[FALSE ALARM] Figura Mod Compromised & Used as Botnet

1st Official Post
    • Official Post

    UPDATE: It was a hoax, please see this post for more information - RE: CRITICAL SECURITY ALERT: Figura Mod Compromised & Used as Botnet

    Within the last hour we have been made aware of a critical security issue with the figura mod that is being used both on TF and by a much wider Minecraft Modding community.

    We are now aware that due to the ability for a remote server to send LUA scripts to execute, a number of people have had their IP's sent to an unauthorised party without their consent, and the figura team have set things up so users of figura can be used as a botnet, potentially resulting in criminal charges for anyone that is implicated in the bot net through having previously installed figura.

    AS A MATTER OF CRITICAL URGENCY you need to uninstall and delete all traces of this mod, and run AV Scans from multiple reputable AV Scanner providers. You should also make every effort to reset your home routers IP address, in most cases powering down your router for 10-15 mins will do this. If it does not contact your ISP for support.

    IN AN IDEAL WORLD AND FOR MAX SECURITY you need to do a full wipe of your current computers that have ever had figura installed on it and re-install from scratch restoring from a backup before figura

    Wild1145

    Network Owner at TotalFreedom

    Managing Director at ATLAS Media Group Ltd.

    Founder & Owner at MastodonApp.UK

  • wild1145 July 20, 2023 at 9:37 PM

    Changed the title of the thread from “CRITICAL SECURITY ALERT: Figura Mod Comprimised & Used as Botnet” to “CRITICAL SECURITY ALERT: Figura Mod Compromised & Used as Botnet”.

    :skull:
    the mod ain't a botnet nor is it malicious -- if you're really just scared of shit, just compile it yourself

    this actually is fear-mongering, jfc

    1gaah.png

    External Content www.youtube.com
    Content embedded from external sources will not be displayed without your consent.
    Through the activation of external content, you agree that personal data may be transferred to third party platforms. We have provided more information on this in our privacy policy.

    External Content www.youtube.com
    Content embedded from external sources will not be displayed without your consent.
    Through the activation of external content, you agree that personal data may be transferred to third party platforms. We have provided more information on this in our privacy policy.

    • Official Post

    It was a hoax

    Basically, it was a hoax started as a joke by specific players who wanted to spook the admins. From our perspective, we weren't aware that it was a joke and were genuinely convinced that there was an exploit in Figura that leaked IP addresses. Somewhere down the line they joked about it being a botnet (and had the Figura developers go along with it) and that's what led to it being assumed to be a botnet. This isn't the case, but that's what happens when you dick around too much on a community that is becoming increasingly unstable overall.

    In Ryan's defense, he took action to help protect players against a threat he believed existed with the information that was available at the time (Figura executes user-created LUA scripts and that someone apparently had IPs). He doesn't want to have another repeat of what happened with Log4Shell or any of the other related serious incidents, which led to him take the "better safe than sorry" approach. Even if he turned out to be wrong, I believe he made the right choice nonetheless because if he did nothing and it turned out to be true, he would have likely been blasted for not taking action. He's stuck in a situation where he's fucked regardless.

    With news that the entire thing was a hoax out, Ryan is incredibly pissed that he was blasted over a nothing burger and I expect some consequences to happen in the near future.

    To those who were involved: Good job. You took an already very unstable community and shook it like a fucking snowglobe and expected it to not go as far as it did. You really should have known better, given the unstable nature of this place.

    To add on to Video's comment, as a member of the community management team, I do apologize on behalf of the tenseness of the server as of late and how the situation was handled overall. In any case, the server was indeed unstable, and a lot of things and emotions culminated into what happened today. I hope that everyone can understand our situation here from the staff members team, as well as the general playerbase.

    I would like to urge players to not blame each other, but to understand the different perspectives of the situation. We can try to work better as a whole to repair the damage or the panic caused by the situation and prevent this from happening in the future if we can cooperate as a community.

    If you have any questions, feel free to comment on this thread or approach us. If you have broader comments on how we can do better, check out the following threads:

    How can we all improve TF

    Help Build a Better Community

    C'est la vie

  • lyicx July 20, 2023 at 11:52 PM

    Changed the title of the thread from “CRITICAL SECURITY ALERT: Figura Mod Compromised & Used as Botnet” to “[FALSE ALARM] Figura Mod Compromised & Used as Botnet”.