Forum and Costume Controls

   FAQFAQ  SearchSearch  MemberlistMemberlist   UsergroupsUsergroups  medals.php?sid=4ec9f448b0268e54471713823aa5238fMedals   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in

       
REMINDER: Do not change your e-mail address yourself. Please read this first for why.

Website Security
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Rebel Legion Forum Index -> Rebel Legion Operations -> Legion Tech Support
View previous topic :: View next topic  
Author Message
Pixeldust (Lucy Paulina Sears)
Kessel Base XO
Kessel Base XO


Joined: 10 Feb 2013
Posts: 889
Location: Houston, TX
Medals: 4 (View more...)
Boston Supporter (Amount: 1)

PostPosted: Mon Nov 04, 2019 3:51 am    Post subject: Website Security Reply with quote

For the first time since I've been logging into the RL site, I have come across this today. It took a bit to get around it but it makes me a bit nervous.

I know it's always told me it's "insecure" but this was a bit unnerving. Are we doing anything to make the website more secure?



Edited for better photo with more details
_________________
Lucy
Kessel Base XO
Wretched Hive DXO
Mother of Jawas

Back to top
View user's profile Send private message Visit poster's website
QuiGonJyn ()
Active Legion Member


Joined: 08 Aug 2019
Posts: 19
Location: Kentucky
Medals: None

PostPosted: Mon Nov 04, 2019 4:34 am    Post subject: Reply with quote

Same issue here - it's working normally in other browsers, but Chrome isn't allowing me to access any part of the site
Back to top
View user's profile Send private message Visit poster's website
DevinShadowV (Devin Vanassche)



Joined: 03 Oct 2017
Posts: 34
Location: Milwaukie, oregon
Medals: None

PostPosted: Mon Nov 04, 2019 4:41 am    Post subject: Re: Website Security Reply with quote

Pixeldust wrote:
For the first time since I've been logging into the RL site, I have come across this today. It took a bit to get around it but it makes me a bit nervous.

I know it's always told me it's "insecure" but this was a bit unnerving. Are we doing anything to make the website more secure?



Edited for better photo with more details


Yeah I'm having the same problem so I have to move over to firefox just to reply to this.
_________________
Hey need a photographer check out my portfolio page link in the website link.
http://www.devinshadowv.net

work-in progress:
researching X-Wing suit (OT)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Dr. Morbius (Ingo Kaiser)
Legion Costume Judge
Legion Costume Judge


Joined: 01 Apr 2016
Posts: 351
Location: Germany
Medals: None

PostPosted: Mon Nov 04, 2019 11:14 am    Post subject: Reply with quote

Same problem!
This should be top priority to be fixed, really!
_________________
Back to top
View user's profile Send private message Send e-mail Visit poster's website
NateH (Nate Hoffman)
Bantha Canyon Base XO
Bantha Canyon Base XO


Joined: 01 Jun 2013
Posts: 150
Location: Rio Rancho, NM
Medals: None

PostPosted: Mon Nov 04, 2019 4:08 pm    Post subject: Reply with quote

I agree that this needs to be fixed. I would be concerned that the site has been compromised in some way.

Here are two support articles about it, the web master should be able to get more information using the second article.

https://support.google.com/chrome/answer/99020?visit_id=637084799314247548-3355924310&p=cpn_safe_browsing&hl=en&rd=1

https://developers.google.com/web/fundamentals/security/hacked/request_review
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
mgb1016 (Melissa Branch)
Active Legion Member


Joined: 03 Dec 2017
Posts: 34
Location: Powhatan, Virginia
Medals: None

PostPosted: Mon Nov 04, 2019 4:20 pm    Post subject: Reply with quote

I've had the same thing going on since last night with Chrome, and on different computers. I was able to login just now with Internet Explorer.
_________________
Freedom Base:
Benthic Two Tubes
Garrison Tyranus - Galactic Center Squad:
ESB Stormtrooper - TK-12189
TFA Kylo Ren - DS-12189
Back to top
View user's profile Send private message Visit poster's website
ladysolo14 ()
Legion Membership Officer
Legion Membership Officer


Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
Gold Star (Amount: 1)

PostPosted: Mon Nov 04, 2019 6:28 pm    Post subject: Reply with quote

This has been taken care of. The site has not been compromised in anyway and when I say that all data is safe.

What happened is the DB94 detachment site was compromised and injected with phishing code. Since that site is a subdomain of rebellegion.com it flagged all the sites as dangerous.

I have taken down the DB94 site and quarantined the files. I'll reach out to the detachment leader as this happened due to the WordPress site not properly being updated with security updates.

While Adam and I were fixing things we also added a valid certificate for https.

I have a request in with Google to re-review the site and hopefully all the warning will go away at the latest in 72 hours.
Back to top
View user's profile Send private message
ardavenport (Anne Davenport)
Active Legion Member


Joined: 25 Oct 2004
Posts: 1497
Location: Florida, USA
Medals: 6 (View more...)
Silver Star (Amount: 1)

PostPosted: Mon Nov 04, 2019 11:58 pm    Post subject: Reply with quote

I just got the same thing here, so google hasn't changed anything yet. I'm using Microsoft Edge to post this.



_________________

Your focus determines who you are.
Back to top
View user's profile Send private message
ladysolo14 ()
Legion Membership Officer
Legion Membership Officer


Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
Gold Star (Amount: 1)

PostPosted: Tue Nov 05, 2019 4:10 am    Post subject: Reply with quote

ardavenport wrote:
I just got the same thing here, so google hasn't changed anything yet. I'm using Microsoft Edge to post this.




I haven't heard anything back from google yet. I submitted the review request again as well.
Back to top
View user's profile Send private message
Amelia (Emily Haas)
Detachment CO
Detachment CO


Joined: 29 Aug 2017
Posts: 483
Location: Cary, NC
Medals: None

PostPosted: Tue Nov 05, 2019 10:45 am    Post subject: Reply with quote

Quote:
I have taken down the DB94 site and quarantined the files. I'll reach out to the detachment leader as this happened due to the WordPress site not properly being updated with security updates.


I let our team member who handles the website know about this. Do you want me to have them coordinate directly with you to get the WordPress security updates in order?
_________________
Docking Bay Commanding Officer
Blue Ridge Base Membership Officer
Docking Bay 94 Costuming Membership Officer (2018-2019)
Back to top
View user's profile Send private message
ladysolo14 ()
Legion Membership Officer
Legion Membership Officer


Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
Gold Star (Amount: 1)

PostPosted: Tue Nov 05, 2019 4:20 pm    Post subject: Reply with quote

Amelia wrote:
Quote:
I have taken down the DB94 site and quarantined the files. I'll reach out to the detachment leader as this happened due to the WordPress site not properly being updated with security updates.


I let our team member who handles the website know about this. Do you want me to have them coordinate directly with you to get the WordPress security updates in order?


Yes but right now the site is completely quarantined on the servers and not accessible. It is highly infected and I'm not sure how salvageable. I would have concerns about injections into the database as well. We can have a conversation about what is recoverable but it might be best to start with a clean slate and see what data and content can be safely migrated to a new site.
Back to top
View user's profile Send private message
kman ()
Active Legion Member


Joined: 25 May 2016
Posts: 1207
Location: Tarzana, CA
Medals: 1 (View more...)
Rebel Legion Supporter (Amount: 1)

PostPosted: Tue Nov 05, 2019 8:58 pm    Post subject: Reply with quote

Ouch. I hope the db94 data can be salvaged! Are there any uninfected backups?
_________________
Back to top
View user's profile Send private message
Amelia (Emily Haas)
Detachment CO
Detachment CO


Joined: 29 Aug 2017
Posts: 483
Location: Cary, NC
Medals: None

PostPosted: Tue Nov 05, 2019 11:13 pm    Post subject: Reply with quote

Quote:
Yes but right now the site is completely quarantined on the servers and not accessible. It is highly infected and I'm not sure how salvageable. I would have concerns about injections into the database as well. We can have a conversation about what is recoverable but it might be best to start with a clean slate and see what data and content can be safely migrated to a new site.


That makes sense. We definitely don't want it to get worse or make it a problem for elsewhere in the Legion. I'm afraid I don't know much about the website operation/back-end, but I will pass this on to the person on the team who does.

Quote:
Ouch. I hope the db94 data can be salvaged! Are there any uninfected backups?

We have a lot of the raw data saved elsewhere.
_________________
Docking Bay Commanding Officer
Blue Ridge Base Membership Officer
Docking Bay 94 Costuming Membership Officer (2018-2019)
Back to top
View user's profile Send private message
G'nott sH'urr (David Campbell)
Base Membership Officer


Joined: 01 Dec 2008
Posts: 2550
Location: Snake Central, Louisiana
Medals: 1 (View more...)
2017 Dragon Con Medal (Amount: 1)

PostPosted: Thu Nov 07, 2019 12:52 pm    Post subject: Reply with quote

As of 630 central time this morning I had the same red pop up on my phone. This was using Google and Chrome. I was trying to gain access through the main Legion website.
_________________
Once I was Dewka, but now I'm just G'nott sH'urr

NCOIC, "GUNNY" Marine Detachment Barbarossa
David, Louisiana's first Visitor.
Back to top
View user's profile Send private message Send e-mail
ladysolo14 ()
Legion Membership Officer
Legion Membership Officer


Joined: 21 Jan 2016
Posts: 896
Location: Chicago
Medals: 1 (View more...)
Gold Star (Amount: 1)

PostPosted: Thu Nov 07, 2019 5:15 pm    Post subject: Reply with quote

Finally heard back from Google this morning and they removed the warnings on the site. Currently I am not getting them anymore and hopefully they go away from everyone in the next few hours.

The web team is having discussions on how to avoid this in the future. A lot of issues will be resolved as we shift into server migration. For now we think it will be putting quick bandaids in place as we feel the best use of time is to get onto a new server where security and technology is updated which will aid us in preventing things like this happening.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Rebel Legion Forum Index -> Rebel Legion Operations -> Legion Tech Support All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can post calendar events in this forum
The Rebel Legion is a worldwide Star Wars costuming organization comprised of and operated by Star Wars fans. While not sponsored by Lucasfilm Ltd., it is Lucasfilm's preferred volunteer Rebel costuming group. Star Wars, its characters, costumes, and all associated items are the intellectual property of Lucasfilm. © 2019 Lucasfilm Ltd. & ™ All rights reserved. Used under authorization.


Powered by phpBB © 2001, 2005 phpBB Group