yobit.net eobot.com digifinex
  • Thank you for visiting DiscoverXS your pheromone research community.
    If this is your first visit please register so you can join the community: click the Sign Up link above to proceed.
    To start viewing messages, please login and select the forum that you want to visit from the selection below.

Announcement

Collapse
No announcement yet.

Security Vulnerability Detected and Corrected!

Collapse
X
Collapse
  •  

  • Security Vulnerability Detected and Corrected!

    Dear Community Members,

    End of September 2019 a security vulnerability was detected for VBulletin 5 (VB5) that would allow hackers to inject bad-stuff into a community forum such as ours. The hack, a zero-day vulnerability, allows the hacker to gain control over the server the forum is on. As such, patches have been issued and already installed on our discoverXS community forum.

    All of the Aser Gruppe servers and websites use a series of security measures that monitor, control, shut-down or circumvent any type of exploits. Our Systems Administrator is one of the very best in the industry and response times to any threats are real-time typically within minutes. We take several other preventative measures such as hardening servers from attack, hosting images through a CDN, utilizing email servers separated from our main server just to name a few, but without giving too much information on infrastructure away. While nothing is invincible your safe experience here is very important!

    Another key element to protect against vulnerabilities is a 3rd party mod security that virtually shields us from these types of attacks. The way I understand it to work is even if our sites were hacked it would only effect a virtual copy of the site, isolated from the actual servers and websites. It's kind of like a bad person taking a rotten apple and putting it in a box of other apples hoping the rot spreads. Except the box they put the rotten apple in is a hologram copy of the real apples which remain unaccessible and safe. While that apple was still injected, it's completely isolated and removed from all the other apples.

    Okay so now you're probably wondering why I am telling you all this. XS believes in community and transparency. VB5 released a patch for this security vulnerability on September 29th and a subsequent patch just the other day. Both times the patch was immediately installed and the forum upgraded. While preparing the site to be patched the first time my System Admin noticed somebody had attempted to exploit the vulnerability but is confident they did not succeed. Our security features worked exactly as they were set-up to. We literally went through everything to ensure all was good and it was.

    However in the process of patching/upgrading some features were disabled or removed (like the side banners touting Lifetime Discounts, free shipping, newsletter signup...). Typically when we upgrade we have a lot of custom features and mods we use that take time to reintegrate into the upgraded versions. In the interest of security it was best to forgo those mods so that the security patches could be installed as a priority over any mod that can be restored later. Unfortunately we also messed up the ability to post via firefox, but that should be restored shortly too.

    In the interest of community and transparency I want to inform everyone that these events did take place but all of the steps we use towards security and prevention, I previously mentioned, worked perfectly in preventing the exploit from taking root. In other words I do believe somebody tried to hack discoverXS but was unsuccessful. Most of these systems were originally set up by idle and now maintained by a Systems Admin.

    Most of you are probably thinking cool you guys caught it, and you'd be right. A hacker attempted to gain control by exploiting the vulnerability but we prevented anything from happening. The exploit was contained and patched and no data was leaked and our servers remain secure. Nevertheless providing a safe and secure experience here has always been super-important.

    The way I'm looking at this is if somebody tried to break into my neighbors house, I'd want to know. I'd take a look at my own house and make sure windows are locked, my alarm is armed and the entry sensors and motion detectors are all working properly. Same thing with the smoke/carbon monoxide detectors. Change your battery every time you set the clocks or minimum 6 months. You hope you never have to hear them work, but it sure is a comfort knowing they do.

    I just wanted to be upfront with everybody and a big shout out to idle for locking things down like he did from the very start. All the old features and a lot of new features should be up and running in tip-top shape in just a couple of days. New avatars to choose from, better search functions, a new "Likes" feature that enables you to see the first few likes and who they're from without hovering. You'll also be able to see a summary of how many likes a community member has given as well as received on all posts under their username.

    Again thanks for being the best little pheromone community on the web and firefox should be fixed sometime early morning. Its taking awhile and being very stubborn.

    XSteveO

    • Mysticbeauty
      #1
      Mysticbeauty commented
      Editing a comment
      I should of checked the topics earlier. I'm glad to know everything will be up and running soon. I emailed PXS this afternoon, just disregard that. Btw I can use the post comment feature but not the post reply.

    • NuTrix
      #2
      NuTrix commented
      Editing a comment
      Was able to post here just now, but not anywhere else :( I have an android system if it makes a difference?
    Posting comments is disabled.

Latest Articles

Collapse

  • Security Notice Part 2
    by XSteveO
    Dear friends and fellow community members,

    It is with regret, that I inform you of a breach that's affected our community forum. I reported publicly (Security Notice) of a potential VB5 vulnerability that allowed the malicious injection of a zero-day exploit. This exploit was detected and quickly corrected, but unfortunately, it does now appear some emails and subsequent passwords were leaked. VBulletin passwords are stored in an encrypted database however and typically reported as...
    05-13-2021, 09:03 AM
  • Forum Upgrade Next Week October 12th thru ?
    by XSteveO
    We will be upgrading the forum next week fixing a lot of the bugs we have. If anybody has a suggestion as to what you'd like to see or be able to do, let us know here, please.

    In the meantime here are some changes I am adding
    Dark Mode
    Fix Nav Bar
    Posts taking forever to post
    Inline Quote not working correctly
    Search Function Mod (better search functionality)
    Custom Avatars (You will be able to choose what you want
    Chat Function like the store...
    10-09-2020, 10:29 AM
  • Security Notice
    by XSteveO
    Our DiscoverXS Community Forum experienced a breach, which we took immediate steps to correct. While we are still investigating, it does not appear any data was leaked. If we determine otherwise I will notify you accordingly.

    What Happened?
    On August 12, 2020 our mod security program running on our servers identified a potential harmful upload which was immediately isolated. Out of precaution the forum was set to maintenance mode making it unavailable to access. We have taken...
    08-13-2020, 02:38 PM
  • New Community Features
    by XSteveO
    A couple new features we've installed to enhance the user experience.

    ...
    10-18-2019, 11:03 AM
  • Security Vulnerability Detected and Corrected!
    by XSteveO
    Dear Community Members,

    End of September 2019 a security vulnerability was detected for VBulletin 5 (VB5) that would allow hackers to inject bad-stuff into a community forum such as ours. The hack, a zero-day vulnerability, allows the hacker to gain control over the server the forum is on. As such, patches have been issued and already installed on our discoverXS community forum.

    All of the Aser Gruppe servers and websites use a series of security measures that monitor,...
    10-14-2019, 02:30 PM
  • Firefox Posting Broken. We are working on a solution.
    by XSteveO
    We upgraded the forum last night again and now are having some issues with firefox. Seems like other browsers are working. I know Chrome, IOS and Safari are working. Can someone check Opera and heavens forbid windows? Any others you might use too
    10-14-2019, 11:08 AM
Working...
X