Site Update

Discussion in 'Announcements & News' started by Tris10, Nov 11, 2017.

  1. Tris10

    Tris10 Site Founder

    Joined:
    Jun 5, 2003
    Messages:
    25,096
    Dsicord:
    Tris10#6962
    Trophy Points:
    153
    Location:
    Toronto
    Ratings:
    +15,498 / 72 / -97
    This is a general update on what happened on the morning of Saturday Nov 11th.

    What happened

    LG was targeted for ransom-ware. Some orginization managed to get into lg's servers and encrpyt lg's database and demand a random to unluck it. We of course will not do this.

    What was taken
    It would be safe to presume that this person(s) would copy the database. We can not confirm if they download the files or just lock them.

    What info is at risk
    If person(s) took the db, they would have access to your email address. All LG passwords are hashed. If you do not know what this means, your lg password is converted to a 32 character word that can not be reversed. This means no copy of your lg password is ever stored on lg's server(s). If they have the hash, its very unlikely they could convert it back, but not impossible.

    LG never stored any personal or financial info. This means if you did any payments for buyouts or plat accounts, that is all handled by PayPal. Everything related to ESHL is uneffected.

    For all connected accounts like Xbox, Twitch, Twitter ect. LG never stored any login or password information for that, that was all handled by the OAUTH standard. LG can only retrieve info on connected accounts, never change. So your XBL account is not at risk.

    What is our response
    Since person(s) got into the servers, we assumed they must have installed a back door. So today we completely destroyed both our web and database server and rebuilt them from scratch. This is why we were down for the day.

    @ImJeff and i have a very good idea how this happened, and without detailing some of the steps we took, and will take, we are confidant this will not happen ever again

    What data is lost
    There are 2 sections to the database, the game and league data, and the forums data.

    We lost a weeks worth of game data, everything after Nov 4th is lost. This includes games, trades, stats. However, we will get the OCR working and since those work from XBL images, stats can be readded. As well at the API goes 5 games back and of course if there is a copy of any streams. We ask as of tomorrow all managers do their best to get week 4 stats update to date the best they can.

    For the forums and "everything" else data, we lost about 2 weeks worth. This includes any changes you did to your lg account.

    The pm system was a bit out of sync, so i completely flushed it so old pm's are gone.

    What can you do
    We would recommend you change your lg password, again your lg password was not saved on the server but the hash of it was. If you used your LG password for other accounts like XBOX or psn, to be safe i'd recommend changing that too

    What about League related questions
    It will be business as usual and games will start on Sunday November the 12th.
    The general rule of anything that happened before this event is set in stone. This includes all trades , bans or anything else.

    There is still a ton of things i will need to fix and i will be doing so all day today and Sunday. I will address all issues as they come up.

    Final Comments
    We do not think this event is related to any single member of LG, this looks like a standard random-ware attack where someone is looking for a quick buck of the backs of others. I hope there is a special place in hell for people who do stuff like this, But this is a lesson for us, and one we will take very seriously.

    If you have any questions or concerns please pm us and we'll address them the best we can.

    We apologise for any inconvenience this may cause our community.
     
    • Winner x 16
    • Like x 9
    • Informative x 5
    • Bad Spelling x 2
    • Troll x 1
    • Funny x 1
  2. LG McDonald

    LG McDonald Director of Hockey Operations

    Joined:
    Sep 30, 2013
    Messages:
    4,292
    Dsicord:
    LG McDonald#5572
    Trophy Points:
    183
    Location:
    Petawawa, ON
    Ratings:
    +9,437 / 49 / -368
    Thanks for your patients during the outage today.

    If you have any league related issues be sure to send a PM league’s BOG ASAP!

    If you uncover anything else on LG that appears to be broken be sure to send Tris and I a PM or post in here and tag us
     
    Offline
    Lg_commissioner
  3. Th3 l AnD 0n1y

    Th3 l AnD 0n1y The Lord

    Joined:
    Apr 21, 2013
    Messages:
    409
    Trophy Points:
    523
    Ratings:
    +1,210 / 57 / -27
    Should of just took all the money you get from the r e t a r d s that buy out there CB ban out and bought this site back.
     
    Last edited: Nov 11, 2017
    • Funny Funny x 2
    • Like Like x 1
    • Winner Winner x 1
    Playing Fortnite Battle Royale - 37 Alive
    Offline
    th3_1_and_0n1y
  4. TVK

    TVK Gluten free since '93

    Joined:
    Dec 27, 2013
    Messages:
    61
    Trophy Points:
    133
    Location:
    California
    Ratings:
    +177 / 3 / -9
    No Streaming Account
  5. LG McDonald

    LG McDonald Director of Hockey Operations

    Joined:
    Sep 30, 2013
    Messages:
    4,292
    Dsicord:
    LG McDonald#5572
    Trophy Points:
    183
    Location:
    Petawawa, ON
    Ratings:
    +9,437 / 49 / -368
    As Tris stated. All trades, bans etc that were undone need to be redone.

    Everything should be returned to how it was last night!
     
    Offline
    Lg_commissioner
  6. LG McDonald

    LG McDonald Director of Hockey Operations

    Joined:
    Sep 30, 2013
    Messages:
    4,292
    Dsicord:
    LG McDonald#5572
    Trophy Points:
    183
    Location:
    Petawawa, ON
    Ratings:
    +9,437 / 49 / -368
    As Tris stated. All trades, bans etc that were undone need to be redone.

    Everything should be returned to how it was last night!
     
    Offline
    Lg_commissioner
  7. NealRambo33

    NealRambo33 Well-Known Member

    Joined:
    Oct 17, 2015
    Messages:
    176
    Trophy Points:
    98
    Location:
    Pittsburgh
    Ratings:
    +135 / 77 / -42
    So basically i have to manually input all my games stats from the last two weeks in order to get our current record to what it was and stats?
     
    No Streaming Account
  8. AnotherMaple393

    AnotherMaple393 Well-Known Member

    Joined:
    Feb 16, 2016
    Messages:
    316
    Trophy Points:
    63
    Location:
    Boston
    Ratings:
    +338 / 92 / -129
    Week 3's stats are there but aren't registering for some reason. @Tris10
     
    Offline
    xXxGonzoArmstrongxXx
  9. NealRambo33

    NealRambo33 Well-Known Member

    Joined:
    Oct 17, 2015
    Messages:
    176
    Trophy Points:
    98
    Location:
    Pittsburgh
    Ratings:
    +135 / 77 / -42
    so my understanding is we have to use ocr tomorrow in order to get our week 3 to current week
     
    No Streaming Account
  10. Tris10

    Tris10 Site Founder

    Joined:
    Jun 5, 2003
    Messages:
    25,096
    Dsicord:
    Tris10#6962
    Trophy Points:
    153
    Location:
    Toronto
    Ratings:
    +15,498 / 72 / -97
    Ya i just gotta rebuild the team stats so all week 3 is in there, or next time you save stats for your team, it will find them
     
  11. JEEEEEEBS

    JEEEEEEBS VHL REFUGEE

    Joined:
    Dec 2, 2013
    Messages:
    136
    Trophy Points:
    63
    Location:
    Toronto
    Ratings:
    +217 / 9 / -7
    Sorry to hear Tris. This has happened to a few staging databases we had at work that didn't have proper authentication on. Luckily it was only testing data we had on staging.

    Some takeaways from this though
    - People should actually be informed that their passwords CAN be exposed here. Hashes are not irreversable, they are as only as strong as the password was. For example, if a users password was "catfood" it could be cracked very simply. Most of these DB ransomwares will attempt basic bruteforce attempts like this. If someone used the same password here which they do for their email for example, that could be a problem.
    - LG wasn't targetted per say, DB ransomware are fully automated on mass scale, and only attack low hanging fruit like, databases with default passwords/no passwords, unpatched systems etc. A targetted attack would be much more dangerous, as then it becomes more likely it will happen again and that they'll definitely try and bruteforce the passwords in the database.

    God dman Russians.
     
    Offline
    JEEEEEEBS
  12. TheMcKapy

    TheMcKapy Well-Known Member

    Joined:
    Nov 24, 2013
    Messages:
    92
    Trophy Points:
    68
    Ratings:
    +70 / 2 / -6
    Hopefully this teaches you that daily, along with weekly, backups are a necessity for a site this big.
     
    • Funny Funny x 1
  13. BBuster20

    BBuster20 New Member

    Joined:
    Jul 26, 2017
    Messages:
    2
    Trophy Points:
    1
    Location:
    Toronto, Ontario
    Ratings:
    +0 / 0 / -0
    Are transactions still being processed? I still show as a free agent when I should be on Winterhawks, stats are missing too

    No rush if you guys are still working on things, just saw a bunch of people with their teams assigned so thought I would post just to make sure
     
    No Streaming Account
  14. PlayboiPryme

    PlayboiPryme Well-Known Member

    Joined:
    Mar 7, 2013
    Messages:
    615
    Trophy Points:
    253
    Ratings:
    +1,647 / 22 / -55
    reset
     
    • Like Like x 2
    Offline
    InternetHockey
  15. G lR ii M x

    G lR ii M x Warning Group

    Joined:
    Jul 28, 2013
    Messages:
    207
    Trophy Points:
    883
    Ratings:
    +433 / 11 / -18
    Thats what you get for banning Sitful. Get'm Sit!
     
    • Funny Funny x 1
    No Streaming Account
  16. CurbStomp696969

    CurbStomp696969 Well-Known Member

    Joined:
    May 6, 2012
    Messages:
    741
    Trophy Points:
    354
    Ratings:
    +2,360 / 53 / -81
    There’s no Russian Dman that’s a God. Let me tell ya.
     
    Offline
    McDonutVision