Serious Security Threat Detected on your Website

[The92Ghost 18]

I was going through my antivirus reports and it seems that my Antivirus blocked twice your website at my login since it was sending unencrypted password once written down. This is serious breach of security and privacy, especially for the EU Region. Please secure your website better and code it so that it can accept the encrypted password and not turning it into unecrypted password.

Edited February 27 by The92Ghost

[Robi 833]

Do not visit the 3dx forum if you think ist not secure ..or use an  other antivirus software!!!

[The92Ghost 18]

I am using number 1 Antivirus in the world, I highly doubt that the issue is with my antivirus program, I can assure you of that.

[Xizl 1,897]

Are you talking about forum or game's website? 

[StellaXOXO 81]

3dxchat.com domain defaults to http http://3dxchat.com/

Just use https instead: https://3dxchat.com/

Yes, it is security issue but fairly easy to fix.

[AlexaDarkness 64]

Hey The92Ghost 

 

it looks like you are using Bitdefender ... you just need to configure your Anti-Virus... and White List the forum...

[Leeloo 4,605]

Be carefull, a hacker is in game. He hacked my account to use my avatar to have sex with men. His last known name in game is DarkReflection

[Leathium 1,416]

4 minutes ago, Leeloo said:

Be carefull, a hacker is in game. He hacked my account to use my avatar to have sex with men. His last known name in game is DarkReflection

Hmm.. are you serious? or trolling? because that was funny, feeling like the problem wasn't the hacker or your account from your comment, but mostly "HE HAD SEX WITH MEN!".

[☙𝔼𝕩❧ 4,032]

11 hours ago, Ross the RoberT said:

iver gotten those warnings for years, its a false positive

You`ve got serious mental illness warnings for years, rob. There is no false. Take a help.

Edited March 9 by ☙𝔼𝕩❧

[Mulan 187]

The 3DX forum is HTTPS, 3DX Chat is not HTTPS. All websites and anything that connects to a server these days should use HTTPS as a minimum. Also, another thing that is not great is that when you forget your password on 3DX, they will email you your forgotten password in plain text, leading me to believe that passwords are not encrypted properly. Ideally, you would be sent a unique link to then reset your password. While there should be no personal information linked to your 3DX account, it would still allow a bad actor to use the account that you are paying for as well as impersonating you. Services like Pandora and hacked DLLs would have been a lot less likely had security been taken more seriously from the start.

In general, I recommend using the HTTPS Everywhere browser extension. It is available for most popular browsers like Chrome and Firefox. Browsers such as Brave has HTTPS Everywhere built-in.

[☙𝔼𝕩❧ 4,032]

1 hour ago, Ross the RoberT said:

sounds like your software has a virus, take a help doesn't make sense but since im here...…..

omg lol what did I say?

[Mar Mohan 713]

10 hours ago, MistyMu said:

The 3DX forum is HTTPS, 3DX Chat is not HTTPS. All websites and anything that connects to a server these days should use HTTPS as a minimum. Also, another thing that is not great is that when you forget your password on 3DX, they will email you your forgotten password in plain text, leading me to believe that passwords are not encrypted properly. Ideally, you would be sent a unique link to then reset your password. While there should be no personal information linked to your 3DX account, it would still allow a bad actor to use the account that you are paying for as well as impersonating you. Services like Pandora and hacked DLLs would have been a lot less likely had security been taken more seriously from the start.

In general, I recommend using the HTTPS Everywhere browser extension. It is available for most popular browsers like Chrome and Firefox. Browsers such as Brave has HTTPS Everywhere built-in.

I've had other online places send a password in plain text and I've yet to have an issue with it because I change the password.  That's the simple solution for that problem  Allow this game as an exception in your virus software and it will only allow what should be allowed.  As long as I've played and countless other, none of them have had an issue with their account.  Use common sense when online as you would anything.

[panCDCA 1,018]

I'm getting this as well and never have before. Every time I get an update for some reason, I have to re download the game. Never an issue with that, except today. I went to download and it says it didn't pass security requirements. Nothing new, no new AV... soooo.... I'll keep trying.

[panCDCA 1,018]

11 minutes ago, Ross The TboR said:

going a tad overboard with this...

1- credit card info isn't stored on 3dx servers

2- whats the worst that can happen, someone hack your game and pretend fuck your pretend girlfriend?

3- if they get into your forum account, what can they do, post naked memes, oh nooo. 

no but I did get through after 2 hours on my desktop and just copied everything to my thumbdrive that I have the rooms stored on (found out the hard way if you keep the rooms with the game and don't back them up you will lose them if you ever have to erase the game and reload it. So hoping I can transfer from my thumbdrive to my laptop.

[SusanLouisa 10,140]

I've also received an unsafe message.  As of right now if they hack your/my account they can cause some serious social mayhem and get you ignored by many.  Hopefully those who know you well will recognize the unusual behavior and know something is not right.  They can delete the pictures stored in your gallery and change your profile to the point where if it is reported enough will earn you a permanent ban.  They can use all your coin to change names of your avi, create new avis,  get married etc.  It is not just having sex with pixels as Rob states.  

As a side note, if as has been suggested, we were able to transfer coin the hacker could do that too.  They'd be able to rid you of every coin in your account.

[☙𝔼𝕩❧ 4,032]

Hackers, coins and transfer are controversial question. Most of developers in the world solved this.

[Xizl 1,897]

I don't care too much about coins, but getting my profile and reputation ruined, maybe even leading it to ban of my account because of things my avi would say under control of a hacker sounds really bad.

[Xizl 1,897]

1 hour ago, Ross The TboR said:

your on a sex game under an assumed name, you have no reputation

I don't mean my rl reputation, obviously. But over more than a year of playing this game some people from there took their place in my heart and this game become important for me. But I doubt you really looking to talk about it Rob, you obviously just trying to attack and troll people again, so I why I even bother answering, really.

[☙𝔼𝕩❧ 4,032]

3 hours ago, Ross The TboR said:

your on a sex game under an assumed name, you have no reputation

as well as you. but you have reputation. bad reputation. nullify yourself.

[The92Ghost 18]

I have to agree with the above comments and concerns. Putting aside that Rob guy, who doesn't understand the meaning behind online reputation, friends and connections. I think this is serious and that the developers must take serious look into this and advance to better security.

One of the fast solutions would be to put 2FA security. 

As far for the others who think that this is not serious, as a Developer and as a coder, I can assure that this is very serious. I am sure that most of you don't understand how security protocols work, or how breachable the data can be if your password is unencrypted. Anyone, who might have access to your computer can catch this data and use it on another websites. Thank god, I am not using common password here. But for others who might be using their usual password or anything among those lines, well this is really serious. 

I wouldn't raise the matter if it wasn't important. So I do request the Developers to take it under serious consideration. Or it will be repeat of the DDoS attacks all over again. When something is not secured well, it will only lead to problems and hackers will be aiming for that. I do recommend hiring Cyber Security specialist and developer for fixes. So you can secure your game and your forums from Hackers to the best point possible. 

Edited May 19 by The92Ghost

[panCDCA 1,018]

 

6 hours ago, <TALON QUEEN> <DREAMFALL> said:

you can't expect 99% of these inept primitives to understand you. as most of these kids come from imvu and second life....lmao need i say more 

Ahhhh such an elitist attitude. It must be hard living in a world that is so inferior to you, having to take time to demean and attempt to devalue everyone but those you feel on your level but not quite your equal.

[Charlie Masterson 87]

4 minutes ago, panCDCA said:

 

Ahhhh such an elitist attitude. It must be hard living in a world that is so inferior to you, having to take time to demean and attempt to devalue everyone but those you feel on your level but not quite your equal.

What else would you expect from someone with delusions of grandeur, the one who was banned for... "no reason"? 😄 There's always one, they come and go. It never changes, it's history repeating itself over and over again.

[Leeloo 4,605]

I don't know if it's normal or not, but since the hacking attack, each time i load the forum page, something is checking my browser. Is anyone else have that ?

[panCDCA 1,018]

2 hours ago, Leeloo said:

I don't know if it's normal or not, but since the hacking attack, each time i load the forum page, something is checking my browser. Is anyone else have that ?

I am too. 

[Ammini 175]

7 hours ago, Leeloo said:

I don't know if it's normal or not, but since the hacking attack, each time i load the forum page, something is checking my browser. Is anyone else have that ?

It is normal and bears no threat to the users. Currently 3DX sites (both forum and main site) use CloudFlare protection system and this system is used to prevent or reduce the potential threat of new DDOS attack. This is done in automatic mode with every visitor who comes here.