About the Security Issues

[Vipeax 318]

The attacker had FTP access? So he had access to the PHP files containing the algorithm that generates the salt? If that is the case then the passwords are at risk. Is this not the case?

There are a lot of FTP logins, the one with the file is far away from the webserver.

[ghost_kage 5]

I guess I'm a little bit confused as to what happened. Did the security breach affect the servers for the game, or only the forum? :huh:

[blergh (DayZ) 14]

As an update to this, i could add that i run clamav on all my mirrors, and all the current files are clean.

/usr/share/nginx/html/dayz_code_v1.7.0.rar: OK

/usr/share/nginx/html/dayz_sfx_v1.1.2.rar: OK

/usr/share/nginx/html/dayz_weapons_v1.1.2.rar: OK

/usr/share/nginx/html/dayz_equip_v1.2.5.rar: OK

/usr/share/nginx/html/dayz_vehicles_v0.1.rar: OK

/usr/share/nginx/html/dayz_v1.2.6.rar: OK

/usr/share/nginx/html/index.html: OK

/usr/share/nginx/html/dayz_anim_v0.1.rar: OK

/usr/share/nginx/html/favicon.ico: OK

/usr/share/nginx/html/DayZ_Changelog.txt: OK

/usr/share/nginx/html/DayZ-1.6.0.1.torrent: OK

/usr/share/nginx/html/md5checksums.txt: OK

----------- SCAN SUMMARY -----------

Known viruses: 1256233

Engine version: 0.97.3

Scanned directories: 1

Scanned files: 12

Infected files: 0

Data scanned: 47.91 MB

Data read: 107.84 MB (ratio 0.44:1)

Time: 7.721 sec (0 m 7 s)

Should there be any alert, I'd be getting an email about it and the files would be deleted.

[gerhalt85 0]

Im playing on uk 12. And now it says bad cd key? what is that. something to do with the server or is it a security breach?

[xls.akm@gmail.com 0]

Just noticed something wierd going on in my game that I think may be related to security issues.

Was playing just playing normaly when arma 2 suddenly minimized to the dekstop. So I went back into the game, a minute later I checked my map and it was then full of marks, some of them had text attached to them. Now the scary thing is that one of the mentioned my real life name in my native language (swedish). Translated to english it said "run MYNAME", now I haven't mentioned my real life name anywhere related to DayZ so this is really scary.

Any idea whats going on?

[fackstah 31]

Just noticed something wierd going on in my game that I think may be related to security issues.

Was playing just playing normaly when arma 2 suddenly minimized to the dekstop. So I went back into the game' date=' a minute later I checked my map and it was then full of marks, some of them had text attached to them. Now the scary thing is that one of the mentioned my real life name in my native language (swedish). Translated to english it said "run MYNAME", now I haven't mentioned my real life name anywhere related to DayZ so this is really scary.

Any idea whats going on?

[/quote']

the tommy knockers are coming for you

[bdizzle_8x 6]

Way to handle this punk kid. Post his ip, let us pros take care of the little wimp.

[Disgraced 1123]

Just noticed something wierd going on in my game that I think may be related to security issues.

Was playing just playing normaly when arma 2 suddenly minimized to the dekstop. So I went back into the game' date=' a minute later I checked my map and it was then full of marks, some of them had text attached to them. Now the scary thing is that one of the mentioned my real life name in my native language (swedish). Translated to english it said "run MYNAME", now I haven't mentioned my real life name anywhere related to DayZ so this is really scary.

Any idea whats going on?

[/quote']

No screenshot?

Did you use your name as the name for your Windows account on your computer?

[xls.akm@gmail.com 0]

No I didn't take any screenshots, I got really scared and closed it down quickly for a virus scan. I don't use my real name as an alias anywhere on the internet or on my computer.

Going to go back ingame and check if those marks are still there, in that case I'll post a screenshot.

[Disgraced 1123]

No I didn't take any screenshots' date=' I got really scared and closed it down quickly for a virus scan. I don't use my real name as an alias anywhere on the internet or on my computer.

Going to go back ingame and check if those marks are still there, in that case I'll post a screenshot.

[/quote']

If you screenshot it, don't forget to block out your name!

[bdizzle_8x 6]

prolly was one of your friends messing with you imo.

[xls.akm@gmail.com 0]

Allright, all marks exept one are gone, this one says the word "tank" instead though.

Link here:

http://postimage.org/image/hb0m3jky5/full/

Thats how it looked exept the map was full of them with lots of wierd text.

It can't be one of my friends because I don't know anyone that plays DayZ.

My best guess is that I've been hacked and someone is playing a game with me. I've done a quick virus scan and doing a full one right now, hasn't picked up anything yet though.

[bdizzle_8x 6]

is your name that unique that someone could of been talking to someone else?

---

Im not trying to hate it just seems too much of a coincidence more-so than someone hacking u to just put markers on the map.

[castun66 20]

Allright all marks exept one are gone' date=' this one says the word "tank" instead though.

Link here:

http://postimage.org/image/hb0m3jky5/full/

It can't be one of my friends because I don't know anyone that plays DayZ.

My best guess is that I've been hacked and someone is playing a game with me. I've done a quick virus scan and doing a full one right now, hasn't picked up anything yet though.

[/quote']

You can make map markers that others can see in game, just like in the vanilla game.

[xls.akm@gmail.com 0]

Allright I think I get it now, didn't know you could place map markes that would be vissible to everyone on the server, never seen that before.

But it makes sense now. Somone must have put it for a friend or something and by coincidence its was my name aswell, and in my native language. Really scary though, thought someone was out to get me for real.

Thanks for clearing it up guys, and sorry for the false alarm.

[vedicardi 7]

Thanks for clearing things up. Love Tonic, love Rokket, love DayZ. Keep it up, don't let any stupid media fuckers (kotaku) or anyone else get you down.

---

anyone on the map can see markers on certain servers, it has nothing to do with you specifically whatsoever.

[4L4N 276]

Regarding map markers - Is it something like if you have global or side channel selected and you make map markers then everyone on the server with a map will see the markers too ? ( assuming its enabled on that server)

If you have direct channel selected you can make map markers just for you ? unless ofc there is a guy within 80m (range of text in direct) of you.

[~Ren~ 0]

Fact: One of our Artist's PC's was hacked by a person known to him.

What was his motive and why did he target the artist?

I presume he knew he could gain easy access to his PC so I hope the security has been increased to stop this happening again.

Edit: Typo.

[fackstah 31]

i still say its the tommmy knockers!

[rocket 16567]

The project is going to continue doing what it was before, compartmentalizing.

Its a partnership between a small core of developers, the community, and commercial companies (such as host altitude and multiplay).

DayZ will not manage server setup at all, it is now completely community managed. We will have one or two auditors who will occasionally request temporary access to audit server configuration. All DayZ staff do is whitelist.

So even if DayZ is compromised this prevents this from happening.

Please also remember that I don't control the mirrors. My recommendation is that people use SixUpdater.

[~Ren~ 0]

Please also remember that I don't control the mirrors. My recommendation is that people use SixUpdater.

Can this be used with Steam? I've never used it before, hence the question.

[dale0404 16]

Yes it can be used with steam, it will scan your directory for the folder @Dayz. Then it will look in there and update all the files as necessary.

Simple way to put things but SU is really easy to use.

[~Ren~ 0]

Yes it can be used with steam' date=' it will scan your directory for the folder @Dayz. Then it will look in there and update all the files as necessary.

Simple way to put things but SU is really easy to use.

[/quote']

Thanks, downloaded and runs fine.

[castun66 20]

Regarding map markers - Is it something like if you have global or side channel selected and you make map markers then everyone on the server with a map will see the markers too ? ( assuming its enabled on that server)

If you have direct channel selected you can make map markers just for you ? unless ofc there is a guy within 80m (range of text in direct) of you.

Been a while since I've used map markers in Arma but yes I beleive that's how it works. If you place a map marker while on side channel chat everyone else can basically see them. Servers that have those chat channels disabled will not show up on other people's maps AFAIK. Also some servers have the waypoint markers disabled as well (shift+left click on map.)

[Eden (DayZ) 0]

The project is going to continue doing what it was before' date=' compartmentalizing.

Its a partnership between a small core of developers, the community, and commercial companies (such as host altitude and multiplay).

DayZ will not manage server setup at all, it is now completely community managed. We will have one or two auditors who will occasionally request temporary access to audit server configuration. All DayZ staff do is whitelist.

So even if DayZ is compromised this prevents this from happening.

Please also remember that I don't control the mirrors. My recommendation is that people use SixUpdater.

[/quote']

I said this before (before this incident) when I said the dayz team should never have had admin access to servers. I hope that these auditors are NEVER given admin access to servers, it should never be required.

if all they need to do is audit a configuration then they dont need admin or even write access. read only then blacklist the server if its broken untill server admins fix it.

That said, I hope security is taking high priority, and im glad to hear the situation has been fixed (i hope) id rather see updates stop while infrastructure is improved upon than trying to please the masses of people who dont seams to care what happens to there information.

One thing however. There should be something on the main website telling people to change there passwords. Regardless of what you think the attacker did/took or compromised you dont have magical powers that tell you he cant get a readable password from salted&hashed passwords. As much as you think this person cant get passwords, if he wants to he can.