• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Receiving spam from anandtech smtp server?

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Perknose said:
I have nuked the Affiliate sub forum and removed all permissions from the account they were using.
Click to expand...

Perk, can you get the IP they posted with to permaban the IP?

In another thread (in OT), Quintox posted links to other forums where the site was posted.

The user doing that used an account named Retrospector at the first forum, and the third one he signed his post as ~ Retrospector ~.

Maybe that can help you track down the bastard (ban if he has an account here)

Quintox said:
http://forums.digitalpoint.com/showthread.php?t=1592769

http://www.v7n.com/forums/forum-lobby/157807-watch-movies-tv-shows-online-free.html



http://novatrading.net/content-4/183583-wts-online-tv-script-watch-any-channel.html
Click to expand...
 
Ken g6 said:
If it's any help, I notice that at least viewing single posts (showpost.php) is returning status code 500 (Internal Server Error), though the HTML is as normal. I wouldn't have noticed except that I'm working on a Greasemonkey script with AJAX.
Click to expand...
This is still happening. And it wasn't happening before the short "scheduled maintenance" message last night. Something tells me he may have penetrated deeper than you thought. 🙁
 
SunnyD said:
Disclaimer: IANAA(dmin)

Hate to say it, but consider this a FUCK YES. I'm not intentionally trying to set off a panic here, but if the admin accounts were hacked, and they were, you may as well consider all of your data here compromised, even if superficially it wasn't.
Click to expand...

While I agree that changing your passwords is a good thing to do after an incident like this, don't forget that your passwords are stored encrypted in the database so it's not like the hacker has the plaintext password of all users here just from gaining access to the database.

Does anyone know if vB uses MD5 or SHA1? Also, are the passwords salted before they are hashed?

What IS worrisome is that if they hacker rooted the server and dropped in code to skim logins before they hit the actual forum code, which you won't really know unless you format/reinstall the server or audit every single line of php on the server.

Although if the server did actually get rooted I wouldn't expect them to be still running(they wouldn't be if I managed them).
 
Crusty said:
While I agree that changing your passwords is a good thing to do after an incident like this, don't forget that your passwords are stored encrypted in the database so it's not like the hacker has the plaintext password of all users here just from gaining access to the database.

Does anyone know if vB uses MD5 or SHA1? Also, are the passwords salted before they are hashed?

What IS worrisome is that if they hacker rooted the server and dropped in code to skim logins before they hit the actual forum code, which you won't really know unless you format/reinstall the server or audit every single line of php on the server.

Although if the server did actually get rooted I wouldn't expect them to be still running(they wouldn't be if I managed them).
Click to expand...
vB is MD5 + salt.
 
have subscription updates been disabled because of this? i notice i am not getting them now for threads i have subscribed too
 
ivan2 said:
why is it someone suggesting to change pw...
Click to expand...

Because, if the database itself was compromised, then the previously stored MD5 is all they need to replicate access to an account. The salt is readily available in the vB code.

Changing your password changes the MD5 stored in the database.
 
Perknose said:
Folks, we were the victims of a serious forum breach early this morning, possibly from aliens
Click to expand...

Hey, I resemble that remark.

Hope nothing was permanently compromised or ripped off.

That really blows.

Dealing with a lot of spammers lately over my way too but so far none as brazen as this one was.
 
May as well change our passwords after this latest attack on AT. I think otherwise our accounts could be their next target.
 
SunnyD said:
Because, if the database itself was compromised, then the previously stored MD5 is all they need to replicate access to an account. The salt is readily available in the vB code.

Changing your password changes the MD5 stored in the database.
Click to expand...

that won't be easy on any reasonable pw, with salt or not. just don't want to fuel the panic.
 
ivan2 said:
that won't be easy on any reasonable pw, with salt or not. just don't want to fuel the panic.
Click to expand...

Let me fix that for you - it wouldn't be easy provided they have no access to the DB or web server. Given that it's already been compromised... The fact is if you have what's stored in the database, you don't need to decrypt anything. You use THAT as is to generate authentication.

Anyway, there shouldn't be any need to panic anyway. After all, you guys aren't realistically using the same password on some random internet forum as you are for, lets say... you BANK account, right?
 
SunnyD said:
Let me fix that for you - it wouldn't be easy provided they have no access to the DB or web server. Given that it's already been compromised... The fact is if you have what's stored in the database, you don't need to decrypt anything. You use THAT as is to generate authentication.

Anyway, there shouldn't be any need to panic anyway. After all, you guys aren't realistically using the same password on some random internet forum as you are for, lets say... you BANK account, right?
Click to expand...

😱😱😱😱
 
SunnyD said:
Anyway, there shouldn't be any need to panic anyway. After all, you guys aren't realistically using the same password on some random internet forum as you are for, lets say... you BANK account, right?
Click to expand...

No!... of course not! who would be so stupid. Certainly not me. <opens other window to change Citibank account info> 😀
 
Ken g6 said:
If it's any help, I notice that at least viewing single posts (showpost.php) is returning status code 500 (Internal Server Error), though the HTML is as normal. I wouldn't have noticed except that I'm working on a Greasemonkey script with AJAX.
Click to expand...

It's doing that now for me.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top