User:Pinsplash/How to deal with hackers: Difference between revisions
Jump to navigation
Jump to search
Tip:If the person communicates with us and says they're from HackerOne, ask for their HackerOne profile. If you think they're safe, mark the person as FRIENDLY with Template:Hacker so that any other potential wiki viewers know that there's no actual threat.
(→Do NOT: expanded on the first point) |
(→What to look out for: im die) |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== | ==What to look out for== | ||
*Strange edit logs or combinations of characters | *Strange edit logs or combinations of characters (something like ''<nowiki>[[#%3Cscript%3Ealert(1)%3C/script%3E|</nowiki>''). | ||
*Anything with "XSS" in it (short for cross-site scripting). | *Anything with "XSS" in it (short for cross-site scripting). | ||
*A lot of HTML tags, especially <code><img></code> and <code><script></code> tags (both are normally blocked from directly being put in a page by the MediaWiki software). | *A lot of HTML tags, especially <code><img></code> and <code><script></code> tags (both are normally blocked from directly being put in a page by the MediaWiki software). | ||
| Line 7: | Line 7: | ||
===Do=== | ===Do=== | ||
*Confront the person making the edits. Ask them what their intent is. This website is in the scope of Valve's HackerOne | *Confront the person making the edits. Ask them what their intent is. This website is in the scope of Valve's [[HackerOne]] program. That means they may not have any malicious intent and will actually be reporting any issues to Valve. | ||
*Keep blanking/fixing any edits they make until they talk to you. | *Keep blanking/fixing any edits they make until they talk to you. | ||
*Alert someone else if you're unsure of the threat level. | *Alert someone else if you're unsure of the threat level. | ||
{{tip|If the person communicates with us and says they're from HackerOne, ask for their HackerOne profile. If you think they're safe, | {{tip|If the person communicates with us and says they're from HackerOne, ask for their HackerOne profile. If you think they're safe, mark the person as FRIENDLY with [[Template:Hacker]] so that any other potential wiki viewers know that there's no actual threat.}} | ||
Sometimes people will disappear for a while (or possibly forever). If they don't respond quickly, keep tabs on [[Special:RecentChanges]] for a few hours. | Sometimes people will disappear for a while (or possibly forever). If they don't respond quickly, keep tabs on [[Special:RecentChanges]] for a few hours. | ||
===Do NOT=== | ===Do NOT=== | ||
*Directly view their edits, just in case they may have found an actual bug and are trying to do harm. | *Directly view their edits, just in case they may have found an actual bug and are trying to do harm. | ||
**If you want to see if their edits cause anything to happen, you should do this on a disposable machine of some kind or be prepared for who-knows-what. | **If you want to see if their edits cause anything to happen, you should do this on a disposable machine of some kind or be prepared for who-knows-what. | ||
| Line 25: | Line 23: | ||
==When to contact Valve== | ==When to contact Valve== | ||
*''Any'' exploit is confirmed to be found, used maliciously or not. | |||
*Strange HTML/popup messages appearing. | *Strange HTML/popup messages appearing. | ||
*A page attempts to download something to your computer. | *A page attempts to download something to your computer. | ||
Latest revision as of 04:47, 11 August 2018
What to look out for
- Strange edit logs or combinations of characters (something like [[#%3Cscript%3Ealert(1)%3C/script%3E|).
- Anything with "XSS" in it (short for cross-site scripting).
- A lot of HTML tags, especially
<img>and<script>tags (both are normally blocked from directly being put in a page by the MediaWiki software). - A url to an image file on a domain you don't recognize.
Most of these edits will be from new accounts that have never edited a page before.
Do
- Confront the person making the edits. Ask them what their intent is. This website is in the scope of Valve's HackerOne program. That means they may not have any malicious intent and will actually be reporting any issues to Valve.
- Keep blanking/fixing any edits they make until they talk to you.
- Alert someone else if you're unsure of the threat level.
Tip:If the person communicates with us and says they're from HackerOne, ask for their HackerOne profile. If you think they're safe, mark the person as FRIENDLY with Template:Hacker so that any other potential wiki viewers know that there's no actual threat.Sometimes people will disappear for a while (or possibly forever). If they don't respond quickly, keep tabs on Special:RecentChanges for a few hours.
Do NOT
- Directly view their edits, just in case they may have found an actual bug and are trying to do harm.
- If you want to see if their edits cause anything to happen, you should do this on a disposable machine of some kind or be prepared for who-knows-what.
To edit a page without viewing the content inside it:
- Make sure you have "Show preview on first edit" unchecked on your Preferences page.
- Paste
https://developer.valvesoftware.com/w/index.php?action=edit&title=in your browser address bar and put the name of the page at the end.
When to contact Valve
- Any exploit is confirmed to be found, used maliciously or not.
- Strange HTML/popup messages appearing.
- A page attempts to download something to your computer.
- Your antivirus software says the website contains anything risky.
- Remember: HTML/JS code that is directly visible in text form on a page is not running.
In case any of these happen:
- Contact Valve at security@valvesoftware.com.
- Alert others that there is a legitimate threat to the website's security. More people visit this wiki than you may think.
- Check your system for malware!
Valve will probably respond once the issue has been fixed.