Sitewide Email you may have received

Archived Admin Announcements
8 posts Page 1 of 1
viperssaturn
Moderator
Posts: 1653
Joined: Sun Oct 15, 2006 10:34 am
Location: Hamilton
 
by viperssaturn » Mon Dec 03, 2007 7:24 pm
By now, everyone should have received an email saying that the site was hacked. Idol creations is now down and our email list may have been compromised. I can assure you all that a back up has been made and Kenny is working on this as I type. If you have any concerns post them here and we will try our best to respond in a timely fashion. There should not be anything to worry about but be careful what you click on and if you see anything on the site that shouldn't be here, or any changes we have not announced, email me to jon clark _ viper at hotmail dot com or call my cell if you have it.

Jon aka viperssaturn

 

Slayer
O6P Staff
Posts: 1568
Joined: Sat Oct 14, 2006 5:33 pm
Location: Hamilton
 
by Slayer » Mon Dec 03, 2007 7:38 pm
it seems the problem on this site was localized to my account password only, however i HIGHLY suggest everyone take a second and consider changing their passwords, its a very good practise to change them often, and i am Unfortunatly proof of that... my password was the same on Idolcreations, and here since they began, and look how quickly that was taken advantage of here.

 

blazinsc1
Post Whore
Posts: 782
Joined: Sun Oct 15, 2006 10:59 am
Location: St.Kitts ontario
 
by blazinsc1 » Tue Dec 04, 2007 1:39 am
yea i was wondering wtf that email was all about!!!!!! and that new user that had admin status!!!

 

Slayer
O6P Staff
Posts: 1568
Joined: Sat Oct 14, 2006 5:33 pm
Location: Hamilton
 
by Slayer » Tue Dec 04, 2007 4:50 am
blazinsc1 wrote:... that new user that had admin status!!!


that was taken care of, it seems as tho theyused my account to give themselves admin status for future use? or they just gave the newest member admin status to see what would happen around here? I'm not sure, but it was removed,

 

blazinsc1
Post Whore
Posts: 782
Joined: Sun Oct 15, 2006 10:59 am
Location: St.Kitts ontario
 
by blazinsc1 » Tue Dec 04, 2007 7:38 am
cool!!! yea u guys stay on top of things pretty quickly here which is what makes it such a good board!!!

 

Viperoni
onenut
Posts: 1667
Joined: Sun Oct 15, 2006 10:44 am
Location: B-town, ON
 
by Viperoni » Tue Dec 04, 2007 10:15 am
Slayer wrote:
blazinsc1 wrote:... that new user that had admin status!!!


that was taken care of, it seems as tho theyused my account to give themselves admin status for future use? or they just gave the newest member admin status to see what would happen around here? I'm not sure, but it was removed,


I assume you checked to make sure no other accounts were changed to admin?

It sounds like it was just a prank... hopefully that's all it was.

 

Slayer
O6P Staff
Posts: 1568
Joined: Sat Oct 14, 2006 5:33 pm
Location: Hamilton
 
by Slayer » Tue Dec 04, 2007 3:56 pm
i checked regularily yesterday to make sure no one else awas set to admin, and No it was NOT a prank, i can assume you of this

idolcreations.com is down for good, hacked beyond repair at this point.

phpbbgarage.com (creator of the phpbbgarage MOD) was hacked while i was on his board looking for help on this one, (i watched helplessly as he was hacked) and his oyehr main site www.imoc.co.uk was hacked just after that, all were phpbbgarage related. Considering the Email that was sent out was telling everyone to tell me my account was hacked, because of phpbbgarage 1.2.0 makes me very nervous right now.

all the boards that were hacked yesterday all have phpbbgarage 1.2.0 installed.. and the guy who wrote the mod was in a car accident, and not online often, and unfortunatly lived in Ireland, so i cant exactly call him up and say whast going on.

Alls i ask rigth now is if ANYONE sees anythign suspocious Email, MSN, CALL anyone who is MOderation / Admin, so we can get to the bottom of this

ALL Moderators have my Phone number incase anything needs urgent attention, (just hope im on a shift where i can get to the problem righ away...)


As a calming note to everyone, i will be backing up the Database daily until this is solved, so if its hacked again, i wil just revert back to the previous days DB (and a message will be posted) letting you know that this was the case..


As a side note here, i would just liek to say i think we are extremly LUCKY here right now, 3 out of 4 sites that were hacked (that i know of) yesterday are trashed, this one was spared it looks... the Email said,

Hello,
i saw that this site is vulnerable to attacks and it looks like a nice site. please contact the admin and tell him this. it is because of the phpBB Garage v1.2.0 that is easily crackable.


which to me looks liek the hacker looked around the site, and decided to spare us?

IMOC's site had over 2500 members last time i checked there,. thast a shame to see go down. (even tho im not an MR2 Owner :P )

 

Slayer
O6P Staff
Posts: 1568
Joined: Sat Oct 14, 2006 5:33 pm
Location: Hamilton
 
by Slayer » Tue Dec 04, 2007 4:04 pm
UPDATE!!

Ok, here is what happened, incase anyone is concerned

Seems it allowed a SQL injection which enabled them to display the MD5 hash of the passwords. It seems they used the hash to gain access to the ACP. (ACP = ADMIN CONTROL PANEL)

i was advised to change my passwords, and as a saftey precaution, to change them on any other boards I am on, I HIGHLY suggest the same for everyone here!

I have since DISABLED the browse function of the agarge aka: you cannot browse the garage unless you are logged in. If it happens again, i will have to disable the garage until further notice...
8 posts Page 1 of 1
kuchnie na wymiar radomsko

Who is online

Users browsing this forum: No registered users and 3 guests