Jump to page
It is with both annoyance and regret that I have to announce that I discovered today that the Nexus sites had been compromised through a hole in the site's code. The compromise was serious giving the script kiddy access to all the MySQL databases, including the database for the forums that contains user information such as your email address.
I have had reports today from people who have told me that "one-time" accounts used to sign up to the site have been receiving spam. It is my belief that the script kiddy decided he would place some of the member's of this site's email addresses, or all of them, on a spamlist. Now spam for a large majority of you shouldn't be an issue considering the modern day counter measures against it but the fact this data has been used at all is worrying enough and I apologise for that.
Please remember that you should not post anything about yourself on the internet that you do not want to be public domain. While you have a right to expect your information to remain safe and secure on this site these situations do happen, from the smallest sites all the way up to the Google's and Microsoft's of this world.
I am making every effort to try and plug any holes I find and once again make sure the site is secure. I would like to thank the people who emailed me earlier on in the day for not only informing me but also their calm attitude to the situation. Obviously this situation is very embarrassing for me and I'm making every effort to insure this doesn't happen again.
The good news is that the script kiddy decided that he would not attempt to make too much of a hassle of himself; indeed he failed in his attempts to compromise the forum skins and seems to have given up since. More amusingly the hacker made no attempt to mask his IP address from the access logs of the site which means we've traced down exactly where he lives (due to his ISP having a static IP address) to his very front door. Indeed we also tracked his use to a Call of Duty forum he either owns or has admin access to (a Call of Duty script kiddy; that's about as cliché as it gets). This forum provides scripts and hacks for the games. We are currently considering our options baring in mind the person is probably a teenager using his mum's internet.
Once again I apologise for the inconvenience.
I have added a new filter to the Advanced Search on the site to allow you to search by files that have their permissions set to "Yes, but you must credit me for all the files you use" or "Yes, no credit or permission needed" under "Users can use assets contained in my files in their own files".
This should allow mod authors who are looking for usable assets to quickly find files that have been made open for others to use under certain conditions.
I've been working recently on tallying up all the various "interesting" statistics this site records in to one grand total to get an overall view of the popularity of the sites within the gaming community. I thought it would nice to see just how big this community is and how popular it is to mod the games.
I was hoping to use sales figures from the various Bethesda games to come up with a ball-park figure of PC owners who have downloaded and modded their games through the Nexus. Unfortunately Bethesda aren't a public company and won't provide me with their sales figures (I can understand why) and the sales figures that have been announced through press releases will now be massively out-of-date.
I did recently use a BioWare press-release for Dragon Age that allowed me to come up with a ball-park figure. Including a 15% decrease on the results to account for piracy I worked out that 32% of the PC owners of Dragon Age had moddded their game using mods from Dragon Age Nexus. That figure obviously doesn't include users who download from other sites, such as the BioWare social site. The figure might be big to you, or it might be small to you, but the fact almost a third of BioWare's PC customers have modded the game suggests to me that modding is something PC game developers should be supporting more often.
The stats for TESNexus, Fallout 3 Nexus, New Vegas Nexus and Dragon Age Nexus can be found in the right-hand navigation under "Statistics".
One of the issues with the Nexus sites has always been the 300mb file size limit for files. It meant that authors with files larger than this amount would have to split the files up in to multiple parts before they could be uploaded to the site. To make matters worse the part names were renamed by the file upload process that screwed up the multipart functionality meaning the end user would have to manually rename the files once they were all downloaded. There was no way of grouping up the parts under one file entry either so these files ended up looking cluttered and disorganised.
To remedy this there are now new options for all file uploaders to help facilitate the multipart upload process. While slightly complicated these new features will enable large file authors to upload their multipart archives without the files losing their multipart extensions, meaning no more manual renaming of files by the end user. Similarly all parts of a single file will now be grouped together for easy downloading.
In related news there's also a new "version" field for all file uploaders. The file version will display under the file details and will also be added to the filename that user's download.
Tidbit of info for anyone who didn't know: the files you download from the site won't come with the original file's name included because they can often be long, and long file names plus deep saving directories equals problems in many operating systems. However the file ID is included in the filename. The file naming process goes
- - .
If you extract the
portion of the file name you can tap that in to the site using the URL http://www.TheSiteI'mUsing.com/downloads/file.php?id= and hey presto, that's the file entry you downloaded from.
Please let me know any bugs with the new upload process.
The Seattle and Dallas file servers will be taken down in-turn over the next couple of days while the hard drives are re-jiggled (that's the technical term for it) to double the capacity on the servers. In non-technical terms the RAID on the servers is just being changed from RAID 1 to RAID 0. Redundancy is already provided by the five file servers the sites have so best to make use of all available space.
The final 10% of the file server space was taken up quicker than I expected by New Vegas Nexus. 7,000 downloadable files and counting already, so the sooner this gets done the better.
The Dallas server is off-line right now as all the files get restored from the Seattle server. Tomorrow the process will be reversed. If anyone wants to do the time math it's about 540GB of files downloading at 10 MegaBytes (not megabits) a second. Roughly about a day or so.
In the mean-time the UK and Washington servers will be operational throughout, as will the two Premium Member servers.
Thanks for your patience.
There is now a fourth file server available to download from located in Washington DC, USA. This brings the overall network connectivity for the Nexus sites up to some 3.2 Gbits. Having trouble downloading from the other file servers? Try the Washington one and spread out the load a bit.
The Seattle and Dallas file servers will be taken off-line at separate times in the course of next week, for 24 hours at a time, while the hard-drive space is upgraded to accommodate the increasing number of files served by the Nexus sites. I'll keep you updated in the site news when this happens.
The recent launch of New Vegas and the gold rush style race there's been to get a lot of the great mods from Fallout 3 converted over to New Vegas has raised the growing concern the staff have had recently regarding the use and/or redistribution of other author's work by members of this community and how difficult it is to ascertain a mod author's wishes.
Before I go on I'd like to remind everyone that converting other author's work from Fallout 3 to New Vegas is strictly forbidden right now unless the author has specifically given permission for you to do it.
All the staff at the Nexus are extremely pro modders rights. That means if you make something from scratch, such as textures, meshes, animations or scripts then these belong to you and you can do whatever you want with them. It means you get to choose how, where and when your files get distributed. It also means that other users don't have the right to do whatever they want with your assets unless you specifically say so.
Many mod authors give specifics about what permission they give to everyone in regards to modifying their work or redistributing it in their mod description or ReadMe but a lot don't and then get upset when others "steal" their work and use it in their own mods.
The changes implemented today are a step towards trying to rectify this issue by asking file owners to specifically state how they would like their file assets to be used and redistributed. It also gives plenty of room for mod authors to explain things in much more detail. These changes will greatly help everyone to better understand the permission issues on the site and will make staff actions against thieves much easier and much quicker to action.
You can find the new "Distribution permission" settings when adding a new file or by editing any of your already uploaded files by going to "Manage files" then "Edit attributes".
There are also pink warning boxes galore informing new authors of the most regular pitfalls and a new tickbox you have to agree to before you can upload new files to the site insuring the files you upload belong to you or that you have permission to upload them. There are no excuses now people.
It is with great pleasure that I announce the launch of the 4th Nexus site on the internet; New Vegas Nexus (NVNexus). NVNexus will be covering the files for Fallout: New Vegas that is being developed by Obsidian and published by Bethesda.
New Vegas is due to launch on Steam and through video game retailers on the 19th of October 2010 in the US and select other countries and the 22nd in the UK and other countries. Not bought the game yet? Consider buying the game through our affiliate store that includes major retailers Amazon, Best Buy, Game and Game Station. Every purchase helps support the running of all the Nexus sites at no extra cost to you.
As the game isn't due for release for a couple more days things are going to be a little sparse around the site. Don't forget we'll also need to give the talented modding community some time to actually play the game as well as to get to grips with whatever new features the G.E.C.K. for New Vegas possesses. Hopefully we'll start seeing some early tweaks soon after release but lets give it some time, yeah?
Modders please remember to only setup a visible file page if you have something to upload to it. No placeholders or Work-In-Progress files of what you plan to add to the game. Lets keep it nice and clean. It's good to see the few file entries already added have been set to "hidden" as we await the release of the game.
The site has been launched early to simply put a hand up and say "hey, yep, we're ready and waiting!". In the mean-time pop in to the fresh New Vegas forums set up for the new site and have a little chat about what you're looking forward to. Remember your account works across all the Nexus sites so you don't need to register a new account to log in to New Vegas Nexus.
Oh, and look out for a modding competition to be announced soon regarding the celebration of the 2.5 millionth member to register on the Nexus sites. We're a week or two off our 2 millionth member now as it is. Prizes galore, I promise.
It has come to my attention that some people trying to register new accounts on the site aren't receiving the email the forums automatically send out so you can validate your email address. This is obviously an issue as you need to validate your email address in order to use most of the site and forums.
I have several test accounts across many different ISPs and ISPs such as Google Mail and Hotmail don't seem to have any issues, some others do, such as GMX. I've done lots of searches across most of the popular blacklists that these ISPs use and the email server's IP does not appear on any of them. The other issue might be that some ISPs automatically blacklist or blackhole forum registration emails or servers that send out large quantities of emails.
I have changed the method by which the activation emails are delivered this evening and my tests have gone well so far; the accounts I have that originally didn't receive the activation emails now do.
I'm hoping that this should resolve the issue for a large number of people. If you registered today and haven't received the validation email then login to the forums and click the "Resend validation" link at the top of the page. If you tried before today then your account will have been automatically removed and you'll have to sign up again.
For those wondering why email validation is in place there's two good reasons: one, it considerably reduces the amount of spam scripts that circulate the site with their viagra messages and two it provides a good deterrent against abusive members who get banned. If we can ban them a lot faster than they can make new email accounts it becomes a lot easier to manage them and they'll eventually get bored.
Over the past 18 hours or so the Nexus sites have been sporadically serving a trojan file through the ads on the site. Thanks to the logs of a few astute members on the forums I was able to identify the source of the trojan attack and have hopefully now nullified it. The Nexus sites should, touch wood, no longer be serving these compromised ads any more.
Such attacks have become natural on the internet and the fix is often reactive to an attack rather than preemptive. Indeed the patch to fix this issue was only released after several big name players in the internet community had been infected by the attack. It's simply wicked people, normally from Eastern Europe and Asia, preying on individuals who aren't up-to-date with their internet security.
Please insure you take the necessary steps to properly protect yourself from such attacks. Get a good reactive anti-virus (I used AVG and have had no trace of infection despite being warned about the threat) and firewall and switch any settings you might not need to an "ask me" state.
My apologies for the breach of security on these sites.
Update: Google is reporting the site as malicious right now. This is a report from before the fix and despite the problem being fixed there is some lag on getting delisted from Googles filters. Their webmaster tools report the site is completely clear of Malware so this should just be a waiting game.
Update #2: It's now Sunday morning here in the UK and Google are still yet to unblock TESNexus from their blacklist. Fallout 3 Nexus was on their blacklist for around 8 hours and was removed early yesterday. The irony is Fallout 3 Nexus and TESNexus use the same adserver and ergo had the same issues, so if Fallout 3 Nexus is clean, so is TESNexus. Their Webmaster Tools system continues to tell me the site has been inspected and confirmed clear of issues. Please be patient while we wait for Google to pull their thumbs out.
In the mean-time if you are confident in your system's security then HugePinball has written out how to remove the false malware warning when browsing TESNexus.
Jump to page