No, MTS is not "compromised" and it's safe to download from here!
 

Hi All,

Some of you may have seen something like this going around on Discord or Tumblr or wherever:



What has happened was that a malicious actor logged into 2 creators accounts that have been inactive for a long time, and "updated" the files to contain a specific .ts4script which, when run by the game, created a profapi.dll file, which is a trojan. (See https://www.virustotal.com/gui/file...5e8819d716b394e ). This affected only 4 files that we can see, all of which are now removed from the server.

We removed the files approximately 1.5 hours after they where updated

This ONLY affected these 4 specific files ONLY for The Sims 4. IT DID NOT AFFECT ANY OTHER DOWNLOADS.

I repeat, the issue affected only 4 files and MTS is NOT compromised

If you downloaded these mods AFTER 19:53, 5th Nov 2024 (UTC), and BEFORE the 21:53, 5th Nov 2024 (UTC), then please remove the files:

https://modthesims.info/d/533172/no...ity-update.html
https://modthesims.info/d/614263/al...heats-back.html
https://modthesims.info/d/589519/ca...ed-6-26-18.html
https://modthesims.info/d/536556/fu...of-1-25-18.html

The filesizes of the nomosaic are:
- 800 bytes. Non-corrupted version.
- 18031 bytes. moxiemason_nomosaic_toddlerupdate.zip. Corrupted version.

If you downloaded MTS_moxiemason_1667773_moxiemason_nomosaic_toddlerupdate.zip and it's 18031 bytes, delete it. If you have a smaller version, it's fine.

NO OTHER FILES HAVE BEEN AFFECTED. IT IS SAFE TO DOWNLOAD OTHER FILES, FROM OTHER GAMES, AND FROM MTS IN GENERAL

If you have heard from other people that MTS is not safe to download from, that's a knee jerk reaction and not grounded in truth whatsoever!

To combat these issues in future, I've implemented the following changes:

- All new logins on an account (from an IP address different from the last successful login) will now send an email titled "New Login Detected" to the email address on that account. (Similar to how Netflix, etc, do that).
- Accounts that have been inactive for more than 3 months and have a new login on them are now automatically locked and cannot be used for some tasks until an email link is confirmed.

Locked accounts can not:
- Reply to threads or downloads.
- Post new threads or downloads
- Edit existing downloads or posts
- Upload files
- View Private Messages
- Change any profile information, including password or email address.

Hopefully this should provide an extra level of security, but minimise the amount of mail spam for otherwise legitimate purposes.

Regarding attack vectors - this issue ONLY affected .ts4scripts (so, The Sims 4), and thus, I'm going to add some automated checking for, and decompiling of, any python files, to check for any odd behaviour.

Edit 11th November: I've finished work on a first version of a TS4Script upload and checker tool. It can be accessed here: https://packagedb.modthesims.info/ts4scripts.php

I've gone ahead and added all the unique TS4Scripts I found here on MTS (inside the attachments). So far there over 900 results, but you can all add more if you want, including from other sites.

Moving forward, I'll be integrating this TS4Script database directly with the upload process, so that any upload that contains a TS4Script will be checked against the database. If it's not in the database, then it'll automatically add and process it, so that we can check immediately of any issues. (And if found, can send the upload to the queue for further checking).

It's still early days, and I've only added some basic checks. Feel free to let me know any other checks inside python you guys want to see.

Some more details about the malicious actor here - they used a VPN, and attempted to hack into multiple accounts. They where stopped multiple times, but on 2 creator accounts, they logged in (presumably using a password stolen elsewhere), at which point they uploaded these malicious files. To re-iterate, the files where removed after 1.5 hours.



Regards,

Thank you for your quick action and communication on this. It's scary how susceptible Sims 4 mods have become over the years to hidden viruses and telemetry. EA really needs to start cracking down on the game's security when it comes to community content, especially as they continue to become more and more mod-friendly (like affiliating with CurseForge).

You were incredibly fast, thank you for that. I recently removed one of the files because I forgot there were 4 in total that were downloaded.

Thank you for being so quick. I'm very careful about downloading any ts4script files but it's scary that this can happen.

Iirc the other incident that affected multiple sites months ago was also due to mslicious actors accessing inactive accounts. Maybe it would be good for creators to remember to be extra careful with passwords and maybe delete any accounts they no longer use.

THIS needs to be shared on Tumblr for all the Sims 4 peeps to help stem the wildfire.

I'm an S2 player so I'm not affected, but that doesn't mean I don't care about my fellow Simmers (even if ya playin the wrong game )

The issue a bit less than a year ago primarily involved newly created accounts on multiple sites (some pretending to be inactive creators who hadn't uploaded mods to those sites before) including MTS. The existing creator account that was compromised on TSR happened specifically because that creator was also a member of the team that checked new uploads to decide whether to approve them -- she downloaded the malware mod herself, after it was submitted by a new account there, in order to do exactly that, and her TSR login credentials were among the info stolen as a result of her running the game with it installed.

Yeah, when I read the discussion in the MTS Discord I was thinking just why the hell is a game mod able to do this?

I posted this on my Tumblr as well, but I figured it's probably good to share some information on how to stay safe when downloading CC. So here are some CC shopping tips from good 'ol Lyralei :p

How to stay safe downloading anything CC related in the future:

Know that this issue is seemingly a big issue in The sims 4 community! While the other communities are certainly not ruled out to be able to have malware in them, it seems this group of hackers are really focused on The Sims 4 community as a whole.

What files are the issue?

1. ts4script files. Because it's raw python AND TS4 doesn't have great restrictions for script mods in place, these people can modify the python file to create a .dll file on running the game. That's how they get information if they're lucky.

2. .exe files or files that look like another file type but are an .exe file. (or some executable file like a bash script, etc). MTS does check these things before approving, but do be careful when downloading these things from tumblr or github. Make sure to check the comments there instead.

What files CANNOT ever get malware in them?

Simply said: .Package files.

Exception for maybe the .package files that are actually ts4script files, but that's really from the ancient TS4 days.

With other words, your: CasParts, Lots, Cosmetics, Hair, Sims, Recolours, Objects CANNOT have malware in them

The only "kind of" malware we saw back in the days in Package files was the infamous TS3 Doll corruption bug. But that didn't collect your personal information, just corrupted your save/game 😉

What ways can I detect if something is malware at first sight?

1. 99% of script modders, when updating their mods, WILL add WHY they updated their mod in the first place. If you do NOT see any update reasons in the description, it's probably malware.

2. Check the comments! If you're not sure, always check if someone left a comment (or in Tumblr's case, a Reblog).

3. Trust your gut feeling! Does something seem strange? A bit out of place from the usual? Give it a few days before you download the mod.

4. Package files SHOULD NEVER have a way of "installing your content" through an .exe file "For simplicity", because 99% of the cases, it's malware to trick you. Unless there is a excellent reason for it (and I mean REALLY good reason).

5. More or less a download site related thing: If a download site has a billion buttons saying "Download". Please don't press these. They are most likely Malware too, but definitely shady ads. For those pages, it would be best to leave the item alone, unless you really know what you're doing!

Conclusion

While these discord server announcements mean well, it frustrates me to see that they mention that EVERYTHING is compromised. Whereas in reality, it's only TS4Scripts and .exe files that can do harm.

I know they mean well! And wanting to protect people! But at the same time, it also spreads a sense of misinformation that can harm creators, websites, you name it.

So, instead, I would love to advise them to educate their members instead on what files can be the problem! And how to detect them. The more we get this into the world, the better we will be able to protect one another from downloading bad things!

And of course, websites that share CC, should make an effort to prevent this in the future. I'm happy MTS is doing this at the moment.

Stay safe and happy CC shopping!

I actually saw this warning today on Reddit. Is a full PC scan what we have to do?

Did you download any of the specific mods listed in the first post? During the times also outlined in the first post? If no, then you're fine.

Obviously it's good to do a PC scan from time to time, but Windows Defender *does* catch this specific trojan .DLL and will quarantine it.

According to the download history I might have...I deleted the file once I put on my computer and I'm doing a scan. Thanks very much.

Unless I'm mistaken, the script itself should harmless until you run it - it's only then that it creates the malicious DLL file. Still, bad idea to leave it lying around.

Glad to see this issue got fixed pretty quickly.
That being said, is it safe to download these mods, or should we wait?

Which mod was this link regarding:https://modthesims.info/d/533172/no...ity-update.html When I click to see if I did download it, I receive an error that I do not have permission. I was able to view the other links and luckily I had not downloaded them.

The full URL has the text "no-mosaic-censor-mod-for-the-sims-4-toddler-compatibility-update" so that's probably at least a little bit of helpful information...

I knew something was off when they said:

"MTS has not been a valid place to download my mods for over 5 years now,..."

The audacity!

Nonetheless, thank you @Tashiketh for your prompt action and response!

It definitely disappointed me to see a trusted creator issue a warning with such a blanket statement, without taking any care to mention if they had reported the issue and were waiting back for a response or anything. It's not often a site's owner is around to directly check in with- yet that's what we're lucky to have here! Feels like the TS4 community looks at MTS like it's a total wild west just because they aren't as personally localised here as the older games communities.

Especially as there is a huge demographic for the game who are not tech-confident, virus scares do a huge amount of harm to the community if a rumour starts skittering around. Tumblr posts remaining in the state they were when reblogged, even if the original post gets updated, certainly doesn't help letting these things circulate in smaller communities who miss when these concerns are resolved or misinformed.

There's a lot of misinformation about computer security that I've seen, from well-intentioned but not-very-informed people — I once saw a pretty hilarious one about a specific MP4 file being malware because it crashed Discord. No, it was because it was encoded in a way that caused the renderer to choke up and die.

I'm not TS4 (quite the opposite actually--Sims 1!) but I could see that being the reason because it's a similar feeling to the feeling I always got looking at MTS until this year (yes, despite having an account since 2013), except in my case it felt like aliens on the moon and I was no astronaut.

(If I hadn't been into all the Sims 1 beta type info that was getting discussed here, who knows? Maybe I would STILL view this place with trepidation.)

If you downloaded these mods AFTER 19:53, 5th Nov 2024 (UTC), and BEFORE the date of this post, then please remove the files:


So I think I might have sownloaded the no mosaic mod in that timespan. Around 21.30 (UTC) I think, i wasn't logged in so dont know exactly. I have deleted them now, done several full scans with zero threats detected. Problem is I did run the game before I knew. Is there a chance it could be "hiding" somewhere? Any other measures I should take? When I search for profapi.dll I have 16 files with that name, scanning those files shows no threats. I am just a bit confused and anxious. What harm can this do to my computer?

Interesting. Amusing thought: Modern EA games (not sims, yet) are adding kernel-level anti-cheats. These anti-cheats run put in simple terms at the very highest privilege level of your computer. It could well hide its activities and prevent your knowledge of anything it does, now imagine a bad mod/hack for a game that has that level of access.

Thankfully if you play on Linux such things are not a threat, and a game mod creating DLL files will likely only affect that game and not your whole computer.

Why did you consider MTS scary?



I can only see an anti cheat being useful for an online game. Otherwise, who cares if you're cheating your ass off.

The correct filesize of the zip was around 800 bytes and was called . The larger size was 18031 bytes (for the zip) and was called moxiemason_nomosaic_toddlerupdate.zip. This should help determine which version you got.

I already deleted everything, but I do think there was something about toddlers in there 😢

I just don't think it was appropriate or responsible of them to scare everyone into thinking all of MTS was compromised.

Maybe not SCARY so much as "Oh that's where those SIMS 2 PEOPLE hang out. (I think it was still MTS2 when I first started avoiding it.) I'm not a Sims 2 people! I'm a Sims 1 people! The Sims 2 moon aliens will say moon things I don't understand because I didn't go to astronaut school! I should avoid that place because it is for moon people and I am not a moon people." So a dose of "I don't even play the game(s) it seems more focused on and certainly don't need objects from there" and "they will be saying things that are not relevant to me". (Avoidance aided by Simblesse Oblige being fairly active (and... well... extant 😔) at the time, which helped fulfill all my Sims 1 object and discussion needs.)

But getting into trying to bring the beta objects for Sims 1 to the final game (notably my persistent problems trying to port its scenario) meant I spent more time here and it wasn't so "it's not relevant to me" anymore and thus I didn't have that pulling me back from engaging. ...It also meant I sometimes forayed into Sims 2 areas when Sims 1 ones weren't helping me with an object issue and then found that actually the underlying logic is quite similar! So actually maybe some of the Sims 2 stuff was relevant the entire time!

I agree. MTS has been my go-to since TS2 and never has there been a problem, so to make MTS out to be problematic as a whole is irresponsible and disrespectful.

https://scarletsrealm.com/the-mod-l...w-nsfw-edition/
I always use their Mod List to update all my mods. Now they won't include any MTS downloads anymore. They want people to upload to other sites so that they can link to their mods again - what a bummer. :-(
https://scarletsrealm.com/warning-m...promised-again/

If you download mods on MTS while you're logged in, then your Download History will keep an eye out for you whenever a mod you downloaded gets an update. While it doesn't come with a sort of notification system - I wish it did! - it is still a lot better than having to go back to each download page to check for updates, and could work as an alternative to this website for mods hosted exclusively on MTS.

We have cookies *puppy eyes*

Back on topic. Checking file size when you download is not a bad idea. 18031 bytes for a mod sounds suspicious as heck.

I'm also getting concerned about the increasing frequency of bot activity in this site. Like the emergence of threads that are seemingly harmless at first then hours later it gets a reply with a suspicious link, or threads written in a foreign language. Can't help but think it might also have been done by the same person behind the recent attack.

Their idea that everyone hosting their mods somewhere other than a fully moderated site would be safer is hilarious to me.
As if Tumblr isn't full of broken pirated content, adfly links with redirections and malicious ads, with no update history on posts to boot. Same goes for other blog hosting websites, and don't even get me started on TSR.

Two malware attacks isn't indicative of ModtheSims itself, it's indicative of the internet hellscape as a whole right now.
Botting, DDOS attacks, AI trawling, and now outright account theft and malware- these things are making it harder for non-profit forums like this one to survive everywhere. Dismissing a website for being targeted multiple times is really missing the point. If everyone stopped using MTS, these attacks will move to whatever site inherited those users.

So true! I reblogged someone's post that I saw on my dashboard about this very issue. I remembered when CurseForage's malicious hackers putting malware in some minecraft mods, then went to the sims modding side too. It's making me anxious that this issue of hackers putting malware in mods. At least it's on a smaller scale, but still not a good sign.
And if anyone on this forum is reading this: get TwistedMexi's ModGaurd, it'll (and quoted from the mod's patreon post) "blocks common virus vectors, tracks the mod file that attempted to download it, notifies you, and shares the mod name with our team so compromised modder accounts can be notified as soon as possible". And please do NOT (as of the 8th of November 2024 that this is written) download any of these mods linked on the first post on this thread, thank you and mod your game safely and responsibly!

Wow. So much MTS hate. From the original post saying that 'MTS hasn't been a valid place to download mods from for 5 years', to this person blacklisting us because there were occasional hacker problems (which I bet a lot of sites get).

Blacklisting MTS is just going to make it harder for the Sims community to stay alive and communicative. Plus, (biased opinion) it's so much easier to find mods here than on Tumblr.

I may or may not have left a (respectful) reply on their twitter post about blocking MTS since comments seem to not work on their website. Purposefully redirecting people to un-moderated downloads on other sites rather than linking to the one that is implementing automatic .ts4script decompilation to better detect suspicious code is incredibly irresponsible. Hopefully they will change their mind or else it is that website that should be considered dangerous from now on. How ironic.

Sorry for the frustrated tone. Lol. I’m just tired of seeing people/sites with a large influence/following making irresponsible posts and knee-jerk decisions.

I disagree with the part where you suggest people get that persons mod. Not that I don't want them to get help as I'm all for that, but because the ONLY way to get it is to PAY for it. Why charge for somethin that will help out your fellow simmers? Sims 2 had their share of those who tried to have people pay for content, but there were even more who shared their stuff freely and a lot of time the free stuff was much better than the pay stuff. The good mods, the ones that fixed the game and such those, (to the best of my knowledge) were all shared freely.

While the mod is hosted on TwistedMexi's Patreon, it is available for free and does not require pledging to download.

If it is available for free then I rescind my disagree. Thank you for that information. As I said above I play Sims2 so do not know anything about Sims 4 (or 3), but I dislike the idea of any Simmer bein charged for somethin for whichever version of the game they play (other than the initial purchase from EAxis).

Thank you!

Unfortunately the Sims 4 Community has a massive problem with people making players pay for mods and CC, so much so that EA had to step in and require a mandatory month long(I think, could be a bit longer but don't remember off the top of my head) paid early access period before the mods become free for all players. However, because EA doesn't actually monitor the community at all, the perma-paywalled mods continue to run rampant.

I'm just disappointed in people who believed the original "whole Mod The Sims is compromised, don't download anything" post and spreading it further without even checking that the problem has already been solved and the site is safe.
I've seen many large pages on FB sharing this, and even YouTube videos (and AGAIN, no one mentioned this thread), now the whole internet knows to avoid MTS, which is just hurtful to the creators, and it has gone too far to stop it.

Just make sure to share this MTS topic in comments/on sites/wherever else people have spread wrong information, so things have a chance to calm down. One feather has a tendency to become a whole hen house if people keep spreading bad info.

I saw one of the "MTS is compromized" things, and my first instinct was to go to MTS to see if there was any info directly from the source. And there was (this topic).


Yep! We're even recruiting, it seems XD


Indeed! The good kind of cookies, too *puppy eyes*

I completely agree and his statement couldn't be further from the truth.

MTS2 now ModTheSims has been the long running safest place to download mods/cc for the Sims Franchise for a long time.

WHY is this the safest place to download mods and cc for the The Sims 2, 3, 4?

Because of the Stringent Process files/uploads/submissions have to go through before being accessible for download; unlike everywhere else on the Internet and especially places like Tumblr, Patreon, etc. that do NOT review/screen uploaded files/submissions before allowing them to be downloaded.

TwistedMexi should RETRACT his Statement Publicly along with a link to This very thread so The Community can Read The Truth for themselves.

*Perhaps someone should link this thread at TM's Discord to help him get the word out?

Just my .02.

I'm with you on this Charity, I may be biased too, but I've honestly not found a more convenient or safer source for CC or Mods for The Sims Franchise.

How people can think that spreading themselves 'far and wide' across multiple platforms is a good way to handle the content they create and share is beyond me. When creators have accounts all over the place, not only is it confusing for the end-user, but also updating seems to be a nightmare for most because you'll often find that some creators only update regularly on some platforms while leaving many files in need of updates on others. It's a Mess how the S4 Creator Community handles their content for the most part.

On the other hand, here at MTS creators can update easily and answer user questions / help with problems in one convenient place; why go anywhere else? It makes no sense to me. Personally, if/when I do make things for the Game, I only have and only ever will upload my content here at MTS.

Also, I just realized that as of 'right Now' I've been here at MTS for 20 years!

*Good Grief . . . How time has flown by . . .

Haven't been updating my mods or Simming for ages (God Forbid if anyone sees updates to my mods they are 100% not by me unless I make it clear otherwise!!!) - just popping by the say MTS is one of the first, if not the very first, site that I used and got into using CC, eventually making my own Mods. To make it upfront and clear, MTS is probably the most reputable Simming site out there!

Know this is controversial to say, I do feel uploads are scrutinised less so these days insofar as TS3 content goes, than when I first joined - this is understandable because TS3 is relatively obsolete, and it's better to encourage people to create and share than turn them away, but where I am coming from is that there seems to be more tolerance and discretion in terms of content quality than years ago when the benchmark was higher. Nothing wrong with this though.

But what I've said above doesn't change the fact that there are still a lot of quality creations, and perhaps most importantly, everything is scrutinised before being made public at least!

Heh, you made me check my join date. 15 years, so not quite as long as you.

Tumblr also has the worst search ability.

The thing that i love about this site is that even if i'm still not heavily involved in the TS2 community anymore i still come back to see what everyone's up to and look at all the great photo threads that are still being updated to this day! The TS4 community has a tendency to raise certain creators to godlike status and it irks the hell out of me. I don't know if Twisted or Scarlett are on Bluesky (cuz i left twitter years ago), but they're not gonna get a warm reception from me after this i can tell you that much.

Noob. (I'm kidding of course, thanks for sticking around for so long!)

Made me think to check mine.. 2011. That's.. a long time. If my memory serves me well I had managed to get Sims 3 working on linux and wanted nrass mods, which at the time were only here. (I think?)

Thus, I have been bugging you guys ever since.

It's been 22 years for me here.

In this thread, where I also check which mods get updated, they mention that they won’t link any MTS mods anymore:
https://answers.ea.com/t5/Mods-CC-I...14247913#M70035

And some modders are already moving their stuff to Curseforge.

For me this sums up the whole problem with part of the Sims 4 community. They read an information, get very angry about it, don't make any research and thus BELIEVE it and are happy when they can rant about it with other like minded individuals. It would be so much better if people start to think for themselves again and don't rely solely on one source.

*goes to look* ... well seems like my MTSversary is just days away .. I'll have been here 18 years

I would never think to go anywhere else.

Thank You for maintaining and keeping MTS alive; it's greatly appreciated!

Just posted THIS at EA Answers:

-
ModTheSims - is SAFE. Here is the Truth

Site News - No, MTS is not "compromised" and it's safe to download from here!

https://modthesims.info/showthread.php?t=687747

-

https://answers.ea.com/t5/Mods-CC-I...14249966#M70051

TM wrote 'to download MY mods' and not mods in general. This is a tiny difference.

Randomly blacklisting mods does doesn't make MTS a nice place for mod authors to keep their mods updated.
I keep my mods updated on GitHub after spending days to fix my mods to comply with the mod guidelines and since then waiting forever for feedback or to get it approved.

The reason why it can take a while to get mods approved is because the number of moderators is waaay smaller than the number of users on the site - and those uploading to the site. (I can't determine the exact number of mods there are in total and how many of them are actually responsible for the vetting process). Plus, people have lives outside of MTS... Some are grown people with jobs, and kids, and pets, and houseplants to take care of. On top of that, the moderators tend to be very thorough in reviewing uploads, as I'm sure you are aware of by the rigorous upload process. (So shout out to the moderators/admin! )

The process is not meant to deter or intimidate you from uploading. It's meant to keep everyone fully informed of what you have to offer and, hopefully, prevent any sort of damage to your save/game/PC.

Kind of ironic when you think about it. "MTS is not a safe place to download." and "It takes ages to get my mods approved due to the thorough review process.".

No one notice the conflict here?

I'd argue the fact there is a stricter review process makes it safer than some random tumblr.

Besides, I kind of prefer the organisation of MTS since it makes it easy to find things in general instead of googling "Sims 2 <wanted mod>" and having to filter through all the sims 4 stuff. (Pet peeve of mine, trying to find something for Sims 2 and getting lots of Sims 4 results.)

Well done @Tashiketh for dealing with this so promptly! People tend to use the same passwords for different sites, which could be how the accounts were compromised perhaps.

My mistake, sorry. That does make a difference.



If you have enough uploads though, you can bypass the queue, so you only have to wait for ages until you have a good enough reputation to be considered trustworthy. Also, I thought they just recently hired a bunch of new moderators?



I only have one email. XD

Silly simsample- I totally meant passwords, but typed email instead! Sorry for confusion. Of course, have different passwords for each site!

I may have recycled passwords on some sites. XD I only have so many pets. j/k But I make sure that my bank passwords etc. are unique.



Unfortunately they already responded to you.

@WvMISKAvW Please see my explanation here for why I'm not reporting MTS-only mods. It's about ongoing trust and my (volunteered) time.

I'll note that other mod-news services (non-AHQ) have made the same decision. I'm sorry I can't provide more explanation about our distrust due to most discussion having been in private.

Players are welcome to track what modders do on their own, without relying on update news services, the way we all did, for all Sims games, before I started this list in 2015.

It sounds like they have ongoing problems with MTS, but won't say what they are. And the boycotting is already spreading. DX

Thanks for putting out a statement where most simmers can see!

I just took a look at their signature; looks like they're a part of the EA MLM Creator Network...



So, I'm not surprised by their response... Still p!sses me off! Like why is there no transparency?!

Might I chime in that I'm one of those creators who hasn't been able to get anything approved on MTS but a malicious user was able to log into two popular creator accounts and compromise multiple popular mods.

Your statement isn't the home run you think is it. I'm just saying.

My "random Tumblr" is run by me. I'm also this person: https://new.reddit.com/r/Sims4/comments/1akzieh/

Anyway, I'm gone. Bye!

Let's talk Opsec for a moment then.

A few things come to mind for the accounts that were compromised:
- Did you and your fellow authors follow good opsec on your own computers to ensure you yourselves had no malicious software on your own computer (Like a keylogger, for example)? Is your computer up to date? Do you have anti-virus software? Do you avoid shady websites? Do you use a secure non-browser and non-cloud based password manager?
- Are you absolutely certain your computer isn't compromised? Some modern malicious software can hide in your UEFI and your OS will never be able to detect it, even during a virus scan. It can be significant too, where even a format and reinstall of the OS would not be enough to clear it.
- Do you ensure every single password on each of your accounts is unique with no two passwords the same and are at least to the minimum length of 16-characters (preferably much longer)?
- Do you enable 2FA where available?
- Have you ensured your email accounts are not compromised in anyway and follow the same high level of security?
- All of the above applies to mobile device stuff too, if you share any accounts between your mobile device and your computer.
- And remember, most hacking occurs from social engineering as opposed to a security failure, causing someone to compromise themselves unintentionally.

It's easy to blame a website for an opsec failure, while ignoring your own. Typically a total website compromise will involve much more than one or two accounts, usually when it is an account or two it is a failure of the account holder where the account holder themselves are responsible by failing to keep to one of the above.

An attacker who compromised the website itself would have aimed for actively updated mods and the most popular mods. They also could have forged the updated date to hide that it was updated in the first place, avoiding detection. After all, if you have compromised the website to a high level of access, you could simply edit the database entry directly avoiding the date being updated, or even just swap the file out directly.

It's no different to how people who have their steam accounts 'hacked' blame Steam and once you dig deeper you find out it was the user who failed their own security (For example: enabling API keys to their account to try to trade, etc.).

With that said, it is possible to target a specific account and break into it if it has a weak password to begin with by brute forcing it. Though, in theory the website should lock accounts with too many password failures. (If it doesn't, that's an opsec failure on the websites behalf.)

To be clear, I'm talking strictly from a computer security point of view, not a personal one. It'll be interesting to see exactly where the failure was in these instances, because as it stands there is not nearly enough information to correctly point the finger.

I've finished work on a first version of a TS4Script upload and checker tool. It can be accessed here: https://packagedb.modthesims.info/ts4scripts.php

I've gone ahead and added all the unique TS4Scripts I found here on MTS (inside the attachments). So far there is 909 results, but you can all add more if you want, including from other sites.

What ongoing problems? 2 creator accounts got logged into, and the persons responsible uploaded malicious files. This could happen to ANY website, not just MTS. (And in fact, has happened... a LOT... on curseforge, especially with Minecraft mods). There's only so much I can do to prevent people from re-using passwords...

The same person who hacked into those 2 accounts also DID try and hack into multiple other accounts (at least 3 others), but wasn't able to, presumably because the passwords where changed since the hackers got the passwords from wherever they where leaked from (which wasn't MTS!).

If you don't mind my asking - I'm genuinely curious.

I'm guessing you went over the server logs and found the attacker logged into multiple accounts with the same IP address (Probably a VPN or TOR), which is how you were able to identify this? (They always do this. )

Were you able to verify whether brute forcing took place or not? This should be evident from the logs.

If no brute force took place, and they got into the account within 1 to 3 tries it would almost certainly point to someone having re-used a password, and that their password was previously compromised. Thus the website itself is technically not at fault (user error). This is a common problem with old abandoned accounts and re-used old passwords.

Though, the changes you've implemented of locking old accounts and notifying users upon a new login should suffice to resolve this, if that was the case.

Yes, the attacker used a VPN. They also tried brute force (multiple attempts per account) for the other accounts, however, with TwistedMexi and moxiemason, it was a first-time login. No brute forcing.

We store both logins and login attempts for, well, ever (I have records going back to 2011 on my own account), including email and password changes too. So we have a good track of what people do.

this. it's not just mts, any website without two factor authentication is vulnerable to the clever and devious attack known as "knowing the password and typing it in", and even 2fa probably won't save you if someone reeeeally wants to get into your account. wherever they're hosting their mods can be "compromised" in exactly the same way
then again, people like this also download smooth patch (a mod that changes another program. by definition. it's in the name) and write terrified comments when it gets flagged by windows defender. rest in peace basic technical literacy

I'm not seeing what the relation between the sign-in process and moderation for uploads is. There are myriad parts of the rubric that are clearly explained as you go through the upload wizard that I can only assume you must not have corrected once pointed out. I have to say that between this comment and your profile bio you sound a little bitter toward MTS. You shouldn't be letting that compromise the integrity of your website that's used by a large number of players that trust your judgement.

Ugh...I don't wish to respond to that attitude and I have no interest engaging with anyone having private discussions with 'who knows who' and then blasting false/opinionated statements (arrived at in said private discussions) across the Internet. That person is lucky they are not getting Sued for Libel.

The responsible thing for that person to have done would be to contact MTS and find out what is going on instead of hauling off and posting false statements. Furthermore, the fact that 'private discussions' were mentioned without any insight on who was actually involved sounds fishy.

Just my .02

In this instance then it really doesn't seem MTS was at fault. It sucks how people always jump to fear mongering over understanding how things work.

Though, if you haven't already it may be worth adding a feature to lock accounts after X number of failed logins (3 to 5 attempts is typical) requiring the user to take further action to get into their account again. (such as requesting them to click a confirmation link sent by email before granting access, even if the password is now correct.)


2FA works fine in most cases, it usually fails when someone puts the code into a fake site setup by the attacker, again social engineering. If the attacker is ready and waiting they could simply have a script that immediately logs into the legitimate service using the details you just gave it (2FA included!), which now gives them access to the account.

MTS does have a lock out if you try too many times to guess a password. Me and my dumbass brain tried it out extensively when I was trying to log in on another computer and couldn't remember my password.



I'm not blaming you in any way! I was just commenting on the people I quoted's remarks about 'ongoing trust' making it sound as if they had more problems than they were willing to talk about. Which honestly just makes them look suspicious if they have these problems, but they are secret!

I'm impressed by all the steps you've taken to make things more secure!

Correct, although this lock does only last till midnight. I might actually switch this to lock the account completely, similar to the 3 month inactivity login.



Apologies if I was a bit peturbed. It did feel like an attack on MTS. People have always had issues with MTS, for decades. That isn't going to change. The amount of times I've heard "Well I'm going to go make my own site! It'll be better! It'll have beer, and hookers!"... and then make it on Wordpress, or a Forum.... Not exactly great for download searching or filtering.

Wait, wait, wait. Back up! There's a sims modding site with beer and hookers? Do you have a link?

Kidding!

Hey, a lot of those sites evidently bought too much beer, got drunk and couldn't afford to pay the hookers and therefore folded. XD

This is why we can't have nice things.

I knew I was doing something wrong by running a website and not drinking beer... :D

Did TwistedMexi apologize for scaring everyone into thinking all of MTS is virusville or is he pretending he didn't a wildfire that hurt this place?

I'm also suspecting that given the Sims 4 Comments Section has long been known for its unfavorable stance on that iteration of the franchise - even Sim Gurus have come there and had a hard time, back in the day. (That's putting it mildly.) - would go some way to someone so influential in the TS4 community to wrapping the whole MTS TS4 element as being problematic and not so bothered about making such alarming comments about its mod and virus security. From their point of view it's "all" bad, yet that should not excuse putting out publicly such bold, unfounded statements such as to ruin the reputation, business and livelihood of another. Just how close to breaking the law were they? And if they genuinely distrust this site that much, why do they leave their ancient, outdated mods on this site to be the very subjects of the threat they proclaim? Because they're free ads to their Patreon, maybe? Someone's trying to have their cake and eat it. But who is now choking on the crumbs?

Thanks for clearing it up, Tashiketh. It certainly needed it.

Is it only TS4 that these sites cover, or TS3 and 2 as well?

I have to ask as it's slightly related to mod security. Does anyone know if it's possible to block scripts from connecting to the internet? Do you have to block the entire Sims 4 executable from outbound connections in your firewall or is there a way to only block mods specifically? I don't want to name names, but there is an increasing number of authors with script mods out there that upload certain info about your game to the internet--and give you no say in the matter. Always made me really uncomfortable using them.

1) I misread that as mod_security.

2) Depending on how the game implements python (I've never looked into S4, I'm an S2 player) the chances are high that if you do not block the whole game, then a script running within can always connect to the internet as long as the game can. it is likely running as a subprocess of the game and therefore has the same permissions as the game itself. Although, I could be incorrect.

With that said, it is absolutely possible to block the game itself from accessing the internet and any subprocesses. In fact, I'd advise you to do so. Even if you use origin you can configure your firewall to only block the game.

Looking at the reddit post someone posted earlier, there is a screenshot of one malicious script on reddit[1]:
https://www.reddit.com/media?url=ht...09c80568f7acc23

We can see here that the script is using curl (a safe and common tool, lots of web services use this for API's and other things.) to silently (-s flag, meaning it does not output any logs) fetch a malicious executable file and save it as sims4c.exe (-o flag, output) from discord.

To render this type of attack ineffective you would only need to prevent the game and any associated processes from accessing http/https traffic, it would then be unable fetch the malicious executable and you would not be infected. This is assuming you didn't already infect yourself with something else while downloading/installing the mod.

Anyhow, this is just my 2c based on a quick glance of the code. I reserve the right to be entirely inaccurate.

[1] it looks like this person saved and loaded potentially malicious software in their regular, non-sandboxed environment. They're lucky it was just a python script, you wouldn't want to do that with some more serious malware. (Ooops!)

scarlet has previously removed dskecht's dark mode UI (and other UI mods) over misunderstanding him having to write a launcher bypass because his legally purchased game actively refused to launch via steam without it as him somehow pirating the game. i can't trust her ability to understand basic cyber opsec. plus her mod listing is hosted on wordpress.com, which i can't even access anymore because i got IP blocked by their CEO for daring to criticize his insane legal battle against another wordpress provider.

Since it goes about ts4s scripts and since twistedmexi is a ts4 creator then you can make it up it's TS4 only.
Also, most drama is with TS4 now.




Bit of a weird story. But if steam marks your game as pirated, then probably that person must have the expansions not having legal. Some people have the basegame and then think they could use a pirated version next to it. Well, then you get busted.

Ok I have a question to someone who is better in understanding the technical stuff. I can't access Scarlets site anymore: https://scarletsrealm.com/the-mod-l...w-only-edition/
The list doesn't load anymore and when I click the links, I get HTTP error 403 and access denied. When using my phone with LTE the site still works. So somehow they found my IP address and block it? If this is the case this would be totally ridiculous from them. I just posted their information here, that they won't include MTS links anymore and now they block people from using their site completely? Or did their site got hacked?

If you ever visited their website previously then it is possible to block your IP address, as it would be in their logs. But to ban specifically you, they would need to be able to identify which IP belongs to who which is usually achieved via logins or other means. They could also simply be blocking VPNs, so not directly targeted at you in that case.

I just briefly looked at the list and most of the links appear to be external sources - so perhaps it's just that some of the links simply don't work? Also could be a browser bug, have you tried a different browser? For example if you use chrome, have you tried firefox or vice versa? Using ad blocking plug-ins can often cause issues like that.

It's best to look for the most logical reasoning over rushing to fear or accusations.

The list doesn't load anymore and by clicking on the links I get the HTTP error with a blank site. I've tried it from different PCs and browsers. The only thing that works is from my mobile phone with LTE. My husband has the same VPN and even on his notebook it doesn't work.

So if they are blocking VPNs what can I do about it?

If you've had a VPN active in each instance that you were unable to use the site then the VPN is most likely the cause in this instance, VPNs get banned all the time on many different websites.

Things to try:
- Disable the VPN and try accessing the site without it.
- Switch your VPN country. (this gives you a different route, which may avoid the problematic servers)
- Try a different VPN provider.

I'm sorry, I was wrong, I meant internet provider. We don't have VPN. So I understand now that it's more likely that the IP address got banned. We never had any problem with our internet provider with other sites.

Ah, that would be ISP, not VPN.

You could try restarting your router, usually most residential ISP will assign a different IP address when doing this.

Although, it is a curious case. I guess if that doesn't work, you could try google's free proxy service:
https://scarletsrealm-com.translate...&_x_tr_hl=en-US

Effectively, doing this means the website does not know your IP address, ruling out any issues of it blocking you.

It IS theoretically possible to have an IP address the site associates with a VPN or proxy without specifically having used one yourself. I had that happen when signing up for TerraLuna (a Sims 1 forum) and only found out about the issue because a mod there recognized my username from other places and alerted me via email that I might want to fix that. To this day I don't quite know what caused it (though it's probably unlikely to recur unless it was something my router was capable of doing on its own since I have a new computer now).

(Incidentally, that's a tiny part of why I don't have an account there now, because (in addition to my then-ailing computer having problems even with basic sites) the worry that somehow my IP could end up there again since I never found and resolved whatever caused it meant I avoided the site enough that my account was deleted for inactivity. )

I love MTS! Been coming here since *checks* 16th May 2005. Visit every weekend to see what's new, even if I'm not as download-crazy as I used to be. Funnily enough, I didn't even realize people were posting uploads to personal Tumblr sites until a few years ago. *blush* Their choice, of course, but if I think of something specific I'm looking for, MTS is the first place I check. Never had a problem with anything.

I'm not sure what is going on with her site or not; I don't go there, but you can get it at SimsVIP:

https://simsvip.com/2024/10/22/brok...death-ep-patch/

It's also entirely possible that the ISP themselves filter all traffic through a Proxy so that all customers get a very limited range of IPs and so they can control traffic (and security) better.

it makes me super sad when ppl do stuff like this mts is my #1 spot to go to for sims 3 (and sometimes 4) mods and i've had no problems! i think if people could take time out of their day for once to just see if something that people have said is true and not take it at face value, it could make a huge difference (ik that this is a bit idealistic but one can hope lol) mts is awesome!

I can get everyone being worried and freaking out but this kind of behavior and approach they're taking to finding this out just reinforces the notion of being scared of mods in general, and creates more division in the community.... I've used MTS for years, since I was a young child... MTS has been safe up until now. So what if a couple files were bad? You guys took care of it very quickly. I trust MTS Staff. On the contrary, I used to be scared of other sites....

He's a big modder, he probably doesn't believe he can do wrong.

I use the TM full edit CAS but I've had it since 2018-19. I'm definitely safe.