herme3 Posted November 11, 2006 Posted November 11, 2006 I do not want to accuse anybody of doing anything wrong, but I'm getting the impression that somebody here is up to no good. I'm hoping that one of the honest moderators of SFN will see this thread and help figure out what is really going on. Somebody has been trying to hack into my forum today. He or she was rapidly making password reset requests for my administrator account. I received over 20 notifications of these requests in my e-mail. Here is a screenshot of my inbox: At the same time, that person was attempting to login the forum using my username and different passwords. Somebody was obviously really trying to break into my forum's administrator account. That person's IP address was recorded in my forum's error log. It shows that the person is from the UK. Therefore, I am almost positive that this person is a member of SFN. I have done some advertising on other web sites, but my traffic stats show that almost all of those visitors are from the USA. The only UK visitors I see were from SFN. I wasn't too concerned about this at first. I just made a warning post about it in my own forum. However, then the thread on SFN about my forum disappeared without any notice. When there is a legitimate reason to close a thread, a moderator usually just locks it. If it has to be deleted because of inappropriate conduct, a private message is usually sent to the members involved in the thread. However, that thread seems to have disappeared without a trace. If an honest moderator did delete that thread for a good reason, then I apologize for bringing up this issue. However, I wonder if the moderator who deleted my thread could be the same person who has been trying to hack into my forum. I have been a member of SFN for a long time, and I know that most of the moderators are good people. If one of the moderators is abusing his or her power, I'm sure the others would want to know about it. I would also like to know why somebody is trying to attack my forum. I thought about posting the attacker's IP address in this thread, but I'm not sure if that would be the right thing to do. If an honest moderator wants to help me, please PM me and I will send the moderator the IP address. I hope we can figure out what is going on here.
Dak Posted November 11, 2006 Posted November 11, 2006 i doubt it was one of the mods. and don't post the ip up, if it was a competent hack attempt then it was probably just an innocent person who's computer was hacked. make sure your atheistcrusade password is strong, and make sure it's not the same as your sfn or email password, otherwize if they break your forum's password they'll also have your sfn pass, and email addy/password.
YT2095 Posted November 11, 2006 Posted November 11, 2006 well it`s not going to be a Moderator or Admin is it, since we all know that these types of things are logged (incl the IP), that`s how we find out peoples Double accounts when they try to evade a Ban etc... And it was Me that removed the Thread, because it was getting out of hand. so that`s Part of your "mystery" solved
bluesmudge Posted November 11, 2006 Posted November 11, 2006 perhaps a forum with such a provocative name is just asking for problems!?
Cap'n Refsmmat Posted November 11, 2006 Posted November 11, 2006 If you have the IP address handy, please private message it to me. I can find out if it was a member of staff, a member of SFN at all, or some random person.
YT2095 Posted November 11, 2006 Posted November 11, 2006 or just post it here, either`s good it`s hardly going to be Staff, we know how these things work, in fact I`de be surprised if it was Anyone from SFN at all! perhaps it was one of those Ghosts like Orbs LOL
Dak Posted November 11, 2006 Posted November 11, 2006 ^ again, it's my understanding that competent hackers use compromised machines to relay information to and from their computer and the target computer. if thats the case, then the ip herme has will just be the last computer in the chain -- an innocent person who's machine was hacked. wouldn't putting his ip address up in this thread be tantamount to saying 'hey, heres someone who's computer is probably easy to hack, and if you want to, his ip is blah.blah.blah.blah'?
Cap'n Refsmmat Posted November 11, 2006 Posted November 11, 2006 I doubt a competent hacker would spend the time to build up a chain of proxies to attack a 10-day-old forum.
Severian Posted November 11, 2006 Posted November 11, 2006 If you have the IP address handy, please private message it to me. I can find out if it was a member of staff, a member of SFN at all, or some random person. I think that is abuse of your admin status. Nevermind whether or not it is public information, or part of whatever agreement we clicked yes to when signing up, it is wrong to pass information about SFN users' IP addresses to a third party. And before you get personal, not it was not me....
Cap'n Refsmmat Posted November 11, 2006 Posted November 11, 2006 I did not say I was going to tell him if I discovered who it was (that would depend on what I could do about it), nor did I say I would send the IP information of SFN users to him. I can make the IP address search here on SFN without sending any data to anybody else.
Severian Posted November 11, 2006 Posted November 11, 2006 I can make the IP address search here on SFN without sending any data to anybody else. If you are not going to take any action, then it is a pretty pointless exercise, isn't it? Section 9 of the Official Forum policy says: No information will be released or sold to any third party by forum administrators.
Cap'n Refsmmat Posted November 11, 2006 Posted November 11, 2006 The only action I could take was if I determined, as herme3 suspected, that it was a staff member here. I can't exactly ban someone else here for an offense on another website, but we may not particularly want to keep a staff member if they are doing something like that. However, it would not be my decision, so I can't really speculate on that. Also, Section 9 is irrelevant, because I wouldn't be sending data to anybody. herme3 is not going to get a list of several thousand IP addresses to look through. I will look at the address he gives me, determine if it's someone here, and then determine the appropriate course of action from that point. The only people who would know who the person I found was would be the other staff members.
Bettina Posted November 11, 2006 Posted November 11, 2006 Herme3 Hope you find that troublemaker thats messing up your forum. Search around your site and see if there is anyone who sounds nervous about IP investigations. That jerk would most likely be guilty. Good Luck Bettina
Severian Posted November 11, 2006 Posted November 11, 2006 Hey Bettina, good to see you back. I thought we had frightened you away!
Cap'n Refsmmat Posted November 11, 2006 Posted November 11, 2006 Yes, I have the IP address now, and it does not appear to be anybody from this forum.
bluesmudge Posted November 11, 2006 Posted November 11, 2006 hmmm personnally i agree with everyone else - but glad to know its no one around here
herme3 Posted November 11, 2006 Author Posted November 11, 2006 make sure your atheistcrusade password is strong, and make sure it's not the same as your sfn or email password, otherwize if they break your forum's password they'll also have your sfn pass, and email addy/password. There didn't seem to be any unusual activity in the admin pages, so I don't think the person was successful and hacking in. Do you think they could possibly get my password? I know that all passwords are encrypted before being placed in the forum's MySQL database. And it was Me that removed the Thread, because it was getting out of hand. so that`s Part of your "mystery" solved I'm glad to hear this. My main concern was that one of the SFN moderators was against my forum, so he or she decided to delete the thread and attempt to hack into the forum. YT certaintly does not seem like the type of person who would harm another web site, so it does not appear that any of the mods are abusing their power. perhaps a forum with such a provocative name is just asking for problems!? Yes, I would expect occasional problems from people who protest the forum. That's why I backup the forum's database regularly. In most cases, I would simply ignore a hacking attempt like this or just post a warning in my forum. My greatest concern was that a SFN mod was abusing his or her power. If that was true, I thought it would be something that the other mods should know about. perhaps it was one of those Ghosts like Orbs LOL... Hope you find that troublemaker thats messing up your forum. Search around your site and see if there is anyone who sounds nervous about IP investigations. That jerk would most likely be guilty. I already checked, and it doesn't appear to be a registered member of my forum. Yes, I have the IP address now, and it does not appear to be anybody from this forum. Thanks Cap'n, that's good to know. I still wonder where this person came from. None of the search engines appear to have indexed the site yet, so it must have been somebody who saw a banner ad for my site.
Cap'n Refsmmat Posted November 11, 2006 Posted November 11, 2006 There didn't seem to be any unusual activity in the admin pages, so I don't think the person was successful and hacking in. Do you think they could possibly get my password? I know that all passwords are encrypted before being placed in the forum's MySQL database. If your password is easy to guess, it doesn't matter if the passwords are encrypted. Just make sure it's something complex enough that nobody can just guess it.
herme3 Posted November 11, 2006 Author Posted November 11, 2006 If your password is easy to guess, it doesn't matter if the passwords are encrypted. Just make sure it's something complex enough that nobody can just guess it. I do make my passwords complex. I usually combine letters and numbers, and I sometimes forget my passwords. I'm more concerned about somebody breaking into my database and taking the passwords from there. They are all encrypted, so I only see a long string like "b1c1539fc19d323df2af1935c595fb71". Of course, that isn't an actual encrypted password, it's just an example of what one looks like. Do you think the encrypted passwords are secure?
bluesmudge Posted November 11, 2006 Posted November 11, 2006 they're only as good as the encryption algorithm
YT2095 Posted November 11, 2006 Posted November 11, 2006 Herme3: was there any damage done? what was the damage? have you changed your passy since? it`s still a little vague as to whether anyone actualy got IN or not? as people here have said, make sure your passy is good, lots of leters and numbers mixed, and Nothing related to you or family in any way (that includes car Reg plates!).
Dak Posted November 11, 2006 Posted November 11, 2006 There didn't seem to be any unusual activity in the admin pages, so I don't think the person was successful and hacking in. Do you think they could possibly get my password? I know that all passwords are encrypted before being placed in the forum's MySQL database. i am not a hacker of either definition, so i have no idea. i do know, however, that it's quite obvious, if they guess your pw and can access your admin pannel, that they will be able to see your email addy. the next logical step would be to try to access your SFN and/or email account using your athiestcrusades password, in case you are silly enough to use the same pw for both. it'd be a free hack. hence my advice. if your sfn/ac/email passwords are all the same, change them your ac one probably wants to be something like adsdf0978a34hlk098. ie, completely random.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now