User:Pinsplash/How to deal with hackers

From Valve Developer Community
Jump to: navigation, search

What to look out for

  • Strange edit logs or combinations of characters (something like [[#%3Cscript%3Ealert(1)%3C/script%3E|).
  • Anything with "XSS" in it (short for cross-site scripting).
  • A lot of HTML tags, especially <img> and <script> tags (both are normally blocked from directly being put in a page by the MediaWiki software).
  • A url to an image file on a domain you don't recognize.

Most of these edits will be from new accounts that have never edited a page before.

Do

  • Confront the person making the edits. Ask them what their intent is. This website is in the scope of Valve's HackerOne program. That means they may not have any malicious intent and will actually be reporting any issues to Valve.
  • Keep blanking/fixing any edits they make until they talk to you.
  • Alert someone else if you're unsure of the threat level.
Tip:If the person communicates with us and says they're from HackerOne, ask for their HackerOne profile. If you think they're safe, mark the person as FRIENDLY with Template:Hacker so that any other potential wiki viewers know that there's no actual threat.

Sometimes people will disappear for a while (or possibly forever). If they don't respond quickly, keep tabs on Special:RecentChanges for a few hours.

Do NOT

  • Directly view their edits, just in case they may have found an actual bug and are trying to do harm.
    • If you want to see if their edits cause anything to happen, you should do this on a disposable machine of some kind or be prepared for who-knows-what.

To edit a page without viewing the content inside it:

  1. Make sure you have "Show preview on first edit" unchecked on your Preferences page.
  2. Paste https://developer.valvesoftware.com/w/index.php?action=edit&title= in your browser address bar and put the name of the page at the end.

When to contact Valve

  • Any exploit is confirmed to be found, used maliciously or not.
  • Strange HTML/popup messages appearing.
  • A page attempts to download something to your computer.
  • Your antivirus software says the website contains anything risky.
  • Remember: HTML/JS code that is directly visible in text form on a page is not running.

In case any of these happen:

  1. Contact Valve at security@valvesoftware.com.
  2. Alert others that there is a legitimate threat to the website's security. More people visit this wiki than you may think.
  3. Check your system for malware!

Valve will probably respond once the issue has been fixed.