We have been hacked!

[Samantha (Navitron)]

not a lot we can do until the sever people are contacted - presumably in the morning............

[Other-Power]

how about pulling the plug till then..... is that even an option, DOS attach anyone please?

[martin]

lawks! I was off on another forum, and came back to find a bit of a mess............ sadly I have no access to the server, database or major config files, but have just done a bit of "reverse hacking" of my own........ let's hope it holds until the morning  

[fje-iptelenet]

Hi Martin,
Just responded to your "personal message" - didn't realise you are involved in Balkan politics!

[insolare]

Kosovans? There's plenty of them here in Chatham without being hassled by them on the Navitron forum as well. 

Talking of Kosovo... brings back memories.... if you ever visit Pristina you must go to Tiffany's restaurant. Fantastic food and a great atmosphere.

[StBarnabas]

Ah
checked last thing yesterday and got this from Kosovo on my laptop which I immediately switched off. Bu**er will have to look  at my anti-virus software and try to disinfect! Bit of a relief that it is Navitron and not my machine.... 

[insolare]

Did the hackers do much damage? It all went to text mode briefly last night but it all seems ok now. Have our email addresses or passwords been compromised?

[martin]

To be frank, at this point I just don't know what damage has been done - sadly I don't have access to the server files, database or the config files - if Ivan's been spotted then I would expect he's now getting in touch with the server people. I'm hoping and suspect that it was a fairly amateurish hack - some years ago I had several sites on a chunk of webspace that was comprehensively hacked by the same lot of fundamentalist moslems that went for the "cartoon" sites (I'd upset a local crook who's daughter was married to one........) and spent a very long time trying to keep them up and running, and learnt a few tricks on how to "unhack" by trial and error............
I had to change my own password to get back in, I'm hoping it was just the "admins" who were affected, from the responses I've been getting, they got in and fired off a "mass mailing" to members, did a bit of peurile grafitti and then scarpered (thankfully leaving lots of doors open, through which I was able to creep back in...........) - as I said, amateurs!

[breezy]

The PM that I received didn't have a payload, and wasn't picked up by my spam filtering.

Stating the obvious - don't click on the link in that PM!

Might be a good idea to change your passwords.

[MR GUS]

Martin, get interpol involved on the basis that bad hackers practise.
it's potentially disruptive to a business, so surely they should respond in terms of tracking the tiny penised donkey shaggers?

(edit, sweary mary filter totally let that one go unedited)

[jmp101]

It would be useful to know how well the password file is protected. Is  the data encrypted for instance?

Many people use common passwords across sites, and as emails are also stored it provide a good starting point for hackers to test email provider passwords.

I work in IT security. In my experience most forum software is very easily hacked.

John

[Ally]

I've had it too!!!!!!!!!!!!

[martin]

I originally chose SMF because of it's superior features (including security) - here's a piece about password security "SMF encrypts what you enter into the password field before it gets sent to the server, and there is an encrypted version in the database"

[MR GUS]

So what's the general concensus? are we required to change password info on this forum?
Martin , Mods & navi-bods please update as soon as you know the full extent.

cheers.

NB. Yes, I had the illicit pm too.
Don't clicky the link!

[martin]

Never a bad idea to change/update your passwords, everyone who needs to know has now been fully informed, as we speak there should be teams getting covered in database grease from Bangalore to Minneapolis and back again!
Nothing is suggesting that it was anything more than a "random hack", probably by some bored 11 year olds in Wigan who've got hold of a hacking book - it was crude and amateurish, and apart from a few "you've been hacked" messages, some grafitti, and locking the admins out, it appears not to be "serious"...........