MORROWIND
  • 9 December 2010 23:22:29

    Nexus hacking

    posted by Dark0ne Site News
    It is with both annoyance and regret that I have to announce that I discovered today that the Nexus sites had been compromised through a hole in the site's code. The compromise was serious giving the script kiddy access to all the MySQL databases, including the database for the forums that contains user information such as your email address.

    I have had reports today from people who have told me that "one-time" accounts used to sign up to the site have been receiving spam. It is my belief that the script kiddy decided he would place some of the member's of this site's email addresses, or all of them, on a spamlist. Now spam for a large majority of you shouldn't be an issue considering the modern day counter measures against it but the fact this data has been used at all is worrying enough and I apologise for that.

    Please remember that you should not post anything about yourself on the internet that you do not want to be public domain. While you have a right to expect your information to remain safe and secure on this site these situations do happen, from the smallest sites all the way up to the Google's and Microsoft's of this world.

    I am making every effort to try and plug any holes I find and once again make sure the site is secure. I would like to thank the people who emailed me earlier on in the day for not only informing me but also their calm attitude to the situation. Obviously this situation is very embarrassing for me and I'm making every effort to insure this doesn't happen again.

    The good news is that the script kiddy decided that he would not attempt to make too much of a hassle of himself; indeed he failed in his attempts to compromise the forum skins and seems to have given up since. More amusingly the hacker made no attempt to mask his IP address from the access logs of the site which means we've traced down exactly where he lives (due to his ISP having a static IP address) to his very front door. Indeed we also tracked his use to a Call of Duty forum he either owns or has admin access to (a Call of Duty script kiddy; that's about as cliché as it gets). This forum provides scripts and hacks for the games. We are currently considering our options baring in mind the person is probably a teenager using his mum's internet.

    Once again I apologise for the inconvenience.

Comments (299)