[New Users] Please note that all new users need to be approved before posting. This process can take up to 24 hours. Thank you for your patience.

Regarding Recent Forum Downtime

OneLetterOneLetter
Reactions: 6,370
Posts: 129
Member
edited December 2016 in Vault
Hello,

We wanted to provide an update regarding a situation that occurred regarding our forums recently.

The Issue:
As some observed during the morning of Dec 21st on MapleStory’s forums, content that had not actually been posted by a member of Nexon appeared under an employee’s name. We’ve removed some malicious HTML tags that allowed this to occur, and some users may have observed anomalies regarding the Private Message system.

From our investigation, those responsible for the exploit were not able to gather direct user details or passwords. However, we always recommend updating your passwords regularly, and not using the same password across multiple websites.

Our response:
Once able to determine the specific issue(s), we took all of our Nexon game forums offline to investigate and correct the issue. During that time, we put in some additional safeguards as well. We also rolled back the MapleStory forums to a period before the exploit began, so some posts from yesterday evening or overnight may have been removed.

We thank you for your patience and understanding during this downtime of the forums, and hope you continue to enjoy using them.
The Blue CorsairMaryseIts2Sharp4UNeospectorUzumeTwizzzlersMaplerOver9000MegaScienceringayeendeadend5193and 4 others.

Comments

  • The Blue CorsairThe Blue Corsair
    Reactions: 1,615
    Posts: 102
    Member
    edited December 2016
    Glad to hear that the issues were resolved and all other anomalies were handled.

    Through other channels, other member's private conversations were accessible besides those in the conversations, and in some cases edited. Was this also resolved during the maintenance? I want to ensure our private conversations remain.. well.. private.

    Edit: The exploiters posted an explanation of how they were able to exploit the Nexon Forums and the method they used, which relates very loosely to the explanation and issues aforementioned. They luckily stated that no user details or passwords were compromised, however also recommended the changing of passwords if you feel inclined.

    Edit Edit: At least with my limited knowledge of the exploit, it appears it has in fact been resolved. Cheers!! :)

    Keep up the great work.
    @OneLetter
  • AaronHuskyAaronHusky
    Reactions: 1,495
    Posts: 74
    Member, Private Tester
    edited December 2016
    It's nice to hear nothing too serious happened because of the forum breach
  • TwizzzlersTwizzzlers
    Reactions: 2,025
    Posts: 142
    Member, Private Tester
    edited December 2016
    We have a problem. When I go to my browser in my laptop it won't let me get to the forums online. ? I'm using my phone.. Help please

    @oneletter
  • The Blue CorsairThe Blue Corsair
    Reactions: 1,615
    Posts: 102
    Member
    edited December 2016
    image

    We have a problem. When I go to my browser in my laptop it won't let me get to the forums online. ? I'm using my phone.. Help please

    @oneletter
    That's caused by DNS caching which is caused when they change the IP associated to the domain, I experienced the same issue. It'll automatically resolve itself in anywhere from right now to about eight hours. You can google a few ways to resolve it sooner though. It took me about forty minutes myself.
  • MaryseMaryse
    Reactions: 6,410
    Posts: 525
    Member
    edited December 2016
    Finally I can get my dose of forums before I go to bed.
  • TwizzzlersTwizzzlers
    Reactions: 2,025
    Posts: 142
    Member, Private Tester
    edited December 2016
    found out a solution thanks so much! @TheBlueCorsair
  • The Blue CorsairThe Blue Corsair
    Reactions: 1,615
    Posts: 102
    Member
    edited December 2016
    image

    found out a solution thanks so much! @TheBlueCorsair
    You're welcome! :)
    Twizzzlers
  • TubaTuba
    Reactions: 2,665
    Posts: 374
    Member
    edited December 2016
    Awww do we still get our 80x exp event for 13 mins that was going to happen this weekend? Lmao.
    DeathsLieringayeenFlameWizardBlancdeadend5193
  • StéphyStéphy
    Reactions: 1,440
    Posts: 69
    Member
    edited December 2016
    Glad to hear it is fixed.
    It was weird to have strangers inside the Pm-box and i hope this would never happen again. As it violate the privacy of us players.
  • PlasticHollyPlasticHolly
    Reactions: 2,140
    Posts: 125
    Member
    edited December 2016
    so my question, why did it take so long to take the site down, this was visible for hours and there's little excuse to not pull the plug on something that would alarm the players regarding their own security and in your own words cant even guarantee player information wasn't compromised .. so again why such a slow response, especially considering it was during regular business hours and you all were obviously in the office updating the game... this makes it pretty hard not to question your overall awareness of the issue and your professionalism regarding it
    ringayeen
  • ringayeenringayeen
    Reactions: 1,580
    Posts: 55
    Member
    edited December 2016
    image
    this is still happening @oneletter
    it's happening specifically on some posts in the forums, and this one was taken from the thread 'forum rollback compensation'
    here's the link: http://forums.maplestory.nexon.net/discussion/9215/forum-rollback-compensation#latest
    the embed for accidentally clicking on the large text takes you to a porn video, on both mobile and desktop forums
  • JerenSoonJerenSoon
    Reactions: 820
    Posts: 41
    Member
    edited December 2016
    That's what I hate when it comes to that (Rollback 2.0 again...)
  • KingStarfireKingStarfire
    Reactions: 1,785
    Posts: 293
    Member
    edited December 2016
    might not need to if they just go around deleting the post that have the links
  • AKradianAKradian
    Reactions: 37,765
    Posts: 5,602
    Volunteer Forum Moderator, Private Tester
    edited December 2016
    I don't care about rollbacks, but I do wish they'd plug the holes.
    Seems to me Nexon can't be trusted to operate a forum that allows users to use "simple html". We should go back to the nice closed bbcode of vBulletin.
  • KingStarfireKingStarfire
    Reactions: 1,785
    Posts: 293
    Member
    edited December 2016
    i wouldn't mind going back to the old forums actually
  • KingStarfireKingStarfire
    Reactions: 1,785
    Posts: 293
    Member
    edited December 2016
    no Mel, we could do with out you :P