Page 2 of 22 FirstFirst 1234512 ... LastLast
Results 26 to 50 of 537
  1. #26
    Join Date
    May 2006
    Location
    Iowa
    Posts
    2,613
    Quote Originally Posted by ShaunH View Post
    No need to shout friend

    I'm just guessing here but any hacker worth their salt probably at a minimum uses a chain of proxy addresses so they can't be tracked and I'm other methods.

    The real question is how the heck did they get in?

    Thats where the real question lies.
    I agree with you.
    Last edited by KarlZimmer; 10-14-2008 at 06:59 PM. Reason: Mis-spelling
      0 Not allowed!

  2. #27
    Join Date
    Sep 2008
    Posts
    191
    Quote Originally Posted by MikeDVB View Post
    What has been done, is done - and hopefully it will be a learning experience.
    The thing is, this isn't the first time that WHT has been compromised. Remember them having C99 on their site?

    Having one back up server is a pretty big mistake. Figured that having their one and only backup server going offline at the same time was a bit strange.
      0 Not allowed!

  3. #28
    Join Date
    Apr 2004
    Location
    SF Bay Area
    Posts
    879
    Quote Originally Posted by kazila View Post
    There's really no reason to make a huge issue out of this. Simply change your password(s) and move on.
    Password compromise is unfortunately commonplace. I've had my ATM card replaced twice in a year's time because their database was compromised.

    The bigger issue, of course, is the massive data loss that has apparently occurred and the fact that a sophisticated hacker could take out a million-dollar business.

    I think WHT will be able to pick up the pieces but their credibility is definitely taking a huge hit from this - in my estimate anyway. This kind of thing can shutter a business quite easily. If they can get their data back - great - but if they find they just have to roll back 7 months - we're all going to be scratching our heads and wondering if this is the best place to do business. Well, maybe I'll be the only one, but I doubt it.

    WHT/iNET will take away a lot of tough lessons from this issue I'm sure. I can't imagine the post-mortem will be pretty at all.

    In any case thanks for the updates.
      0 Not allowed!

  4. #29
    Join Date
    Apr 2004
    Location
    Singapore
    Posts
    1,522
    I guess the backup should be locked out of public access and via private VPN to access it. I guess RackSpace can arrange this ? =)

    Well, thanks for the hard work to bring this back online.
    tanfwc
      0 Not allowed!

  5. #30
    Join Date
    Apr 2008
    Location
    Bury St Edmunds
    Posts
    160
    Great this is the second time a major forum ive been on has been hacked and user tables distributed e.g recent phpbb.com hack fiasco

    As for the loss of data im not bothered too much regarding the number of posts ive made - while i do think this does provide 'rep' on forums like this im more annoyed over the actual content lost, wht is like a web hosting encyclopaedia and alot of people effort has just been wasted building up this knowledge bank.

    As for the backup situation inet and rackspace should be ashamed of themselves really only having one on site backup server. WHT preaches about having backup procedures but yet it has a crap one of that and rackspace are supposed to be managed specialist why didnt they recommend more than one server or a off site server, would have been a easy $$$ for them knowing Inet can obviously afford it

    Hopefully the advertisers will be credited for the downtime, funny thing is i discovered the downtime by coming hereto buy premium membership but now im not too sure i want it now,knowing that some retard has all my user details

    ---Edit---
    Just read some post while making mine regarding the pm tables compromised? if so that is unforgivable the amount of sensitive data stored there isnt worth thinnking about
    Last edited by racked_solutions; 03-23-2009 at 01:34 PM.
      0 Not allowed!

  6. #31
    Join Date
    Jun 2008
    Posts
    39
    I'm just glad you're back. Happily, I use gmail for all forums etc. so the spam doesn't matter. I'd never sign up to a forum with one of my domains' addresses.
      0 Not allowed!

  7. #32
    Join Date
    May 2003
    Location
    Texas
    Posts
    154
    Whats going on with those of us that have become premium after this backup?
    DDoS Protected Chicago and New York Virtual Private Servers with INSTANT setup!
    RAID-10 OpenVZ Virtual Private Servers with hundreds of OS templates!
    CometVPS.com - We're all about customer experience. Try us!
      0 Not allowed!

  8. #33
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    I've seen the files too, and the password hashes.

    vBulletin uses a sophisticated hashing algorithm, it uses md5 to hash the passwords once, then adds a salt next to it, and hashes again.

    Although the stolen info has these hashes, it is absolutely impossible to recover your passwords from these hashes. I haven't changed my password (really) and I see no reason to do so.

    However, the stolen table makes your passwords vulnerable to dictionary attacks. If your password is a dictionary word (one word) or a simple series of numbers (like 654321), then your passwords are somewhat vulnerable.

    Still, the salting mechanism in vBulletin adds 2^18 = 262144 times more difficulty to a general dictionary based attack, so the chances of your passwords being revealed is extremely low.

    For example, the stolen info about MY account is this:
    Password: 3248b2676776395e4336b32b862f1301 Salt: "%M

    My password is a complex one (with numbers, capitals and punctuations), it is first hashed to some large string, then the salt added, then hashed again.

    I have no worry revealing my stolen password details here, if any have the stolen data, you can easily publicly verify that the information I posted here is true. I can post my own details here because there is no way a hacker can break it with the current amount of technology he might possibly have (even a cluster of PS3s).

    However as I said, dictionary words have a higher chance of being cracked, but this possibility always exists with weak passwords, stolen or not.

    As for the email addresses, yes they are revealed too, but I already get a lot of spam everyday and I don't think I'll be effected too much

    And as for the recent posts and information, I share your concerns and I hope some data recovery company can recover the data in the corrupted servers.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!
      0 Not allowed!

  9. #34
    Join Date
    May 2008
    Location
    Indore, India
    Posts
    1,723
    Well, I've lost my Premium Membership, posts & changed username
      0 Not allowed!

  10. #35
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,103
    I do not know vbulletin that well, but my guess is that only way to get passwords is to test them against some dictionary / common password list and then compare hashes to hashes stored in the database. In short, if you think your password might appear on such list at this moment someone already knows what it is and they have your email address too, so if you used the same password for anything else, it is time to start panicking.

    <edit>Ok, I was right, but too late it seems </edit>
      0 Not allowed!

  11. #36
    Join Date
    Oct 2002
    Posts
    13,624
    Quote Originally Posted by ShaunH
    I'm just guessing here, but any hacker worth their salt probably at a minimum uses a chain of proxy addresses so they can't be tracked.
    Yes well you go thru EVERY IP YOU GET and continue until you get his.. (It can be done)





    Tinyurl is the answer for posting long urls!!!
      0 Not allowed!

  12. #37
    Join Date
    Sep 2008
    Posts
    191
    Quote Originally Posted by The Dude View Post
    Yes well you go thru EVERY IP YOU GET and continue until you get his.. (It can be done)




    Good luck with that even if they do log them.
      0 Not allowed!

  13. #38
    Join Date
    Feb 2007
    Location
    Isle Of Anglesey, UK
    Posts
    1,468
    Quote Originally Posted by The Dude View Post
    What action??
    I meant they can try to find out how they did it, close the vulnerability, and possibly take other measures.

    Oh, and try to find the lame/useless/layabout/scum* who did this.

    *Choose the most apropriate.

    FOOTNOTE:

    I would definetly change your password as a precaution, and if you use the same password elsewhere change that as well.

    Better safe than sorry
      0 Not allowed!

  14. #39
    Join Date
    May 2006
    Location
    Iowa
    Posts
    2,613
    Quote Originally Posted by Harzem View Post
    I've seen the files too, and the password hashes.

    vBulletin uses a sophisticated hashing algorithm, it uses md5 to hash the passwords once, then adds a salt next to it, and hashes again.

    Although the stolen info has these hashes, it is absolutely impossible to recover your passwords from these hashes. I haven't changed my password (really) and I see no reason to do so.

    However, the stolen table makes your passwords vulnerable to dictionary attacks. If your password is a dictionary word (one word) or a simple series of numbers (like 654321), then your passwords are somewhat vulnerable.

    Still, the salting mechanism in vBulletin adds 2^18 = 262144 times more difficulty to a general dictionary based attack, so the chances of your passwords being revealed is extremely low.

    For example, the stolen info about MY account is this:
    Password: 3248b2676776395e4336b32b862f1301 Salt: "%M

    My password is a complex one (with numbers, capitals and punctuations), it is first hashed to some large string, then the salt added, then hashed again.

    I have no worry revealing my stolen password details here, if any have the stolen data, you can easily publicly verify that the information I posted here is true. I can post my own details here because there is no way a hacker can break it with the current amount of technology he might possibly have (even a cluster of PS3s).

    However as I said, dictionary words have a higher chance of being cracked, but this possibility always exists with weak passwords, stolen or not.

    As for the email addresses, yes they are revealed too, but I already get a lot of spam everyday and I don't think I'll be effected too much

    And as for the recent posts and information, I share your concerns and I hope some data recovery company can recover the data in the corrupted servers.

    I used a random password generator.
      0 Not allowed!

  15. #40
    So, the last offsite backup was made in October 2008?
      0 Not allowed!

  16. #41
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410
    Its really sad. WHT is a great place, it should have more security and hope things should be up fast.

    I lost around 130 posts and my premium membership.
      0 Not allowed!

  17. #42
    Join Date
    Jan 2005
    Location
    Croatia
    Posts
    142
    With a forum this size, and considering it's primary purpose is web hosting talk (dun dun) I would have thought the people in charge would keep at least a monthly offsite offnetwork backup of everything.

    If that's not the case, then I hope you start doing this now. A backup server is fine for daily backups etc, but having your files secured where no one can reach them every once in a while is essential for anything of importance you put online.
    I am a leaf on the wind. Watch how I soar.
      0 Not allowed!

  18. #43
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by LinuxStandard View Post
    So, the last offsite backup was made in October 2008?
    No apparently the backups where deleted.
      0 Not allowed!

  19. #44
    Join Date
    Jan 2006
    Location
    Ontario, Canada
    Posts
    324
    Quote Originally Posted by The Dude View Post
    Yes well you go thru EVERY IP YOU GET and continue until you get his.. (It can be done)
    Ok, so you are an english speaking administrator and your server has been compromised.

    Now you have to:

    - Contact the first bounced IP's ISP in Japan (have fun)
    - They say the connection came from an ISP in Africa (have fun)
    - Well that connection came from Israel (have fun)
    - Well that came from Germany..you get the idea...

    and this can go on for as many IPs as he bounced through. Have fun dealing with those ISPs that are in jurisdictions that do not care about north american law.
    Last edited by MaxiSNK; 10-14-2008 at 07:24 PM.
    Shared Hosting / Reseller Hosting / Email Hosting
    Dedicated Servers / Unmetered Servers / Linux & Windows VPS
    DME Hosting, LLC [http://www.dmehosting.com]
      0 Not allowed!

  20. #45
    Quote Originally Posted by ShaunH View Post
    No apparently the backups where deleted.
    Sorry. Perhaps wasn't clear.

    The last "backup of backup" was made on October 14 2008.
      0 Not allowed!

  21. #46
    Join Date
    Jan 2006
    Location
    Ontario, Canada
    Posts
    324
    Also to people calling someone who pulled off a hack like this a person with "no life" is absolutely retarded.

    If the guy can take down a huge site and/or buisness, what makes you think that a huge buisness would not employ him for a good salary to handle security? They are obviously (and moreso) up to date on the latest security flaws and strategies, and also have access to exploits distributed amongst the underworld.

    Most of the "top hackers" dont go to jail, they get good jobs instead.
    Shared Hosting / Reseller Hosting / Email Hosting
    Dedicated Servers / Unmetered Servers / Linux & Windows VPS
    DME Hosting, LLC [http://www.dmehosting.com]
      0 Not allowed!

  22. #47
    I'd really like to know about the PM issue.

    Have our private messages been compromised? There's a lot of sensitive data there....
      0 Not allowed!

  23. #48
    Join Date
    Feb 2005
    Location
    India
    Posts
    922
    I am wondering.. does this mean all those who had signup recently have lost their accounts as well? Just a bit curious..

    Atleast we are lucky to have our usernames and few posts saved.. Think about those who lost their accounts!
    Vision Helpdesk : Customer Support Helpdesk Software
    ThinkSupport Solutions™ - ThinkSupport.com

    Thinking of Support Solutions ... Think About US .....!!!
    Skype : vision.helpdesk | Email : sales@visionhelpdesk.com
      0 Not allowed!

  24. #49
    Join Date
    Jul 2008
    Posts
    972
    Quote Originally Posted by TheHostHouse View Post
    I'd really like to know about the PM issue.

    Have our private messages been compromised? There's a lot of sensitive data there....
    user table was taken, nobody knows if the posts/pm etc db was touched, there could be a dump somewhere.
      0 Not allowed!

  25. #50
    Quote Originally Posted by TheHostHouse View Post
    I'd really like to know about the PM issue.

    Have our private messages been compromised? There's a lot of sensitive data there....
    Unless the guy is too good not to poke in there, they're NOT safe.
      0 Not allowed!

Page 2 of 22 FirstFirst 1234512 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •