Search the Community

Showing results for tags 'exploit'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Categories

  • Tutorials and Guides
    • Blamite Game Engine
    • Website and Forums
    • Miscellaneous
  • Resources
    • Guidelines
    • Troubleshooting
    • History
    • Blamite Game Engine
    • Website and Forums

Categories

  • Project: Infinity Issue Tracker

Categories

  • Blamite Game Engine Issue Tracker

Categories

  • Elaztek Launcher Issue Tracker

Categories

  • Introduction
  • Using the Engine
    • Configuration & Settings
    • Debugging
    • In-Engine Tools
  • Using the Editing Kit
    • Foundry
    • Guerilla
    • Sapien
    • Tool
    • Customization
  • Technical Information
    • File Formats

Categories

  • Blamite Game Engine Suggestions
    • Archive
  • Website/Forums Suggestions
    • Archive
  • Discord Suggestions
    • Archive
  • Other Suggestions
    • Archive

Categories

  • Volunteer Positions
  • Paid Positions
  • Submitted Applications

Forums

  • Community Hub
    • News & Announcements
    • Suggestions & Feedback
    • Staff Applications
  • Server Management
    • Support
    • Reports
    • Ban Appeals
  • Projects
    • Infinity
    • Blamite Game Engine
    • DonationStore
    • Sandbox
  • Server Discussion
    • Discord
  • Community Discussion
    • The Den
    • Computers & Tech
    • General Gaming
    • PC Gaming
    • Console Gaming
    • Tutorials & Guides
  • Area 51
    • Archive

Product Groups

  • Games
  • DLC/Downloadable Content
  • Software
  • Merchandise

Blogs

  • Update Notes
  • Raven Runner Game - Official Updates
  • Elaztek Launcher Update Notes
  • Blam Update Notes
  • Blamite Development Blog
  • Haloman30's Blog
  • Eon Blog
  • Galactiminer Update Notes
  • HealthAndMore
  • Hebe Medical Spa
  • Why Manual Testing Five Reasons
  • Breath of life
  • Employee time clock app
  • Sandbox Update Notes
  • RS2HOT
  • Z2U.COM is a player-to-player online trading platform where players can buy and sell amongst themselves many different virtual gaming assets.
  • Can the Reds Win the NL Central in 2025?
  • Collaborative Survival: SME Alliances in High-Cost Green Transitions
  • Collaborative Survival: SME Alliances in High-Cost Green Transitions
  • Mmoexp CFB 25 Coins: Skipping or Replaying Highlights
  • Mmoexp POE currency: Boss Arena Setup
  • test's Blog

Categories

  • Official Games/Projects
    • Blamite
    • Sandbox
    • Project: Infinity
    • Elaztek Launcher
    • Legacy
  • Community
    • Project: Infinity Mods
  • Blamite Game Engine
    • Tools and Utilities
    • Editor Themes

Calendars

  • Project: Blamite Game Engine
  • Project: Miscellaneous
  • Community Calendar

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Github


Minecraft Username


Steam


Gitlab


Xbox LIVE


Website URL


Discord


Skype


Gender


Location


Interests


CPU


Graphics Card (GPU)


Motherboard


Operating System


Memory (RAM)


Cooling Type


Storage


Other PC Info

Found 1 result

  1. Some of you may have noticed that the Elaztek Studios website has been offline for a few days. Unlike some other past outages, this wasn't because of some internal server problem or some kind of migration. Unfortunately, the Elaztek website was subject to a security exploit - and the outage was us locking everything down to ensure everything is cleaned up and in working order before opening it back up again. If you don't care about the details of the hack, here's the key bits of information: No real damage appears to have been done, and our logs and analysis suggest that the attacker did not have the chance to actually perform any malicious action It is still theoretically possible that the attacker was able to view and access sensitive areas, including user accounts - as such, you may wish to reset your password both here, and on any other sites that also have the same password The exploit in question has been patched, and we've made several changes to limit potential future damage going forward If that's all you cared about, feel free to stop reading here. If you're interested in the exploit itself and what actually went down, as well as details of what we've done to lock things down - the rest of this announcement is for you. The Attack On July 11th, at 7:39 PM, I received an email regarding my own elaztek.com account, where someone had requested a password reset. A bit before 8PM, I noticed this and was initially amused - but still went ahead and made sure I could login and such. I was able to, and clicked around in the AdminCP a bit before heading to the frontend of the website - where I noticed I was now logged out. Returning to the AdminCP, I was now signed out - and unable to sign in. At 7:58 PM, I received another email - saying that I had logged in from another device. Uh oh. At this realization, I immediately hard reset the entire webserver - and then, upon it coming back online, I locked it all down from that point until today, the site has been sending out an HTTP 403. Upon further research, it appeared that the issue was due to a vulnerability within the forum software we use - one that had actually been patched some time ago, but I had neglected to update the software. At this realization, I attempted to upgrade the elaztek.com site - but ran into some technical issues with the upgrader, so I left it locked down. I was, however, able to upgrade the Chaotic United website - which was running the same software. After that was done, with being late in the night and having work the following day - and me already being tired before all of this, I left elaztek.com offline and went to bed. The following morning, I did some further research, and found a webpage documenting the vulnerability - all but confirming this is what happened. The previous night I had checked traffic from this IP address, and noticed it was making a large number of requests to the store application - and this exploit was in fact with that very store application. It was one of the classic blunders - input that wasn't properly sanitized, allowing for SQL injection. That page can be seen here. As of last night, I was able to successfully get elaztek.com upgraded - I could have then likely turned things on and called it a day, however I wanted to wait until today to get a few other things sorted out first. Locking Down So - what did we do to secure things down, exactly? Well - I won't go into everything, but some of the key highlights (besides upgrading the website, of course) include: Restricting the AdminCP to specific IP addresses only Rolling back the MySQL database to earlier in the day, prior to the attack Ensuring that MySQL credentials are not used for multiple websites/databases to eliminate the possibility of cross-site SQL attacks Permanently blocking the IP address of the attacker (isn't super useful since VPNs exist, but hey - can't hurt) Testing the previous exploit ourselves, with the site software updated - the exploit is in fact patched If any of you have any questions or concerns about this, feel free to reach out either here on the site, or on our Discord.