Just a quick, and unfortunate, note to everyone. A file was uploaded to the DK Mod Index this weekend that is questionable. I'm not really sure whether it was supposed to be legitimate mod to help admins, or whether it was intended to gain access to my server. But it's possible that someone gained access to my MySQL database.
Note that every password on my server is stored as either an MD5 or SHA1 hash, so no plaintext passwords should have been compromised. However, it may be a good idea for you to change your passwords on any other sites where you use the same one as here.
Again, I hope this was only intended to be a legitimate helper tool. But one can't be too careful. I sincerely apologize for the problem, and I am taking steps to prevent it from happening again. Note that the DK Mod Index will be closed temporarily while I work out the new security measures.
Thanks for your understanding.
UPDATE: After looking at the file some more with Gary, as well as going through server logs to attempt to trace the file, I have come to the conclusion that it was probably harmless. It was only on the server for a few hours, and I haven't found any attempts to use it in a destructive manner. So it's probably not a big deal. Even still, I've deleted the file and will be making changes to the Mod Index to prevent non-Zipped files from being uploaded in the future. Thanks for the patience.
---Jamin
Edited by Jamin (07/16/05 01:28 PM)
_________________________
Diablo 3 Lead Designer Jay Wilson:
“The development of a Blizzard game is sometimes a long affair. This is how long it took us to be ready.”
| 
