| View previous topic :: View next topic |
| Author |
Message |
Pixeldust (Lucy Paulina Sears)
Kessel Base XO
Joined: 10 Feb 2013
Posts: 889
Location: Houston, TX
Medals: 4 (View more...)
|
 Posted: Mon Nov 04, 2019 3:51 am Post subject: Website Security
|
 |
|
For the first time since I've been logging into the RL site, I have come across this today. It took a bit to get around it but it makes me a bit nervous.
I know it's always told me it's "insecure" but this was a bit unnerving. Are we doing anything to make the website more secure?
Edited for better photo with more details
_________________
Lucy
Kessel Base XO
Wretched Hive DXO
Mother of Jawas
 |
|
| Back to top |
|
 |
QuiGonJyn ()
Active Legion Member
Joined: 08 Aug 2019
Posts: 19
Location: Kentucky
Medals: None
|
| Posted: Mon Nov 04, 2019 4:34 am Post subject:
|
|
|
| Same issue here - it's working normally in other browsers, but Chrome isn't allowing me to access any part of the site |
|
| Back to top |
|
|
DevinShadowV (Devin Vanassche)
Joined: 03 Oct 2017
Posts: 34
Location: Milwaukie, oregon
Medals: None
|
| Posted: Mon Nov 04, 2019 4:41 am Post subject: Re: Website Security
|
|
|
| Pixeldust wrote: | For the first time since I've been logging into the RL site, I have come across this today. It took a bit to get around it but it makes me a bit nervous.
I know it's always told me it's "insecure" but this was a bit unnerving. Are we doing anything to make the website more secure?
Edited for better photo with more details |
Yeah I'm having the same problem so I have to move over to firefox just to reply to this.
_________________
Hey need a photographer check out my portfolio page link in the website link.
http://www.devinshadowv.net
work-in progress:
researching X-Wing suit (OT) |
|
| Back to top |
|
|
Dr. Morbius (Ingo Kaiser)
Legion Costume Judge
Joined: 01 Apr 2016
Posts: 351
Location: Germany
Medals: None
|
| Posted: Mon Nov 04, 2019 11:14 am Post subject:
|
|
|
Same problem!
This should be top priority to be fixed, really!
_________________
 |
|
| Back to top |
|
|
NateH (Nate Hoffman)
Bantha Canyon Base XO
Joined: 01 Jun 2013
Posts: 150
Location: Rio Rancho, NM
Medals: None
|
|
| Back to top |
|
|
mgb1016 (Melissa Branch)
Active Legion Member
Joined: 03 Dec 2017
Posts: 34
Location: Powhatan, Virginia
Medals: None
|
| Posted: Mon Nov 04, 2019 4:20 pm Post subject:
|
|
|
I've had the same thing going on since last night with Chrome, and on different computers. I was able to login just now with Internet Explorer.
_________________
Freedom Base:
Benthic Two Tubes
Garrison Tyranus - Galactic Center Squad:
ESB Stormtrooper - TK-12189
TFA Kylo Ren - DS-12189 |
|
| Back to top |
|
|
ladysolo14 ()
Legion Membership Officer
Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
|
| Posted: Mon Nov 04, 2019 6:28 pm Post subject:
|
|
|
This has been taken care of. The site has not been compromised in anyway and when I say that all data is safe.
What happened is the DB94 detachment site was compromised and injected with phishing code. Since that site is a subdomain of rebellegion.com it flagged all the sites as dangerous.
I have taken down the DB94 site and quarantined the files. I'll reach out to the detachment leader as this happened due to the WordPress site not properly being updated with security updates.
While Adam and I were fixing things we also added a valid certificate for https.
I have a request in with Google to re-review the site and hopefully all the warning will go away at the latest in 72 hours. |
|
| Back to top |
|
|
ardavenport (Anne Davenport)
Active Legion Member
Joined: 25 Oct 2004
Posts: 1497
Location: Florida, USA
Medals: 6 (View more...)
|
| Posted: Mon Nov 04, 2019 11:58 pm Post subject:
|
|
|
I just got the same thing here, so google hasn't changed anything yet. I'm using Microsoft Edge to post this.
_________________
Your focus determines who you are. |
|
| Back to top |
|
|
ladysolo14 ()
Legion Membership Officer
Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
|
| Posted: Tue Nov 05, 2019 4:10 am Post subject:
|
|
|
| ardavenport wrote: | I just got the same thing here, so google hasn't changed anything yet. I'm using Microsoft Edge to post this.
|
I haven't heard anything back from google yet. I submitted the review request again as well. |
|
| Back to top |
|
|
Amelia (Emily Haas)
Detachment CO
Joined: 29 Aug 2017
Posts: 483
Location: Cary, NC
Medals: None
|
| Posted: Tue Nov 05, 2019 10:45 am Post subject:
|
|
|
| Quote: | | I have taken down the DB94 site and quarantined the files. I'll reach out to the detachment leader as this happened due to the WordPress site not properly being updated with security updates. |
I let our team member who handles the website know about this. Do you want me to have them coordinate directly with you to get the WordPress security updates in order?
_________________
Docking Bay Commanding Officer
Blue Ridge Base Membership Officer
Docking Bay 94 Costuming Membership Officer (2018-2019) |
|
| Back to top |
|
|
ladysolo14 ()
Legion Membership Officer
Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
|
| Posted: Tue Nov 05, 2019 4:20 pm Post subject:
|
|
|
| Amelia wrote: | | Quote: | | I have taken down the DB94 site and quarantined the files. I'll reach out to the detachment leader as this happened due to the WordPress site not properly being updated with security updates. |
I let our team member who handles the website know about this. Do you want me to have them coordinate directly with you to get the WordPress security updates in order? |
Yes but right now the site is completely quarantined on the servers and not accessible. It is highly infected and I'm not sure how salvageable. I would have concerns about injections into the database as well. We can have a conversation about what is recoverable but it might be best to start with a clean slate and see what data and content can be safely migrated to a new site. |
|
| Back to top |
|
|
kman ()
Active Legion Member
Joined: 25 May 2016
Posts: 1207
Location: Tarzana, CA
Medals: 1 (View more...)
|
| Posted: Tue Nov 05, 2019 8:58 pm Post subject:
|
|
|
Ouch. I hope the db94 data can be salvaged! Are there any uninfected backups?
_________________
 |
|
| Back to top |
|
|
Amelia (Emily Haas)
Detachment CO
Joined: 29 Aug 2017
Posts: 483
Location: Cary, NC
Medals: None
|
| Posted: Tue Nov 05, 2019 11:13 pm Post subject:
|
|
|
| Quote: | | Yes but right now the site is completely quarantined on the servers and not accessible. It is highly infected and I'm not sure how salvageable. I would have concerns about injections into the database as well. We can have a conversation about what is recoverable but it might be best to start with a clean slate and see what data and content can be safely migrated to a new site. |
That makes sense. We definitely don't want it to get worse or make it a problem for elsewhere in the Legion. I'm afraid I don't know much about the website operation/back-end, but I will pass this on to the person on the team who does.
| Quote: | | Ouch. I hope the db94 data can be salvaged! Are there any uninfected backups? |
We have a lot of the raw data saved elsewhere.
_________________
Docking Bay Commanding Officer
Blue Ridge Base Membership Officer
Docking Bay 94 Costuming Membership Officer (2018-2019) |
|
| Back to top |
|
|
G'nott sH'urr (David Campbell)
Base Membership Officer
Joined: 01 Dec 2008
Posts: 2550
Location: Snake Central, Louisiana
Medals: 1 (View more...)
|
| Posted: Thu Nov 07, 2019 12:52 pm Post subject:
|
|
|
As of 630 central time this morning I had the same red pop up on my phone. This was using Google and Chrome. I was trying to gain access through the main Legion website.
_________________
Once I was Dewka, but now I'm just G'nott sH'urr
NCOIC, "GUNNY" Marine Detachment Barbarossa
David, Louisiana's first Visitor. |
|
| Back to top |
|
|
ladysolo14 ()
Legion Membership Officer
Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
|
| Posted: Thu Nov 07, 2019 5:15 pm Post subject:
|
|
|
Finally heard back from Google this morning and they removed the warnings on the site. Currently I am not getting them anymore and hopefully they go away from everyone in the next few hours.
The web team is having discussions on how to avoid this in the future. A lot of issues will be resolved as we shift into server migration. For now we think it will be putting quick bandaids in place as we feel the best use of time is to get onto a new server where security and technology is updated which will aid us in preventing things like this happening. |
|
| Back to top |
|
|
|
FAQ 
Search 
Memberlist 
Usergroups 
Medals
Register
Profile 
Log in to check your private messages 
Log in
