Page 4 of 8 FirstFirst 1234567 ... LastLast
Results 76 to 100 of 198
  1. #76
    Join Date
    Feb 2002
    Location
    Indiana
    Posts
    422
    Quote Originally Posted by EU Hosting Talk View Post
    Well, at least this time, they did not deface WHT
    Yeah, thank goodness they only have our username, password, and email address!

  2. #77
    Quote Originally Posted by WoodiE55 View Post
    Yeah, thank goodness they only have our username, password, and email address!
    Well... in all fairness, usernames were already public
    Uptime Monitor - Minimize your downtime by being the first to know about it!

    Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.

  3. #78
    Join Date
    Feb 2007
    Location
    Isle Of Anglesey, UK
    Posts
    1,468
    Quote Originally Posted by WoodiE55 View Post
    Yeah, thank goodness they only have our username, password, and email address!
    Username is publically available anyway.
    email address could mean more spam (I get tons anyway, and my spam filter deals with 99+% of it anyway). Could be a problem if you used the same password for your email account.
    My Password for WHT was unique to this site, so only had to change WHT password.

    It is, of course worrying for those that have used the same password elsewhere.

    I would have thought that WHT would have advised everyone to change their password by now (it should have been done as soon as they found out about the breach).

  4. #79
    Join Date
    Mar 2012
    Posts
    1,421
    Quote Originally Posted by Andei View Post
    Well... in all fairness, usernames were already public
    Nice comment. hehe.

    The only thing that bothers me a "little" is that these people (Penton) make a ton of money from this community. Seeing all the flaws pointed in this thread, outdated wp's, forum software, etc... is disappointing. Maybe they should sell the community to a more responsible player in the industry. :]

  5. #80
    Join Date
    Feb 2007
    Location
    Isle Of Anglesey, UK
    Posts
    1,468
    One more thought.

    Something we do need to watch out for is someone using the email addresses to send phishing emails out trying to get you to change your password.

    Whenever I get an email like that I always open the website directly (never from a link in the email)

  6. #81
    Join Date
    Apr 2002
    Location
    Las Vegas, Nevada
    Posts
    510
    Quote Originally Posted by MikeDVB View Post
    We also haven't had any luck getting a hold of anybody.
    Has anyone put a support ticket in about this ?

    Sorry / still reviewing this thread have not got to the end just yet

    Dave

  7. #82
    Join Date
    Mar 2010
    Location
    CMYK-Land
    Posts
    1,400
    No one from WHT still made a comment or official statement what just shows what is the real state of this forum. Knowing how many times mods, admins and host jumped in topics dealing with same or similar problem accusing how affected host didnt properly notify his customers they should now be all over this topic and flooding the support with accusations and complains.

    If nothing else this is just a confirmation that WHT become nothing else but simple forum to complain for bad hosting service and for the host to parade their badges.
    - I often come to the conclusion that my brain has too many tabs open. -
    Failing at desktop publishing & graphic design since 1994
    .
    Pretty soon we can expect hosting companies offering "double unlimited"
    or
    "not limited unlimited with no limits".

  8. #83
    Quote Originally Posted by Madbunny View Post
    No one from WHT still made a comment or official statement what just shows what is the real state of this forum. Knowing how many times mods, admins and host jumped in topics dealing with same or similar problem accusing how affected host didnt properly notify his customers they should now be all over this topic and flooding the support with accusations and complains.

    If nothing else this is just a confirmation that WHT become nothing else but simple forum to complain for bad hosting service and for the host to parade their badges.
    As far as I know, the MODs and Admins are not devs here, they can't really investigate this breach as a dev could, so them taking a stand on this matter or making an announcement without having the proper info, would be wrong. As I see it, the blame here should fall on Penton, not the WHT staff.
    Uptime Monitor - Minimize your downtime by being the first to know about it!

    Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.

  9. #84
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by Madbunny View Post
    No one from WHT still made a comment or official statement what just shows what is the real state of this forum. Knowing how many times mods, admins and host jumped in topics dealing with same or similar problem accusing how affected host didnt properly notify his customers they should now be all over this topic and flooding the support with accusations and complains.

    If nothing else this is just a confirmation that WHT become nothing else but simple forum to complain for bad hosting service and for the host to parade their badges.
    Keep in mind that the mods are volunteer members and are not necessarily authorized to speak on behalf of WHT. I am sure they are also asking the same questions we are all asking.
    Keith I Myers
    KMyers.me The rantings of a lunatic
    Join me on Technical.chat

  10. #85
    Join Date
    Apr 2002
    Location
    Las Vegas, Nevada
    Posts
    510
    We are all changing our passwords on WHT / but also be sure to change your password on the Support Ticket Site as well / I do not think they have Single Sign On for that ...

    I would assume that today is the day where PENTON is investigating and planning on how to address this / or at least one would hope - for no one to say anything will be just wrong.

    Dave

  11. #86
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,370
    Quote Originally Posted by David View Post
    Very interesting. Needs an upvote or three, and maybe an official statement from Penton would be nice.
    Quote Originally Posted by MikeDVB View Post
    Well... I don't think it should have to be said but... change your passwords.
    I guess I would kinda like to know the whole was closed before I do that.
    Jeremy Kinsey (jer@mia.net) - 262-248-6759
    Dedicated Servers - Web Hosting - Colocation HostDrive.Com
    Since 1997

  12. #87
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by rasputin View Post
    I guess I would kinda like to know the whole was closed before I do that.
    Well - use a randomized password not shared across other services and there's little risk to changing your password. I'd say less risk than leaving it as-is confirmed or not.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  13. #88
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,370
    Quote Originally Posted by MikeDVB View Post
    Well - use a randomized password not shared across other services and there's little risk to changing your password. I'd say less risk than leaving it as-is confirmed or not.
    The only risk appears to be at WHT.
    Jeremy Kinsey (jer@mia.net) - 262-248-6759
    Dedicated Servers - Web Hosting - Colocation HostDrive.Com
    Since 1997

  14. #89
    Join Date
    Feb 2013
    Posts
    283
    I'll be the first to confirm this hack, since the cowardly owners are trying to cover it up.

    This has been going on officially since Friday. They knew about it then and did nothing.
    In any other business, you have all hands on deck and legal on the weekend due to such. Ruined weekend is what the office workers should have had.

    Official word should have been issued over the weekend. Nothing said or done. Now their time mid day on Monday, nothing.

    Penton was hacked. 100% hacked and details are there including actual passwords.

    What proof do I have? This very account I am posting from was compromised. Someone managed to get into it and change email address and password over the weekend.

  15. #90
    Quote Originally Posted by rasputin View Post
    The only risk appears to be at WHT.
    Doesn't cost you anything to change the password now, and once again when the hole has been found and patched... I mean seriously, 5 seconds of your time vs. someone breaching your WHT account, spamming and changing your email, etc... seems quite a trivial choice.
    Uptime Monitor - Minimize your downtime by being the first to know about it!

    Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.

  16. #91
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by elrooted View Post
    I'll be the first to confirm this hack, since the cowardly owners are trying to cover it up.

    This has been going on officially since Friday. They knew about it then and did nothing.
    In any other business, you have all hands on deck and legal on the weekend due to such. Ruined weekend is what the office workers should have had.

    Official word should have been issued over the weekend. Nothing said or done. Now their time mid day on Monday, nothing.

    Penton was hacked. 100% hacked and details are there including actual passwords.

    What proof do I have? This very account I am posting from was compromised. Someone managed to get into it and change email address and password over the weekend.
    I dont think anyone here is doubt that a hack indeed happened - other then that, I completely agree. If a web host was in a similar issue, would customers be understanding of a "its a weekend" excuse.
    Keith I Myers
    KMyers.me The rantings of a lunatic
    Join me on Technical.chat

  17. #92
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,370
    Quote Originally Posted by Andei View Post
    Doesn't cost you anything to change the password now, and once again when the hole has been found and patched... I mean seriously, 5 seconds of your time vs. someone breaching your WHT account, spamming and changing your email, etc... seems quite a trivial choice.
    If the hole is not closed it's kinda pointless to change it.

    Seems to me it's the forum owners responsibility to fix that first.
    Jeremy Kinsey (jer@mia.net) - 262-248-6759
    Dedicated Servers - Web Hosting - Colocation HostDrive.Com
    Since 1997

  18. #93
    Quote Originally Posted by elrooted View Post
    I'll be the first to confirm this hack, since the cowardly owners are trying to cover it up.

    This has been going on officially since Friday. They knew about it then and did nothing.
    In any other business, you have all hands on deck and legal on the weekend due to such. Ruined weekend is what the office workers should have had.

    Official word should have been issued over the weekend. Nothing said or done. Now their time mid day on Monday, nothing.

    Penton was hacked. 100% hacked and details are there including actual passwords.

    What proof do I have? This very account I am posting from was compromised. Someone managed to get into it and change email address and password over the weekend.
    Out of curiosity and to help settle this thread's MD5 disputes, did you have a simple or complex password?


    Quote Originally Posted by rasputin View Post
    If the hole is not closed it's kinda pointless to change it.

    Seems to me it's the forum owners responsibility to fix that first.
    Should be safe(r) if you change it to a strong password... besides, I hardly think the attackers are constantly downloading fresh copies of the database and run password decryption on them.
    Uptime Monitor - Minimize your downtime by being the first to know about it!

    Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.

  19. #94
    Join Date
    Oct 2000
    Location
    Lake Geneva, WI.
    Posts
    1,370
    Quote Originally Posted by Andei View Post
    Doesn't cost you anything to change the password now, and once again when the hole has been found and patched... I mean seriously, 5 seconds of your time vs. someone breaching your WHT account, spamming and changing your email, etc... seems quite a trivial choice.
    Hey Einstein. If the hole is not closed they can just retrieve the new password.

    Might be worth spending 5 seconds investigating how this happened a week ago.
    Jeremy Kinsey (jer@mia.net) - 262-248-6759
    Dedicated Servers - Web Hosting - Colocation HostDrive.Com
    Since 1997

  20. #95
    Join Date
    Feb 2013
    Posts
    283
    Quote Originally Posted by KMyers View Post
    I dont think anyone here is doubt that a hack indeed happened - other then that, I completely agree. If a web host was in a similar issue, would customers be understanding of a "its a weekend" excuse.
    I think folks on this thread are smart and are taking it more serious than audience as a whole. This thread remains buried and unfound in search. I'd think a hack like this should be top of the nav every page on webhostingtalk.com and they should have force reset all passwords on Friday.

    Still too much is being said like were the passwords encrypted and such. I am here to say, not adequate either way. The site has been officially compromised and Penton needs to step forward with plan and clean up the mess.

    Because of their denial my account and likely others were hijacked. Clearly, mass password reset they don't want to do, that would drive participation down for weeks to months.

  21. #96
    Join Date
    Feb 2013
    Posts
    283
    Quote Originally Posted by Andei View Post
    Out of curiosity and to help settle this thread's MD5 disputes, did you have a simple or complex password?




    Should be safe(r) if you change it to a strong password... besides, I hardly think the attackers are constantly downloading fresh copies of the database and run password decryption on them.

    The database was allegedly ran on Friday and 60% of all passwords via MD5 with the accompanying SALT in the database data were decryptable... 60%.

    Password that was used here would fall to a dictionary style attack.

    No doubt that password complexity of maximum length + numbers + characters + case mix is all anyone should be doing. If you can remember your password, it's not adequate.

  22. #97
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by elrooted View Post
    Clearly, mass password reset they don't want to do, that would drive participation down for weeks to months.
    And this silence from Penton may drive all active/influential members elsewhere which would drive down participation for years... or at least lower the quality of posts
    Keith I Myers
    KMyers.me The rantings of a lunatic
    Join me on Technical.chat

  23. #98
    Quote Originally Posted by rasputin View Post
    Hey Einstein. If the hole is not closed they can just retrieve the new password.

    Might be worth spending 5 seconds investigating how this happened a week ago.
    If only you'd spend less energy coming up with such "original" name calling, and spend more energy on the common sense part of your brain, you'd realize that even if the hole is not patched up yet, there's still a much lower chance of your account getting compromised if you change your password now.
    Uptime Monitor - Minimize your downtime by being the first to know about it!

    Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.

  24. #99
    Join Date
    Feb 2013
    Posts
    283
    Quote Originally Posted by Andei View Post
    If only you'd spend less energy coming up with such "original" name calling, and spend more energy on the common sense part of your brain, you'd realize that even if the hole is not patched up yet, there's still a much lower chance of your account getting compromised if you change your password now.
    Nicer way of saying that Entirely true on password complexity necessity and need to change password NOW. Everyone, if you haven't changed password since Friday, regardless of complexity change it.

    May I recommend keepass for the Linux crowd, in your distros and waiting. Generate good passwords and store them so you can look up account info and not prone to simple passwords.

    Hacks happen. Yes, users should have unique cryptic passwords. Part of this falls on enforcement and best practices by site operators. Such should be mandatory at account creation and any time you reset your password.

    None of this closes the door to the hacks though. Nor is the larger picture clear to all of us. This will have long term ripple effect unless users change their behavior, unhinge from comfort and go the multiple account/personality route while observing password complexity... and oh yeah BRING THE TWO FACTOR AUTHENTICATION LAYER.

  25. #100
    Join Date
    Jul 2002
    Location
    London, United Kingdom
    Posts
    4,455
    Quote Originally Posted by EU Hosting Talk View Post
    Username is publically available anyway.
    Yes, but the email-address used might not be "public" as such (but now is)

    I can confirm at least 1 unique-to-wht-forum email (and not anything obvious) that I know of is in confirmed to be in the leaked data, just as a unique-to-linkedin email address is confirmed to be in the leak of their db too

    An official announcement from WHT/inet/Penton and a note to change pwds at the top of every forum page would be good !
    Rob Golding Astutium Ltd - UK based ICANN Accredited Domain Registrar - proud to accept BitCoins
    Buying Web Hosts and Domain Registrars Today @ hostacquisitions.co.uk
    UK Web Hosting | UK VPS | UK Dedicated Servers | ADSL/FTTC | Backup/DR | Cloud
    UK Colocation | Reseller Accounts | IPv6 Transit | Secondary MX | DNS | WHMCS Modules

Page 4 of 8 FirstFirst 1234567 ... LastLast

Similar Threads

  1. Very interested on the status of WHT hacked db restore, Any one else?
    By Manageandsupport_com in forum WHT Announcements, Feedback and Questions
    Replies: 16
    Last Post: 04-06-2009, 07:23 PM
  2. US and Canada Telephone Area Code DB for sale!
    By Douglas in forum Other Offers & Requests
    Replies: 2
    Last Post: 06-09-2006, 02:27 PM
  3. site + large DB for sale with some traffic + others
    By DNGeeks in forum Other Offers & Requests
    Replies: 7
    Last Post: 10-15-2004, 10:29 AM
  4. 30+ Domains for sale - Discounts for WHT users
    By deepensky90 in forum Other Offers & Requests
    Replies: 9
    Last Post: 05-26-2003, 08:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •