Jump to content

Hacked Site and Security


bholleran
 Share

Recommended Posts

Hi All,

Glad to see it is back, I appreciate it must have been a sod to get it sorted.

I have a couple of questions.

1. What happened? ( A bit of detail )

2. How were \ are our passwords stored on this site. i.e. were they encrypted or plain text. Basically could the people who hacked the site now have a list of password of the members.

I have changed mine elswhere just in case. But I would still like to know as there was a period between noticing that the site went down and changing the password.

Thanks

Barry

Link to comment
Share on other sites

The server was hacked.

The Information was 100% safe at all times.

It is good drills to change your passwords every now and then but I have been assuread that all passwords and address information was 100% safe behind our SSL

SW :D

Link to comment
Share on other sites

I would question that assurance Simon.

Not to raise alarm, but it did appear as though it was a root hack ie. They cracked through on a server level in order to replace not just your root page, but any served by the master apache server. Such things happen all the time, and only the lamest h4ck0rz actually affect a visible page as doing so exposes a nest they may use at their discretion. The fact that they chose to boost their net cred is a bonus as it allowed plugging the hole in short order. It also may suggest they had more interest in that then actually sifting data and mining passwords, which, while may be encrypted server side were very likely available to them had they had interest.

SSL does nothing when one comes in the back door. It is a transit level of encryption.

Good advice to rotate one's password following such an event.

I know I am since I just smacked them in their L33tn3ss with a virtual glove ;-)

edit:

My subscriptions

edit profile

to change your password

edit #2:

Glad it's back!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share



  • Upcoming Events

    No upcoming events found
×
×
  • Create New...