Updates

November 24th, 2006

Announcement: Network Security Issues

Posted by Senior Staff @ 9:05 am (link)

This is a announcement update of security issues for the General category.

We are issuing a general announcement/warning to our visitors about a former staff and community member. Over the past few months, TFL has been dealing with several serious network security issues. A month ago, a member of the Senior Staff discovered that a staff member had broken into a Senior Staff board account, e-mail account, and AOL Instant Messenger account and was masquerading as this Senior Staffer for over four months.

During this time, this staff member had unauthorized access to sensitive network information including server/Cpanel and MySQL passwords. No damage was done to the Network, but we are sure you can see the severity of this situation. This breach left us feeling vulnerable and suspicious which is something that no one should feel in a tightly knit community such as ours.

We removed the person responsible from staff and re-secured the network, however this person tried to circumvent our actions by creating new board accounts and online identities in order to gain access our trust and regain a position on staff.

Further investigation revealed some rather upsetting facts: The person responsible for these security breaches and continued attempts to gain access to our network was an alias for a former staff member who left TFL amidst a very bad situation a year earlier.

With this new information, we gave this person a final warning: Any future attempts to gain access to the Network would result in the Senior Staff banning her.

On Wednesday November 22nd, we discovered newly created board accounts (and new aliases) from this ex-staff member and something even more concerning — the former staffer had approached other board members to ask them to apply for staff and then allow her to staff ‘for them’ (using the board members’ identities for herself).

This was in direct violation to our final warning and as such we have banned this former staffer from the board and from applying for future fanlistings at the network.

The former staffer is Kim H of http://www.evendim.org/. She also was on staff as Ella of http://www.peloria.net and has attempted to start identities as Adie, Adele, and Aella. We have evidence linking all of these identities to the one person, and Kim H/Ella herself has admitted that all of these identities are hers, and all were used in attempts to gain access to the TFL Staff.

As a general rule, we do not air our “dirty laundry” for all to see. We don’t like publicly humiliating people, and often there is no need for the general public to know of problems the Network has with security, fanlisting owners, or our staffers. In this case we feel we have been left with little option but to make this known to the public as Kim H has approached members of our community and asked them to aid her in her attempts to gain access.

We would like all visitors to know that under no circumstance should they ever share their passwords, account details or identities with another member of the community, nor should they apply to join the TFL staff on behalf of anyone else. It is a matter of your own security and network security that you turn down any such offers.

We understand that this is a severe punishment and some of you may feel suprised regarding this decision. We encourage anyone who has an issue with this decision to contact the senior staff either through the contact form or through our email – seniorstaff@thefanlistings.org. Please know that we would not have taken such a drastic measure without proof or unless we felt it were absolutely necessary.

TFL is a large network with over 40,000 currently listed fanlistings and thousands of daily visitors, many of whom play an active role in our community via the message board. Security breaches such as this affect not just the senior staff and general staff, but everyone. It is the job of the senior staff to ensure that the network is secure and remains that way, however every visitor does share some responsibility for their own accounts and passwords.

Please do not share your passwords, please make sure that they are secure (use varying numbers, symbols and varying caps) and hard to guess. Change them regularly. And please, if you are approached by anyone asking for your password information, or for unusual favors regarding the network, please contact the senior staff immediately.

The security of our network is paramount.




Support Us

TFL relies on donations and advertising to keep running. There are several ways you can help! Make a donation and get access to the TFL donators package, buy something from the TFL Store or visit our advertisers. We also have a banner rotation for fanlistings and fansites. Every bit helps! More information can be found on the Support page.


Did You Know?

Did you know we have a Links Centre? Users are able submit sites to be listed here. It has a range of helpful resources that are useful for fanlisting owners, as well as links to other fanlisting Networks!