Skip to main content

User login

What is OpenID?
  • Log in using OpenID
  • Cancel OpenID login
  • Create new account
  • Request new password
Register
  • Home
  • Browse
    • 2D Art
    • 3D Art
    • Concept Art
    • Textures
    • Music
    • Sound Effects
    • Documents
    • Featured Tutorials
  • Submit Art
  • Collect
    • My Collections
    • Art Collections
  • Forums
  • FAQ
  • Leaderboards
    • All Time
      • Total Points
      • Comments
      • Favorites (All)
      • Favorites (2D)
      • Favorites (3D)
      • Favorites (Concept Art)
      • Favorites (Music)
      • Favorites (Sound)
      • Favorites (Textures)
    • Weekly
      • Total Points
      • Comments
      • Favorites (All)
      • Favorites (2D)
      • Favorites (3D)
      • Favorites (Concept Art)
      • Favorites (Music)
      • Favorites (Sound)
      • Favorites (Textures)
  • ❤ Donate

Site compromised

bart
Tuesday, November 17, 2015 - 16:07
bart's picture

Hi.  I got word an hour or two ago that the site was sending out phishing emails to OGA user accounts.  If you have recently received a sketchy, poorly-spelled email that starts with "Your Acount is disabled for the purposes of security", you can safely assume that your account was not, in fact, disabled for the purposes of security, and under no circumstances should you provide anyone with any of your passwords, particularly information pertaining to your "Peypal" account, as the email calls it.

I have currently disabled the mail server on OGA until I can assess the extent of the hack.  Since they managed to get a complete list of account emails, it's safe to assume that they also grabbed (hashed) passwords, so you should consider your OGA password compromised and change it wherever you're using it, particularly if you're using it with the email address that you used to sign up to OGA.  Until I've determined the source of the intrusion, it's probably best to hold off on changing your OGA password.

I'll post another blog entry as soon as I know more.

Update:  As of 12 hours later, the malware scan I'm running on the server is about half done.  I'll post an update when it's finished.

  • bart's blog
  • Log in or register to post comments

Comments

Jattenalle
joined 13 years 11 months ago
Tuesday, November 17, 2015 - 16:17
Jattenalle's picture

The mail has been non-functional for quite a while by the way (Weeks/Months+). New users never get their verification emails, and as such can't complete registration.

Ever since the server move.

  • Log in or register to post comments
bart
joined 13 years 10 months ago
Tuesday, November 17, 2015 - 16:24
bart's picture

Email is still being sent just fine.  We were on a couple of spam blacklists, and I contested it and had us taken off.

 

  • Log in or register to post comments
Deevad
joined 13 years 3 months ago
Tuesday, November 17, 2015 - 22:45
Deevad's picture

Thank you Bart for quickly posting this blog entry ; I just received the email, and I came to the website to try to get more infos.

  • Log in or register to post comments
BadLuckBurt
joined 10 years 8 months ago
Wednesday, November 18, 2015 - 00:05

Glad to see you already know about it. I found the mail in my spambox but the plethora of spelling and grammar errors was a dead give-away. Hope you can get this resolved soon.

  • Log in or register to post comments
WolfMountainGames
joined 9 years 9 months ago
Wednesday, November 18, 2015 - 10:06
WolfMountainGames's picture

I got the email as well in the spam thank you for posting this so that we can know that it is fake :)

 

this is the email I got:

 

Be careful with this message. Our systems couldn't verify that this message was really sent by gmail.com. You might want to avoid clicking links or replying with personal information.  Learn more    > Message-Id: <privateidnumber@opengameart.org> Date: Tue, 17 Nov 2015 12:40:26 -0800 (PST)

Your Acount is disabled for the purposes of security

Dear Customer., While the audit team is reviewing your Acount,

they discovery strange activity or deceptive or fraudulent and based upon,

The team disable access to your Acount until your review for this strange activity and respond to it

What is the problem in detail?

1. You have more than one Peypal with a negative balance; or

2. You provided information that we believe was false, inaccurate, or misleading; or

3. You sent or received money that was potentially related to fraudulent activity; or

4. You are in violation of the User Agreement, the Commercial Entity

Agreement, the Acceptable Use Policy, or another agreement you have with us.

What is the solution?

To resolve this issue, you must log on to the site of the page devoted to verify

which is attached at the bottom of linked

and write your lnformation in a full

Log-In

Thank you for give us your time

Apologize for any annoying

Kind regards

   17/11/2015 03:40:26

  • Log in or register to post comments
MoikMellah
joined 14 years 3 weeks ago
Wednesday, November 18, 2015 - 10:35
MoikMellah's picture

Might want to check up on this suspicious comment, too:

http://opengameart.org/comment/39938#comment-39938

I brought it up on IRC back in August when it was fresh, but it must've slipped the admins' notice.

  • Log in or register to post comments
bart
joined 13 years 10 months ago
Wednesday, November 18, 2015 - 11:05
bart's picture

That was actually me.  I was verifying to someone I was talking to on the internet that I was who I said I was.  :)

Anyway, I deleted it, since it's served its purpose.

  • Log in or register to post comments
Syrsly
joined 12 years 6 months ago
Wednesday, November 18, 2015 - 15:34
Syrsly's picture

How was the site's database compromised, anyway?  Silly server setup from the sounds of it.

  • Log in or register to post comments
WolfMountainGames
joined 9 years 9 months ago
Thursday, November 19, 2015 - 12:10
WolfMountainGames's picture

Has the server finished the scan? 

  • Log in or register to post comments
withthelove
joined 11 years 3 months ago
Thursday, November 19, 2015 - 12:19
withthelove's picture

Any updates?

as a random data point, in case it helps at all, I did not recieve one of these emails, although it's possible Google intercepted it on my behalf.

  • Log in or register to post comments
Reemax
joined 12 years 3 months ago
Thursday, November 19, 2015 - 20:38

I haven't received any of these emails either and I have checked the junk mail too.

  • Log in or register to post comments
Brain Nectar
joined 9 years 12 months ago
Friday, November 20, 2015 - 06:14
Brain Nectar's picture

I got one as well, and to be honest it scared the tar out of me, even though I knew I didn't do anythng wrong. So it is a scam?

  • Log in or register to post comments
MedicineStorm
joined 12 years 8 months ago
Friday, November 20, 2015 - 09:05
MedicineStorm's picture

Rather disappointed I didn't get an email. I have my own mail server; no intercepts. Do the scammers not feel I'm worthy of targeting? Feeling hurt.

Seriously though, thank you for handling this so professionally, bart.

  • Log in or register to post comments
DezrasDragons
joined 10 years 4 months ago
Friday, November 20, 2015 - 09:11
DezrasDragons's picture

I didn't see my message at first, but later found it in my spam folder.

  • Log in or register to post comments
greysondn
joined 10 years 3 months ago
Saturday, November 21, 2015 - 17:36

This is a shame.

Please do double back over your security and practices and strengthen them moving forwards. 

  • Log in or register to post comments
Jattenalle
joined 13 years 11 months ago
Sunday, November 22, 2015 - 13:27
Jattenalle's picture

Email is still being sent just fine.  We were on a couple of spam blacklists, and I contested it and had us taken off.

 

[2015-07-11 15:11:53] <redswar> hello, i have a problem with registration, i can't have the confirmation mail, what can i do (i will upload my first blender props for evaluation :))

[...]

[2015-07-14 08:42:04] <tony1420>  Hello, trying to register on the website but i get an error message about not able to send confirmation to my email

[...]

[2015-09-24 01:01:40] <abadidea> are there any site admins here? I tried to register an opengameart account and the email thing is broken.
[2015-09-24 02:22:39] <abetusk> "Unable to send e-mail. Contact the site administrator if the problem persists." <---- after trying to contact the site administrator of the problem :(

[...]

[2015-10-15 18:06:18] <AlexanPT> Anyone here? I registed on opengameart but didn't receive any verification email, tried to register again says username and email already in use so I try to login but it doesn't work
[2015-10-15 18:06:36] <Jattenalle> AlexanPT, checked your spam folders?
[2015-10-15 18:06:46] <AlexanPT> I have nothing on my spam folder :/
[2015-10-15 18:06:55] <Jattenalle> how long ago did you register?
[2015-10-15 18:07:02] <AlexanPT> Some days ago

[...]

[2015-10-18 18:03:45] <AlexanPT> Still haven't received an activation email. :(

[...]

[2015-11-17 17:34:49] <tipsy> looks like the mailserver is down
[2015-11-17 17:35:04] <tipsy> :^)
[2015-11-17 17:37:45] <Jattenalle> wait, it's still not fixed?

 

Like I said, it's been an issue for quite a while.

  • Log in or register to post comments
withthelove
joined 11 years 3 months ago
Monday, November 23, 2015 - 06:35
withthelove's picture

@bart:

Any update in this?

  • Log in or register to post comments
withthelove
joined 11 years 3 months ago
Monday, November 23, 2015 - 11:01
withthelove's picture

 

whoah, just got a ton of mails, going to guess the mail daemon is alive again?

:)

  • Log in or register to post comments
Chris_M_The_Gam...
joined 11 years 9 months ago
Saturday, January 16, 2016 - 09:00
Chris_M_The_Game_Dude.'s picture

I luckily never got this, I guess bart decided to put up extra security mesures on my account because he secretly watches me and im him favorite. yushhh.

  • Log in or register to post comments
caeles
joined 12 years 10 months ago
Thursday, March 17, 2016 - 12:03

I just received a second such email, so there seems to be another round. (I already got one in the first round.) The text seems to be identical, but I have long since deleted the first email, so I cannot be sure. So, is the site compromised again, or do the spammers still use adresses they harvested back then?

  • Log in or register to post comments
MoikMellah
joined 14 years 3 weeks ago
Wednesday, June 22, 2016 - 21:54
MoikMellah's picture

@Arianna: Best. Comment. Ever.

  • Log in or register to post comments