bholleran Posted December 14, 2010 Share Posted December 14, 2010 Hi All, Glad to see it is back, I appreciate it must have been a sod to get it sorted. I have a couple of questions. 1. What happened? ( A bit of detail ) 2. How were \ are our passwords stored on this site. i.e. were they encrypted or plain text. Basically could the people who hacked the site now have a list of password of the members. I have changed mine elswhere just in case. But I would still like to know as there was a period between noticing that the site went down and changing the password. Thanks Barry Quote Link to comment Share on other sites More sharing options...
aquatix Posted December 14, 2010 Share Posted December 14, 2010 Good point - I am also lazy with passwords and tend to choose something similar (easy to remember) for other websites as well. Did any personal details get stolen ? So what did the PMC do to upset Abania so much ??? Quote Link to comment Share on other sites More sharing options...
hammertime Posted December 14, 2010 Share Posted December 14, 2010 Agreed,...some detail would be appreciated. Quote Link to comment Share on other sites More sharing options...
Guest Posted December 14, 2010 Share Posted December 14, 2010 The server was hacked. The Information was 100% safe at all times. It is good drills to change your passwords every now and then but I have been assuread that all passwords and address information was 100% safe behind our SSL SW Quote Link to comment Share on other sites More sharing options...
t_andrews Posted December 14, 2010 Share Posted December 14, 2010 I would question that assurance Simon. Not to raise alarm, but it did appear as though it was a root hack ie. They cracked through on a server level in order to replace not just your root page, but any served by the master apache server. Such things happen all the time, and only the lamest h4ck0rz actually affect a visible page as doing so exposes a nest they may use at their discretion. The fact that they chose to boost their net cred is a bonus as it allowed plugging the hole in short order. It also may suggest they had more interest in that then actually sifting data and mining passwords, which, while may be encrypted server side were very likely available to them had they had interest. SSL does nothing when one comes in the back door. It is a transit level of encryption. Good advice to rotate one's password following such an event. I know I am since I just smacked them in their L33tn3ss with a virtual glove edit: My subscriptions edit profile to change your password edit #2: Glad it's back! Quote Link to comment Share on other sites More sharing options...
Yogi_9 Posted December 15, 2010 Share Posted December 15, 2010 WOW thats me lost whats a SSL ? must be like my Labrador, he also does nothing when some one comes in the back door. going to have another beer and check my back door Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.