The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Major Forum Hack

Page 1 of 4 1, 2, 3, 4  Next

View previous topic View next topic Go down

Solved Major Forum Hack

Post by Gasol_The_Great on September 30th 2010, 9:11 pm

Today, a forum of which I was staff on was hacked. It started yesterday when my account (a packager's account) was hacked and used to delete all of the content in a forum.

And today, a moderator and possibly an Administrator's accounts were hacked leading to the deletion of ALL content.

This was BY FAR a small forum. Over 500 members considered it home, and they had posted a combined total of over 50,000 posts all of which are now gone.

http://www.advertisehotspot.com/forum.htm

Im sorry Forumotion, but your security is unacceptable. Anyone can hack forumotion forums at any time. It is honestly terrible. You need to pick up the slack. Seriously.

~Gasol

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on September 30th 2010, 9:14 pm

As was mentioned by the admin of your forum, your account password was guessed. There is nothing we can do to avoid from someone guessing your password.

Since now most of the posts etc are gone, wait for your admin to login into the utilities & do a backup & restore your forum.

Also, here is the thing about hacking. There is no foolproof site, if someone wants to hack they can do it no matter what.


Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on September 30th 2010, 9:17 pm

While that may be true that no site is foolproof, there are forum hosts that are much more proactive when it comes to protecting their users from hackers than Forumotion.

I was using a 12 character password that included numbers. It is by far an "easy hack". Not to mention that now one of our moderators, and one of our administrators accounts were hacked.

It was ridiculously easy for this hacker to take control.

There was obviously some sort of process or software that was used in this instance.


Last edited by Gasol_The_Great on September 30th 2010, 9:20 pm; edited 1 time in total

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on September 30th 2010, 9:20 pm

Well, i understand your frustration But its easy to blame a host. Because, thats whom you can remove your anger on.

I suggest you to just wait until your founder retrieves & backsup the data. So please calm down, its not helping.

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on September 30th 2010, 9:21 pm

Well, that is also assuming his account does not get hacked...

Not to mention that our founder is semi-inactive now due to personal reasons.

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by micro1000 on September 30th 2010, 9:23 pm

Ok if the founder retrieves all again, it doesnt stops the hacker to do it again.


micro1000
Forumember

Male Posts : 145
Reputation : 0
Language : English

http://www.techbots.co.cc

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on September 30th 2010, 9:24 pm

Even if his account is hacked, he can retrieve the password to his original founder account.

I think you are talking about joel aka identityproof, he is active IMO.

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by micro1000 on September 30th 2010, 9:26 pm

Yes it is Joel, you could give the database so we could move to another host.

micro1000
Forumember

Male Posts : 145
Reputation : 0
Language : English

http://www.techbots.co.cc

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on September 30th 2010, 9:26 pm

Oh no, I meant just recently he announced that he can not be as active now. He may not return for a few days...

I know I may seem very upset and I apologize if I am overreacting, but it is very difficult seeing a forum being taken over by a hacker...

Is there any way Forumotion could investigate this? Possibly trace the hackers location?

EDIT: Yes, I agree with micro. I think moving to another host would be a good option.

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on September 30th 2010, 9:29 pm

You know forumotion policies micro1000, we do not give databases.

Joel will return, he comes online just for a while. He made a post today in the morning. Just wait it out & do not panic.

Leave messages on facebook or messenger to Joel informing him of the happenings on the forum.

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by micro1000 on September 30th 2010, 9:31 pm

I know it seems off topic but how did forumansion moved to mybb?

micro1000
Forumember

Male Posts : 145
Reputation : 0
Language : English

http://www.techbots.co.cc

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on September 30th 2010, 9:32 pm

There was some converter or something on the official phpbb site, i think they used it or something.

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on September 30th 2010, 9:32 pm

The only thing I have been able to find out about the hacker so far is that (Im pretty sure) he is in the UK. If only we could get an IP address...

And the "we do not transfer databases" policy is another reason Forumotion is far from an acceptable provider. That is a terrible policy. At the very least, they could offer to sell the data to the forum owner.

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by skillboy on September 30th 2010, 10:09 pm

Or at least look over the data to see the hacker's I.P.

I'm working at these forums too and we have all come down to not being because of the password because our admin was hacked too, he's smart with passwords.

At least get typlo to ban this I.P. because it might give us a chance to recover

skillboy
Forumember

Posts : 119
Reputation : 0
Language : farsi

Back to top Go down

Solved Re: Major Forum Hack

Post by Adam360 on September 30th 2010, 10:21 pm

@Gasol_The_Great wrote:The only thing I have been able to find out about the hacker so far is that (Im pretty sure) he is in the UK. If only we could get an IP address...

And the "we do not transfer databases" policy is another reason Forumotion is far from an acceptable provider. That is a terrible policy. At the very least, they could offer to sell the data to the forum owner.

Okay, so what your saying is that if Joel gets hacked, then the hacker will have access to the forum database?

Not so good when you think about it...

Its Forumotions Policy for a reason!

Adam360
Forumember

Male Posts : 866
Reputation : 11
Language : English
Location : England

http://GameBase.betaboard.net

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on October 1st 2010, 5:26 am

@skillboy wrote:Or at least look over the data to see the hacker's I.P.

I'm working at these forums too and we have all come down to not being because of the password because our admin was hacked too, he's smart with passwords.

At least get typlo to ban this I.P. because it might give us a chance to recover

Do you really think a hacker is a noob who cannot use a proxy. Hacking is just not simple. Only if we commit a mistake & get fooled, only then will someone get access to our data. Remember that.
If we don't click links etc, we are safe.

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on October 1st 2010, 6:03 am

Sanket, I know you are obligated to defend the policies/actions by Forumotion as you are employed by them, but coming from a regular user's perspective, their security is honestly is sub par. Although this may be just an opinion in the eyes of some, I believe almost every forumotion user has had a forum of theirs hacked at some point in time.

It is basically common knowledge that Forumotion based sites are easier for hackers to deface than website's hosted by other servers.

I am certainly not the only one who feels this way. I definitely think Forumotion could take further steps to prevent hacking.

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by identityproof on October 1st 2010, 6:06 am

Yes Gasol. Hacking isn't possible on Forumotion forums. If you read http://help.forumotion.com/frequently-asked-questions-f5/my-forum-was-hacked-t75418.htm ,

A lot of people think that being hacked is when someone threatens their forum or spams the forum. Being hacked means they destroy your forum and/or change it to whatever they want. I would just like to let you guys know that this isn't possible on ForuMotion forums. People say they will break into your forum all the time, but they can't do that unless they know the admin password.

The so called hacker, only managed to figure out 3 staff members passwords. He obviously set a trap to log their passwords.

identityproof
Forumember

Posts : 506
Reputation : 1
Language : english

http://advertisehotspot.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on October 1st 2010, 6:10 am

Hmm, he must be using some kind of software...

Is there any way that would show up in the Database?

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on October 1st 2010, 6:12 am

Gaosl_The_Great, lets make things clear. Firstly i am a volunteer here. Being a volunteer, doesn't mean i endorse forumotion. I will never defend forumotion if they are wrong. People who know me better on this forum, know it.

Yes, i am not denying if someone has not been ever hacked on forumotion. But, that does not mean its security is poor. A hacker cannot do anything to your forum, until you make a mistake remember that.

Also its obvious, once you get hacked you easily blame the host & want to move. There is nothing wrong with it, human behavior once you lose trust its difficult to gain it back. Lets keep it simple then, this thread is not going anywhere with this discussion.

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by identityproof on October 1st 2010, 6:14 am

Yea, back on topic please.

identityproof
Forumember

Posts : 506
Reputation : 1
Language : english

http://advertisehotspot.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on October 1st 2010, 6:16 am

Alright, well what is the next step for AH? Is there any way to secure it before reopening?

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by identityproof on October 1st 2010, 6:16 am


identityproof
Forumember

Posts : 506
Reputation : 1
Language : english

http://advertisehotspot.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on October 1st 2010, 6:21 am

Ok, thanks Joel. I have not had many instances where Ive been directly involved in a "hack".

So just checking, what is considered a safe password length? The one I was using was 14 characters long, and it even implicated various numbers. I am 100% certain nobody could have guessed it. Yet my account was still hacked?

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on October 1st 2010, 6:25 am

How do you know that your account was hacked?

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Gasol_The_Great on October 1st 2010, 6:28 am

Because it was my account that used to remove all the content in the Packages section. It was then banned to stop the hacker, and then unbanned later...

Then the next day (today) was when one of our Moderators and one of our Administrators had their accounts hacked.

There is no way they could have known my password though (and Im certain they couldnt have known both the other's passwords either)... Could they be using some sort of program to disable passwords or something?

Gasol_The_Great
Forumember

Posts : 92
Reputation : 0
Language : English

Back to top Go down

Solved Re: Major Forum Hack

Post by identityproof on October 1st 2010, 6:30 am

Yes, we suspect (obviously so) that Gasol's account was hacked. But after that incident, causing us to lost over 3000 posts in the package section, another attack came in, which made us lose over 50,000 posts. This was done by hacking in to 2 other staff member accounts. A administrator + moderator.

So in total, 3 staff member's accounts were hacked into. Maybe they fell into a trap?

identityproof
Forumember

Posts : 506
Reputation : 1
Language : english

http://advertisehotspot.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Sanket on October 1st 2010, 6:31 am

So you were not able to login into your account when content was removed in the packages section?

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Solved Re: Major Forum Hack

Post by identityproof on October 1st 2010, 6:32 am

That's for Gasol to answer. And when the attack came (2 of em), i wasn't online then.

identityproof
Forumember

Posts : 506
Reputation : 1
Language : english

http://advertisehotspot.com

Back to top Go down

Solved Re: Major Forum Hack

Post by Reverse Simplicity on October 1st 2010, 6:35 am

Any password in the world can be guessed given enough time.

Depends how much they REALLY wanted to get in.

Reverse Simplicity
Forumember

Male Posts : 140
Reputation : 10
Language : English

http://ychat.realityboard.net/

Back to top Go down

Page 1 of 4 1, 2, 3, 4  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum