Virus scan reports now visible on file pages, more security incoming
Thanks to the great support of VirusTotal, who have given us very generous access to their virus API for free, we've been able to integrate their virus scanning functionality into the Nexus file pages. VirusTotal is an online tool that will scan files you send it using over 50 of the most used anti-virus programs and generates a report showing how many of the anti-virus programs have flagged the file as a virus.
Any new files uploaded to the site will be sent off to VirusTotal to be scanned and will not be downloadable by users until the report has come back all clean. If more than 4 anti-virus programs used by VirusTotal flag the file as suspicious the file will be sent to a quarantine that will require one of the moderation team to verify the file is either safe, or not safe, before it can be downloaded. This process should only take 5 to 10 minutes, but during this time your file will not be downloadable. While the Nexus has always provided instant upload/download functionality I think a wait of 5 to 10 minutes for added security and peace of mind is a worthwhile sacrifice to make. I'm also aware that there are certain types of mods, especially those that make use of TexMod, that get flagged as false positives quite regularly. While this might be frustrating for you we will endeavour to get your file online as soon as possible.
The VirusTotal report generated for each uploaded file is easy to access by clicking the new icon present on the file tab of file pages. While the file scan report is quite conclusive you should always have your own anti-virus and anti-malware software installed to compliment this service and it should not replace software already on your system.
We are currently, slowly, scanning through the entire back catalogue of 250,000 uploaded files on the Nexus at a rate of 20 files a minute which is going to take a week or two. But yes, it is our hope that every file, new and old, will be scanned at some point soon.
Two-Factor Auth
Our two-factor authentication system is relatively close to being completed as well but has been put on the backburner for the next week or two while we evaluate the CDN situation. This system will work in the same way as Steam and Facebook; if you login from an unrecognised location you will be sent a unique authentication code via email to verify it's actually you. You will be able to turn this system off in your preferences but we'd obviously recommend having it on for maximum security.
Staff changes
After the compromise of one of our staff accounts we have removed the ability for staff to upload files to file pages they are not authors of. If you're wondering why they had that functionality to begin with it was a commonly used feature by the staff to help authors who were struggling to upload their files here for one reason or another. The author would upload the file to dropbox or similar, the staff would download the file and then upload it to their page for them. Staff can no longer do this, but it should ensure that any compromises in staff accounts again would have less implications.
Many of the staff features are hidden behind a second password gateway that is unrelated to the staff member's username and password. For instance, you can't ban someone without being logged in to a staff account and knowing this secondary username and password. All the staff have been told to never save this information in their browser and to simply write it down on a notepad near their PC. This was already present before the compromise and probably helped to limit the compromise substantially.
Recent outages
We've had a couple of outages this week. Earlier on in the week we had a couple of hours of down-time because someone who is in the same Cloud as us had some how managed to take our allocated IP addresses. Without any IP addresses you can't access the sites. We managed to sort that one out and our hosts have told us it shouldn't happen again, but it was completely out of our control.
Last night was a sleepless night for us as we had some extended down-time as well. Our hosts were attempting to install a lot of expensive new hardware under some scheduled maintenance. It didn't go to plan for them and took a lot longer than expected without even being finished. After that our internal network was extremely unstable and has yet to be resolved. We're working with our hosts to get this sorted on their end. However, you might notice things being quite slow, or slower than usual, today. That's because we're only running on 3 of our 5 database nodes. Given how good they've been to the Nexus over the years we won't be kicking up a fuss over a couple of incidents but it is (here's the silver lining) nice to be talking about down-time that isn't actually something to do with our setup for once.
We'll get there.
196 comments
Comments locked
A moderator has closed this comment topic for the time beingis marked as Suspicious and was quarantined.
i went to VirusTotal and uploaded the file myself and it did show 3 of these unknown antivirus software marked it as a virus.
im using bitdefender and my other usual AVGs like Avast, Simantec, etc on VirusTotal deemed it clean
its just a file a created using Autoit and i can even provide an uncompiled version to the forum admin
im just wondering how is this a virus. my PC is clean.
I have been reading some of the new posts and forums and greatly appreciate the work to ensure safety with the downloading. My only complaint is that I am not a designer, I am only a lay person who plays and pays to experience all of the amazing talent that is expressed here. When I first joined Nexus, most of the mods (almost all) were accessible through the mod manager and playing on my PC without a console it was very easy to install and experience all your amazing work. Since updating my driver however I am unable to get a lot of the basic mods I used to have. Such as Dragon Age Redesign, or Tucked Hair, or The Proposal... just to name a few.
I have tried installing the DAO modmanager to fix this and gain access, but it crashed my game and I had to repair and re-install everything. Not sure if this is something that was changed for a specific reason, but I would love to be able to utilize everything your site has to offer.
Respectfully and with great gratitude for all you designers do...
LadyLilly
I just updated my files over the last day and just noticed the change has been done ...
Actually, the US Federal government didn't (and mostly doesn't) "force" the States to amend their laws, except through the power of the purse. Any State is free to set the age at which someone may legally purchase and/or consume alcohol at whatever the State decides. If, however, that age is less than 21 the Federal Department of Transportation will not allocate the State any Federal highway funds. (Not to mention the impact on auto insurance rates in that State!)
[See also: The several States that have not adopted the expanded Medicare program offered under the Federal Affordable Care Act. States actually have a lot of latitude to participate, or not, in many Federal programs. The costs of those decisions, both for and against, need to be weighed by each State's Legislature.]
Your (State's) choice!
I read the rules and regulations on this site. I read them because I wanted to know what I might need in case I set up my own website.
So I have been told, read, and watched, while my elders and siblings did their thing while I grew up, bben46.
Not hardly - Evey state has a law as to the age when you can get a drivers license. Typically between 16 and 18 - your parents absolutely cannot get you one any earlier. But they can keep you from getting a drivers license if you are under 18.
As for the credit card, It will be in your parents name. It may have your name on it, but legally it is their card and they are responsible for anything charged on it. Some banks will just refuse to do that unless the kid is in college. Most parents give the kid a prepaid card. And the kid will brag to his friends about how he has his own credit card (it's actually not a real credit card though) The banks recruit for credit cards on campus knowing that a lot of the kids are turning 18 and away from home for the first time and so, make for easy suckers for high rates and low limits.
There are a lot of LAWS, both federal and state that apply to underage people. The alcohol laws are one - no alcohol, not even beer may be sold to any one below the age of 21. And anyone caught buying it for them (including parents) can be sent to jail. The federal government forced that on the states some years ago. Prior to that where I live it was 18 for beer, and 21 for liquor. Which I consider much more reasonable. Even the cell phone companies can not sell a phone to anyone under 18, Their parents must buy it for them, and agree to be responsible for any bills.
Advertisements and Premium?
Being a premium member does not turn the pages advertisements off until you sign in.
There were so many 13 year olds, bragging about the fact that they were when I first arrived, it was ridiculous.
In the U. S. of A 17 year olds still are not allowed a right to be signing legal contracts in the U. S. until they are 18. Parents have to approve anything they want to get that includes a contract until they are 18 years of age.
The conscientious Parents are not going to pay for Premium, unless the advertisements their children see, before they sign in, are non-offensive to the parents preferences for raising their young. Unless the advertisements are controlled, business will not flourish as much. May not seem like much when it's only a few pennies a year, but in the long run more people will not join.
The best way to avoid ads altogether is to go premium - just signing up for premium for even the shortest time means NO ads EVER again on Nexus. This also goes for supporter members - for a whopping UK 1.29. or US equivalent ( about $2.00) no ads - not just for a short time, but for life. No other site I have ever seen does this for it's members. - NONE! For just a small amount more, you can try out premium for a month and still get the NO ADS for LIFE included with the other benefits.