curious as to why that information was needed, as even a "similar" password wouldn't gain a hacker an advantage to accessing the TAZ forum. Later, claims were made that the Brivium "hacker" somehow installed a keylogger on the staff member's PC, and the TAZ password was then lifted from this staff member's account. After much discussion, the majority of members came to the conclusion that the staff member had simply used the SAME password on both sites, which allowed somebody with access to the Brivium forum database to access the TAZ staff member's account. Once the "hacker" had access to the TAZ staff member's account, the "hacker" attempted to remove posts on TheAdminZone's forum that were critical of Brivium.com. As a result of this breach, the staff member had their password changed, and all members of TheAdminZone.com had their passwords reset. As far as I know, I don't think the staff member was identified, whether they still are a staff member, nor if it was found out if Brivium was the real perpetrator. There was also no evidence provided that anybody had installed a keylogger on the staff member's PC. ------------------------------------ In another more recent instance, on or before May 13th, 2016, server problems and unavailability were present, and then a full member password reset was performed. The explanation was thus: TAZ Security No further information was provided. The only thing evident from that description is that the mention of 2FA, and "small number of accounts" means that there was an attempt to overtake another staff member's account. Was the hacking attempt successful? What was stolen, if anything? Why the password reset? What is the update? Will Brivium be blamed again? As of today, the official answer to that question is that the administrator is still looking into it. On May 13th, prior to this announcement, it was discovered that old installations of TheAdminZone's forum software were still located on the server, and that addons developed by Brivium were installed on at least one of these installations. It was surmised that these Brivium addons may have been the reason for the password reset announced on May 16th, but no connection or information has been forthcoming identifying or explaining the 2 incidents. ------------------------------------ I thought there was another password reset incident, or something defined as a "hacking attempt", but I can't find it at the moment. I'll update the thread to fix my mispellings, and to try better grammar.

Playing off a meme What things can you trust more than TAZ security? Starting the list: 1. Unprotected sex with Miley Cyrus 2. Breast milk from Bruce Jenner 3. A drink from Bill Cosby 4. Bill Clinton with an intern 5. ?

Everybody loves memes

Has TheSandman of TheAdminZone taken over Google Cloud development too? Sounds like something he'd do. Received this email:

I thought this deserved its own thread :) From the shoutbox I made my reply before finding the thread on TAZ https://theadminzone.com/threads/remove-old-installs-from-public-view.140254/ I love this :joy: Does Lisa have access to the TAZ server? How does she know what's in the htaccess file? I highlighted the copyright by Brivium [ATTACH=full]76._xfImport[/ATTACH] @GTB wasted no time stealing the idea for a topic from the shoutbox here :rolleyes: