MAKE MCMARKET SAFE AGAIN

[Will Greenberg]

So basically my good friend leontss1's account was hacked, so we planned to troll the hacker.. Which didn't go so well... So Basically I recorded it all etc.
From what it looks like, these hackers have been in many peoples accounts.. (including leontss1's business account) Anyways, I feel like you guys need to fix some stuff... A lot of stuff..


Video of it going down (may be processing still)

 

[buildblox]

It's definitely the case that admins can fuck up. However, unlike in most situations, they'd have to have actively fucked shit up for it to go wrong. On most sites and forum systems (enjin for sure) you have to actively secure it, or it'll go wrong.

Anyway, if the site had its entire password database leaked in plain text or even basic encryption, users could still be safe having 2FA enabled for any new IPs trying to log in. Unless they've been using a VPN service with a bunch of common IP's and the 'hackers' know which ones, you'd need to have access to their email or phone to get into the account.

so while the ultimate responsibility in such a case lies with the admins, the users have been given the tools to secure their account even in the face of such a failure, and they chose not to use them. THAT is THEIR choice, and therefore THEIR responsibility.

I'm not stating that users shouldn't do everything they can to protect their accounts (by all means, enable 2FA if you haven't already), I'm just stating that security errors within MC-Market's forum instance are certainly possible. What the OP is saying might not be on-point in regards to the actual issue, but it could be on to something.

 

[Mick]

Like others have said, without an actual suggestion on how to improve security to the site I'm not too sure what you're asking for. 2FA and strong passwords are strongly suggested and staff are forced to have it enabled.

If you have any solid ideas of what we could improve please create another suggestion or send me a PM if it is some sort of sensitive exploit that you've somehow found or something like that.

Denied, thanks for the suggestion.

Jep, My developer already searched for exploits on mc-market and he founds 3-5 exploits :| But no one is listening to it #NoOneCaresBecauseTheSiteIsRunning :/

Who's your developer? If you found a problem with the site a simple bug report will get it fixed, no clue why you're saying that no one cares.

Who says any of our custom developed addons aren't the same?

Our custom addons we get developed are done by the lovely Lyphiard and major ones are consistently double and triple checked through the system administrators to completely ensure that our addons are as bug and exploit-free as possible. Everything is always tested on a dev instance of the site first too, I'd say we're pretty safe