Forums back online

Come in, pull up a chair, let's discuss all things Ryzom-related.
Post Reply
User avatar
lawrence
Posts: 1238
Joined: Tue Sep 21, 2004 9:00 am

Forums back online

Post by lawrence »

An announcement containing further details on this downtime will be posted shortly.
Top
User avatar
lawrence
Posts: 1238
Joined: Tue Sep 21, 2004 9:00 am

Re: Forums back online

Post by lawrence »

Here's the announcement:
Nevrax wrote: On the evening of Sunday, November 21st a malicious individual used a flaw in software that was used to run some of the old Ryzom forums in order to gain low-level access to the Ryzom web server. Less than an hour after the hack, the Nevrax engineers were made aware of the problem and immediately closed down the server as a precaution. Although no passwords are stored openly on this server, passwords are accessible to the forum software in an encrypted form in order to allow players to login. As a precaution to our customers, we strongly advise all players to change their passwords. This can be done by visiting https://secure.nevrax.com/payment_profile/.

The Ryzom web server that was attacked only manages the Ryzom web sites and forums. It is not connected to the game servers or to the billing and account system in any way. All billing information is held by a special third-party company. Consequently, there is absolutely no way that anyone could gain access to players' billing details from the Nevrax servers.

In the interest of security, the Nevrax engineers have kept an absolute minimum web service running while they have been analyzing the web server and installing and configuring a completely new replacement server. The engineers have now analyzed the contents of the web server's hard drive. They have been able to track down the software flaw that the individual exploited in order to gain access to the server. A new release of the software (PHPBB 2.0.11 released on November 18th) fixes the flaw and should be installed by any of you who are running forums with PHPBB. All necessary steps have been taken to prevent a similar attack in the future and the old Ryzom forums have now been removed.

We apologize for any inconvenience this event may have caused you, and wish to thank you all for the patience you afforded us while we took the time to be as thorough as possible.

-Your Ryzom Community Managers
Top
Post Reply

Return to “General”