User:Pinsplash/How to deal with hackers

From Valve Developer Community
< User:Pinsplash
Revision as of 08:53, 11 July 2018 by Pinsplash (talk | contribs) (Created page with "==When to get cautious== *Strange edit logs or combinations of characters such as ''<nowiki>#%3Cscript%3Ealert(1)%3C/script%3E|</nowiki>''. *Anything with "XSS" in it (short...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

When to get cautious

  • Strange edit logs or combinations of characters such as [[#%3Cscript%3Ealert(1)%3C/script%3E|.
  • Anything with "XSS" in it (short for cross-site scripting).
  • A lot of HTML tags, especially <img> and <script> tags (both are normally blocked from directly being put in a page by the MediaWiki software).
  • A url to an image file on a domain you don't recognize.

Most of these edits will be from new accounts that have never edited a page before.

Do

  • Confront the person making the edits. Ask them what their intent is. This website is in the scope of Valve's HackerOne initiative. That means they may not have any malicious intent and will actually be reporting any issues to Valve.
  • Keep blanking/fixing any edits they make until they talk to you.
  • Alert someone else if you're unsure of the threat level.
Tip.pngTip:If the person communicates with us and says they're from HackerOne, ask for their HackerOne profile. If you think they're safe, make sure that any other potential wiki viewers know that there's no actual threat.

Sometimes people will disappear for a while (or possibly forever). If they don't respond quickly, keep tabs on Special:RecentChanges for a few hours.

Do NOT

  • Panic until there's been a confirmed threat.
  • Directly view their edits, just in case they may have found an actual bug and are trying to do harm.
    • If you want to see if their edits cause anything to happen, you should do this on a disposable machine of some kind or be prepared for who-knows-what.

To edit a page without viewing the content inside it:

  1. Make sure you have "Show preview on first edit" unchecked on your Preferences page.
  2. Paste https://developer.valvesoftware.com/w/index.php?action=edit&title= in your browser address bar and put the name of the page at the end.

When to contact Valve

  • Strange HTML/popup messages appearing.
  • A page attempts to download something to your computer.
Tip.pngTip:Send an email to security@valvesoftware.com. They will probably respond once the issue has been fixed.
Retrieved from "https://developer.valvesoftware.com/w/index.php?title=User:Pinsplash/How_to_deal_with_hackers&oldid=214924"