Compromised Moderator Login; your data is safe though

In the OT- Humor & Jokes-forum, the thread about the funny images (I don´t know the correct title) seems to be missing, too.
Yeah, I don't see it.
 
A database backup is run every 12h, and the last one was affected by the hack. Xenforo support will most likely only be available tomorrow morning, at which point a database rollback will mean losing 36h of posts.
For sure easiest (for them) solution proposed would be restoring from backup. Doing this thread merge was unfortunately clever action by hacker, because it's much more damaging compared to deleting threads where it's usually soft-delete (depending on account's privileges). I would be really (positively) surprised if this engine has some damage-repairing capabilities of such scenario. It seems very unlikely. I don't know XenForo under the hood, but in general I'm thinking about one way available backup could be used to help restore those massive threads without the need for rollback. In general "thread" and "post" tables should be simple one-to-many relation tables linked by key column. Restoring last not poisoned backup somewhere on the side should allow you to run queries for those large topics and get all post_id of posts belonging to specific thread_id. Then maybe you could just run update query for those posts on live database changing their thread_id. This way last 12-36 hours cannot be saved and those posts would stay in this merged thread, but large portion of big threads could be restored. But for sure it shouldn't be tried without support of XenForo. Might be that more is happening with this data under the hood and manual updates could do more damage.
 
Last edited:
Restoring last not poisoned backup somewhere on the side should allow you to run queries for those large topics and get all post_id of posts belonging to specific thread_id. Then maybe you could just run update query for those posts on live database changing their thread_id.

Another option would be to not touch to existing corrupted data (as Xenforo may consider that too risky), but to recreate new threads as copies from those in the older non-corrupted backup.
 
It seems right now the most productive thing has been dealing this by ourselfs.
Or better said: Mostly lymond.
A part of the threads is back, a part not yet. We are working on this.


Any word on restoring the player count thread? Assuming it’s even possible given that it was so many pages

There is currently already a replacement thread, and there is not much actual content in this thread... so....
It seems we will accidentially restore it though while splitting of other content.

Yeah, I don't see it.

Yes, that one is still burried.
 
I think passkeys will be the answer but aren't there yet.

I don't own a cellphone or tablet (by choice - I won't make a rant on my personal reasons). I have a landline and a laptop at home, and another landline and laptop at work. Is this passkey consideration going to potentially lock me out of CivFanatics?
 
I don't own a cellphone or tablet (by choice - I won't make a rant on my personal reasons). I have a landline and a laptop at home, and another landline and laptop at work. Is this passkey consideration going to potentially lock me out of CivFanatics?
Passkeys work perfectly well on general purpose computers, ie. your laptops.
 
I have no idea what a passkey is. It's apparently not like a password, but what is it?
 
I have no idea what a passkey is. It's apparently not like a password, but what is it?
A passkey is a login mechanism that uses dual key encryption to avoid the need to transfer the actual secret. It avoids most of the problems with passwords, and I think should be the defaul way all web site authenticate users.
 
You're never going to get widespread buy-in for an authentication system that needs to include a "you might lose access to all your accounts if you lose access to your device" as a warning, because (as most people perceive it), loss/damage/destruction/theft of the physical device is a far more *real* threat than someone managing to get into their online accounts.

This is in part a case of people being bad at judging threat and underestimating the online threat, but also in equal part a case of design myopia with passkeys, that do a piss-poor job of addressing the risk of account loss.

(And in the largest part a case of online services refusing to take any responsibility for their business systems and instead pushing all the risk on to customers, leading to entirely ridiculous and excessive security demand on the consumer that lead to security fatigue).
 
You're never going to get widespread buy-in for an authentication system that needs to include a "you might lose access to all your accounts if you lose access to your device" as a warning, because (as most people perceive it), loss/damage/destruction/theft of the physical device is a far more *real* threat than someone managing to get into their online accounts.
This is very true. KeePassXC runs from a local encrypted database that you unlock with a password and it takes however many seconds you say to check. That gives you passkeys, as well as password/username and TOTP authentication. That database can be backed up with the rest of the data you care about and if someone gets hold of it it is really hard to guess the password.

To make a paper backup is much harder, but posible if you have a printer you trust. You need the data under Edit Entry, you need them all but KPEX_PASSKEY_PRIVATE_KEY_PEM is ~1.7k. You can do that on an A4 sheet of paper with a QR code with reasnoble amount of error correction and have a good chance of reading it back years later, but you have to test it before relying on it.
 
The first one is a solution for computer-versed people who (being computer versed) regularly back up their data, but for a lot of end-user who have little to no computer literacy, it's going to sound as daunting as anything else - because "backing up your data" sounds like some extra step you need to take yourself, and one that they won't necessarily link with any automated data back up their system may naturally come with.

The second one, yeah, that's for an incredibly small niche of people who both don't trust their database but know what a trusted printer is, and who don't feel daunted by that amount of information on paper. Otherwise known as a vanishly small solution.

Passkeys for moderators of big websites can probably be argued for, but they aren't ready to serve as a mass market solution yet.
 
The first one is a solution for computer-versed people who regularly back up their data, but for a lot of end-user who have little to no computer literacy, it's going to sound as daunting as anything else - because "backing up your data" sounds like some extra step you need to take yourself, and one that they won't necessarily link with any automated data back up their system may naturally come with.

The second one, yeah, that's for an incredibly small niche of people who both don't trust their database but know what a trusted printer is, and who don't feel daunted by that amount of information on paper. Otherwise known as a vanishly small solution.

Passkeys for moderators of big websites can probably be argued for, but they aren't ready to serve as a mass market solution yet.
If you cannot back up data then what do you rely on? You have ruled out device based being the last line of defence, out of band communication just pushes the problem one level up, TOTP are just passwords that you cannot make bad and cannot so easily MITM (and most of the tools are effectively device based), and just using your brain to remember passwords is some combination of difficult and insecure. The list of solutions is not that long.

The other point I am making is not that people should be forced to use them, I am all for people having a choice, but they should be much more widely supported. The_J talked about 2FA, I do not see why a site like this would implement any of the above methods before passkeys, but I have nothing to do with running any sites like this so what do I know.
 
Last edited:
Well, if there's one thing I know for sure, it's that I'm *not* a representative sample of humans, so it's not what I can or cannot do, but what the number of non-computer-literate people out there who nonetheless still need access to all these online services can and cannot do. So the fact that I do, in fact, use data backups is not particularly relevant here.

And yes, most of them rely on insecure (reusing the same 2-3 passwords) or difficult and insecure (piece of paper) or difficult (trying to remember all the passwords).
 
Well, if there's one thing I know for sure, it's that I'm *not* a representative sample of humans, so it's not what I can or cannot do, but what the number of non-computer-literate people out there who nonetheless still need access to all these online services can and cannot do. So the fact that I do, in fact, use data backups is not particularly relevant here.

And yes, most of them rely on insecure (reusing the same 2-3 passwords) or difficult and insecure (piece of paper) or difficult (trying to remember all the passwords).
That is exactly what got us into this situation, right? The solution presented was 2FA. It seems that it is up to "us", as in those people who choose what options to present to users, to users the best options available, and out of all those currently available it seems passkeys are the best.
 
Do mod accounts have that much freedom to change things, or was this the absolute worst that could happen? (manipulating threads and banning some users)
Also, was this a programming-wise illiterate hacking (just making use of a poor password by guessing etc), or something which also implies use of code/tools?
Tbh, it could have been used more stealthily, by impersonating the mod, instead of immediately banning people ^^
 
Tbh, it could have been used more stealthily, by impersonating the mod, instead of immediately banning people ^^
To me this all sounds more like an angry person kicked from the site (for being an idiot) who wanted revenge, and anger is seldomly stealthy
 
Not really, because if you make entry more complicated, even by so small an amount as it may seem to you, compared to other services, people will use the other services. Every little extra step, every little extra moving piece that is outside the user's regular experience, make the process an order of magnitude more daunting, and before long, you've lost them to something simpler.

Look at Mastodon versus Bluesky. Mastodon remains a niche service, and was never able to mount a serious challenge to Twitter, because it just look a *little* more complex to join (ie, you have to chose an instance) than Xitter. Bluesky comes along, set up its own system with the same joining process as Xitter, and the next thing you know it's the alternative to it.

It's the same for Linux vs Windows, and any number of open source alternative to corporate software. The average people want convenient and comfortable more than they want safe and private.
 
Not really, because if you make entry more complicated, even by so small an amount as it may seem to you, compared to other services, people will use the other services. Every little extra step, every little extra moving piece that is outside the user's regular experience, make the process an order of magnitude more daunting, and before long, you've lost them to something simpler.

Look at Mastodon versus Bluesky. Mastodon remains a niche service, and was never able to mount a serious challenge to Twitter, because it just look a *little* more complex to join (ie, you have to chose an instance) than Xitter. Bluesky comes along, set up its own system with the same joining process as Xitter, and the next thing you know it's the alternative to it.

It's the same for Linux, and any number of open source alternative to corporate software. The average people want convenient and comfortable more than they want safe and secure.
As I say, I would accept this argument if everyone was given the option of passkeys but opted for the combination of passwords, TOTPs and OOB messages that we have to deal with. That is not the case, so I do not see a good argument for it being primarily users who are driving the choice.
 
One need not literally offer both services to know about audiences reactions. The effect of increasing complexity on accessibility and user base size can easily be observed from any number of cases where this *was* done already.

In more general terms also, studies of consumer behaviours and actions allow for some reasonably quite well educated guesses as to whether making the registration process more complex would harm accessibility (and usage) of a service in the long run.

Even pushing Passkeys as the default option and requiring an extra step for people to chose an alternative could do that. For most online services, the risks taken versus potential benefits are just not there to make this a reasonable option to push.
 
Back
Top Bottom