(2021-08-04, 08:55 PM)Omar G. Wrote: Which Newpoints plugins do you use ? Could you share all your Page Manager pages ?

I fixed the following in my OUGC Awards plugin : (should be fixed in 1.8.22)

But this would only be a treat if you don't trust your moderators, as they are the only ones that can assign a custom "reason" for awards.
I only use the standard currency for Newpoints. It doesn't have any other plugins in use on the Newpoints Plugins page.

(2021-08-04, 08:58 PM)Omar G. Wrote:
(2021-08-04, 08:34 PM)Moonface Wrote: Prior to the updates, Thread Description, Upcoming Events, and OUGC Awards were all outdated. I'm wondering if OUGC was the entry point, since it was the 1.8.3 version and the affected moderator account handed out a large number of awards to a singular user during the attack. Either that or the script wanted to be generous to a random user. Toungue

Could you share the DB rows for awards granted to that user? It might be possible this plugin is what caused the "backdoor".

But please note, for the moderator to exploit this the moderator account should had been compromised first or the moderator should have been untrustworthy from the beginning, no bug up to today found in the plugin would grant access to accounts in any way.

Well, my moderator is my wife so I can definitely attest she is trustworthy, plus she was not online when her account was compromised. Where can I find the DB rows exactly (I'm still not very tech savvy with looking inside databases), and would the ones they had prior to the attack suffice? I removed all the extra awards they were granted during the attack.

If it's of any help, this was the website linked back to during the attack:
Universal Gaming | Let's Explore Video Games, Together

Messages In This Thread - by Moonface - 2021-08-04, 12:29 PM
RE: - by Matt - 2021-08-04, 12:46 PM
RE: - by Moonface - 2021-08-04, 12:47 PM
RE: - by Matt - 2021-08-04, 12:49 PM
RE: - by Moonface - 2021-08-04, 01:08 PM
RE: - by Omar G. - 2021-08-04, 08:22 PM
RE: - by Moonface - 2021-08-04, 08:34 PM
RE: - by Omar G. - 2021-08-04, 08:55 PM
RE: - by Omar G. - 2021-08-04, 08:58 PM
RE: - by Moonface - 2021-08-04, 09:47 PM
RE: - by Omar G. - 2021-08-04, 11:18 PM
RE: - by Moonface - 2021-08-04, 11:40 PM
RE: - by Omar G. - 2021-08-05, 02:43 AM
RE: - by Moonface - 2021-08-05, 02:54 AM
RE: - by Dev0908 - 2021-08-05, 02:59 AM
RE: - by Lewis L - 2021-08-18, 08:22 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)