The Witcher

Virus scan reports now visible on file pages, more security incoming

  • Comment
After recent events by a malicious user to upload viruses to the Nexus sites and gain access to Nexus accounts (for reasons completely unknown to us as your accounts are worth very little in tangible terms!) we've been stepping up our public-facing security options.

Thanks to the great support of VirusTotal, who have given us very generous access to their virus API for free, we've been able to integrate their virus scanning functionality into the Nexus file pages. VirusTotal is an online tool that will scan files you send it using over 50 of the most used anti-virus programs and generates a report showing how many of the anti-virus programs have flagged the file as a virus.

Any new files uploaded to the site will be sent off to VirusTotal to be scanned and will not be downloadable by users until the report has come back all clean. If more than 4 anti-virus programs used by VirusTotal flag the file as suspicious the file will be sent to a quarantine that will require one of the moderation team to verify the file is either safe, or not safe, before it can be downloaded. This process should only take 5 to 10 minutes, but during this time your file will not be downloadable. While the Nexus has always provided instant upload/download functionality I think a wait of 5 to 10 minutes for added security and peace of mind is a worthwhile sacrifice to make. I'm also aware that there are certain types of mods, especially those that make use of TexMod, that get flagged as false positives quite regularly. While this might be frustrating for you we will endeavour to get your file online as soon as possible.

The VirusTotal report generated for each uploaded file is easy to access by clicking the new icon present on the file tab of file pages. While the file scan report is quite conclusive you should always have your own anti-virus and anti-malware software installed to compliment this service and it should not replace software already on your system.

We are currently, slowly, scanning through the entire back catalogue of 250,000 uploaded files on the Nexus at a rate of 20 files a minute which is going to take a week or two. But yes, it is our hope that every file, new and old, will be scanned at some point soon.



Two-Factor Auth

Our two-factor authentication system is relatively close to being completed as well but has been put on the backburner for the next week or two while we evaluate the CDN situation. This system will work in the same way as Steam and Facebook; if you login from an unrecognised location you will be sent a unique authentication code via email to verify it's actually you. You will be able to turn this system off in your preferences but we'd obviously recommend having it on for maximum security.



Staff changes

After the compromise of one of our staff accounts we have removed the ability for staff to upload files to file pages they are not authors of. If you're wondering why they had that functionality to begin with it was a commonly used feature by the staff to help authors who were struggling to upload their files here for one reason or another. The author would upload the file to dropbox or similar, the staff would download the file and then upload it to their page for them. Staff can no longer do this, but it should ensure that any compromises in staff accounts again would have less implications.

Many of the staff features are hidden behind a second password gateway that is unrelated to the staff member's username and password. For instance, you can't ban someone without being logged in to a staff account and knowing this secondary username and password. All the staff have been told to never save this information in their browser and to simply write it down on a notepad near their PC. This was already present before the compromise and probably helped to limit the compromise substantially.



Recent outages

We've had a couple of outages this week. Earlier on in the week we had a couple of hours of down-time because someone who is in the same Cloud as us had some how managed to take our allocated IP addresses. Without any IP addresses you can't access the sites. We managed to sort that one out and our hosts have told us it shouldn't happen again, but it was completely out of our control.

Last night was a sleepless night for us as we had some extended down-time as well. Our hosts were attempting to install a lot of expensive new hardware under some scheduled maintenance. It didn't go to plan for them and took a lot longer than expected without even being finished. After that our internal network was extremely unstable and has yet to be resolved. We're working with our hosts to get this sorted on their end. However, you might notice things being quite slow, or slower than usual, today. That's because we're only running on 3 of our 5 database nodes. Given how good they've been to the Nexus over the years we won't be kicking up a fuss over a couple of incidents but it is (here's the silver lining) nice to be talking about down-time that isn't actually something to do with our setup for once.

We'll get there.

196 comments

Comments locked

A moderator has closed this comment topic for the time being
  1. NEXTSUS2021
    NEXTSUS2021
    • member
    • 2 kudos
    My mod from this link https://www.nexusmods.com/stateofdecay2/mods/278

    is marked as Suspicious and was quarantined.

    i went to VirusTotal and uploaded the file myself and it did show 3 of these unknown antivirus software marked it as a virus.

    im using bitdefender and my other usual AVGs like Avast, Simantec, etc on VirusTotal deemed it clean

    its just a file a created using Autoit and i can even provide an uncompiled version to the forum admin

    im just wondering how is this a virus. my PC is clean.
  2. LadyLilly
    LadyLilly
    • premium
    • 5 kudos
    I love you guys... and all the hard work that goes into making the mods that increase my enjoyment and enhance my experience with a game that I still love to play.

    I have been reading some of the new posts and forums and greatly appreciate the work to ensure safety with the downloading. My only complaint is that I am not a designer, I am only a lay person who plays and pays to experience all of the amazing talent that is expressed here. When I first joined Nexus, most of the mods (almost all) were accessible through the mod manager and playing on my PC without a console it was very easy to install and experience all your amazing work. Since updating my driver however I am unable to get a lot of the basic mods I used to have. Such as Dragon Age Redesign, or Tucked Hair, or The Proposal... just to name a few.

    I have tried installing the DAO modmanager to fix this and gain access, but it crashed my game and I had to repair and re-install everything. Not sure if this is something that was changed for a specific reason, but I would love to be able to utilize everything your site has to offer.

    Respectfully and with great gratitude for all you designers do...

    LadyLilly
  3. User_133263
    User_133263
    • account closed
    • 232 kudos


    Houston we have a problem
     
    Vanilla Reduced Textures
     
    22 Sep 14 I uploaded the current 8 Main Files
     
    4 of which have been scanned
    4 remain ?
     
     
    22 Sep is not long ago, and with the size of the files it may be expected for them to be put on hold ( is that expected behaviour ? )
     
     
    .. However, those same four files in the previous version of my mod NEVER received a scan prior to me uploading the new versions.
    To clarify - Since this system was introduced, those four files have only ever had the question mark next to them, and have always been pending a scan.
     
    Vanilla Reduced Textures 256 Legendary v23
    Vanilla Reduced Textures 256 v23
    Vanilla Reduced Textures 512 Legendary v23
    Vanilla Reduced Textures 512 v23
     
    All the rest of my files are scanned and proved clean ( again ).


     
     




    VirusTotal won't take files above 256mb, I believe. We need to update the text on the virus roll-over to reflect that.


     
     

     
    Thank you for the update to the warning tags on files, where a more appropriate message was needed for large files :
     
    I just updated my files over the last day and just noticed the change has been done ...
     
     
    6ODU9xg.jpg
  4. Thandal
    Thandal
    • Moderator
    • 183 kudos


    .... The federal government forced that on the states some years ago. Prior to that where I live it was 18 for beer, and 21 for liquor.


     
    Actually, the US Federal government didn't (and mostly doesn't) "force" the States to amend their laws, except through the power of the purse.  Any State is free to set the age at which someone may legally purchase and/or consume alcohol at whatever the State decides.  If, however, that age is less than 21 the Federal Department of Transportation will not allocate the State any Federal highway funds.  (Not to mention the impact on auto insurance rates in that State!)
     
    [See also:  The several States that have not adopted the expanded Medicare program offered under the Federal Affordable Care Act.  States actually have a lot of latitude to participate, or not, in many Federal programs.  The costs of those decisions, both for and against, need to be weighed by each State's Legislature.]
     
    Your (State's) choice! 
  5. Deleted54170User
    Deleted54170User
    • account closed
    • 49 kudos


     

     
    United States; Children with parental consent can have a credit card, a license to drive a motor vehicle, and anything else at any age that their parents will give them consent.  There are still certain rules they must abide by.  State laws and Federal ones in the U. S..  I'm aware that there are many different laws around the world.

    Not hardly - Evey state has a law as to the age when you can get a drivers license. Typically between 16 and 18 -  your parents absolutely cannot get you one any earlier. But they can keep you from getting a drivers license if you are under 18.
     
    As for the credit card, It will be in your parents name. It may have your name on it, but legally it is their card and they are responsible for anything charged on it. Some banks will just refuse to do that unless the kid is in college. Most parents give the kid a prepaid card. And the kid will brag to his friends about how he has his own credit card (it's actually not a real credit card though) The banks recruit for credit cards on campus knowing that a lot of the kids are turning 18 and away from home for the first time and so, make for easy suckers for high rates and low limits.
     
    There are a lot of LAWS, both federal and state that apply to underage people. The alcohol laws are one - no alcohol, not even beer may be sold to any one below the age of 21. And anyone caught buying it for them (including parents)  can be sent to jail. The federal government forced that on the states some years ago. Prior to that where I live it was 18 for beer, and 21 for liquor. Which I consider much more reasonable. Even the cell phone companies can not sell a phone to anyone under 18, Their parents must buy it for them, and agree to be responsible for any bills.
     


     
    I read the rules and regulations on this site.  I read them because I wanted to know what I might need in case I set up my own website.
     
    So I have been told, read, and watched, while my elders and siblings did their thing while I grew up,  bben46.  
  6. bben46
    bben46
    • premium
    • 781 kudos

     
    United States; Children with parental consent can have a credit card, a license to drive a motor vehicle, and anything else at any age that their parents will give them consent.  There are still certain rules they must abide by.  State laws and Federal ones in the U. S..  I'm aware that there are many different laws around the world.

    Not hardly - Evey state has a law as to the age when you can get a drivers license. Typically between 16 and 18 -  your parents absolutely cannot get you one any earlier. But they can keep you from getting a drivers license if you are under 18.
     
    As for the credit card, It will be in your parents name. It may have your name on it, but legally it is their card and they are responsible for anything charged on it. Some banks will just refuse to do that unless the kid is in college. Most parents give the kid a prepaid card. And the kid will brag to his friends about how he has his own credit card (it's actually not a real credit card though) The banks recruit for credit cards on campus knowing that a lot of the kids are turning 18 and away from home for the first time and so, make for easy suckers for high rates and low limits.
     
    There are a lot of LAWS, both federal and state that apply to underage people. The alcohol laws are one - no alcohol, not even beer may be sold to any one below the age of 21. And anyone caught buying it for them (including parents)  can be sent to jail. The federal government forced that on the states some years ago. Prior to that where I live it was 18 for beer, and 21 for liquor. Which I consider much more reasonable. Even the cell phone companies can not sell a phone to anyone under 18, Their parents must buy it for them, and agree to be responsible for any bills.
  7. Deleted54170User
    Deleted54170User
    • account closed
    • 49 kudos
    United States; Children with parental consent can have a credit card, a license to drive a motor vehicle, and anything else at any age that their parents will give them consent.  There are still certain rules they must abide by.  State laws and Federal ones in the U. S..  I'm aware that there are many different laws around the world.

     

    That's not the really the issue though is it bben46?

     

    NexusMods is being attacked.  By many people, many ways, and even as a method to ruin it so other sites get more attention.  Competition has it's battle wizards in businesses, even fans act as such, and it doesn't matter if the site is a free one or not. If it gets more attention than another there are people who will go to their aid to act as warriors to tear down one so the attention is focused toward their favorite site.

     

    In my case I placed a pointer for readers here as to what may be one of the reasons.  

     

    You defend, the NexusMod site, quite reasonable too, by the way. 

  8. bben46
    bben46
    • premium
    • 781 kudos
    @Pagafyr - premium and supporter members can also see the adult stuff - and because of this - In the US, if they are under 18 they are legally not allowed to have access to adult material AND, they cannot get a credit card until they can legally sign a contract at 18 - That was the reason for requiring a Credit card to access those parts of the Nexus. It does show they are old enough.
  9. Deleted54170User
    Deleted54170User
    • account closed
    • 49 kudos

    Advertisements and Premium?
     

    Being a premium member does not turn the pages advertisements off until you sign in.  
     
    There were so many 13 year olds, bragging about the fact that they were when I first arrived, it was ridiculous.
     
    In the U. S. of A 17 year olds still are not allowed a right to be signing legal contracts in the U. S. until they are 18.  Parents have to approve anything they want to get that includes a contract until they are 18 years of age.
     
    The conscientious Parents are not going to pay for Premium, unless the advertisements their children see, before they sign in, are non-offensive to the parents preferences for raising their young.  Unless the advertisements are controlled, business will not flourish as much.  May not seem like much when it's only a few pennies a year, but in the long run more people will not join.

  10. bben46
    bben46
    • premium
    • 781 kudos
    An addendum to what Thandal said - this practice is not limited to just the Nexus, but is the standard way EACH AND EVERY site on the internet gets it's ads. There is NO internet function to allow a site such as Nexus to control the advertising displayed. Even the large sites use third party advertisers to display ads - All we do is set a location on the page where they are allowed to place those ads. If you ever see an ad here that is outside of those locations, be assured, it isn't from us - it is from some malware you have acquired.
     
    The best way to avoid ads altogether is to go premium - just signing up for premium for even the shortest time means NO ads EVER again on Nexus. This also goes for supporter members - for a whopping UK 1.29. or US equivalent ( about $2.00)  no ads - not just for a short time, but for life. No other site I have ever seen does this for it's members. - NONE!  For just a small amount more, you can try out premium for a month and still get the NO ADS for LIFE included with the other benefits.