Jump to content
Andy Y

Spam email following site hack

Recommended Posts

The 'last post read' is not working either at the moment. I can live with that, just glad to see RMweb back.

Share this post


Link to post
Share on other sites
 

Thanks for those; I'll investigate.

 

Basically a new version of the software, in vanilla form, was installed which got things back operational. There are some differences in the new software and also additional modifications that had been built in may need re-configuration or re-writing to restore full functionality. That may take me a few days to work through though.

 

I'm just relieved that it's basically functional though after a very testing weekend with a high grumpiness factor.

  • Like 11

Share this post


Link to post
Share on other sites

just tried changing my password and it came up with an error telling me I must complete the whole form!

Edited by beejack
  • Like 1

Share this post


Link to post
Share on other sites

Just tried to change my password and got the message"Oops something went wrong" etc after I saved the changes

 

Tried logging out then back in with the new password and it wouldn't accept it but Windows seemed to have kept the old password and I was able to log in automatically again

 

Keith

Share this post


Link to post
Share on other sites

Andy - well done - no hurry but clicking on my name (top right) ONLY gives me "Your profile" fo;;owed by "whats on your mind" - this happened the other day just before the site went down and I had (then) the same message as Beejack above and it won't let me in to adjust anything - just for your info

Edited by shortliner

Share this post


Link to post
Share on other sites

It may be worth clearing browser cache and cookies Jack as it's OK at this end but I appreciate it could be browser specific.

Share this post


Link to post
Share on other sites

Andy - well done - no hurry but clicking on my name (top right) ONLY gives me "Your profile" fo;;owed by "whats on your mind" - this happened the other day just before the site went down and won't let me in to adjust anything - just for your info

 

This would appear to be an InternetExplorer artifact, whereas things are fine on other browsers.

 

I've just experienced the same with IE9, but its correct with Firefox.

 

 

- Nigel

Share this post


Link to post
Share on other sites

Update

My problem was Chrome. It automatically put my email address and password in the top section, but as I only entered the information to update my password it came up with the error as the top section was only partially complete.

 

Tried updating with IE9 and no issues.

Share this post


Link to post
Share on other sites

Cannot log in at all with Internet Explorer anymore

It tells me either the user name or password is incorrect.

I am entering the same password and username as Firefox which is fine.

 

Keith

Share this post


Link to post
Share on other sites

Andy? Help required please

 

I cannot log in on my other computer using Firefox or IE9, on Windows 7..

 

It looks like something got corrupted when I tried to change the password and got the error message.

I doesn't matter if I use the password I had originally or the new one I tried to enter, both are invalid!

 

The computer I was on when I tried to change the password seems OK on auto log-in with Firefox but not if I try manually or if I try using IE8 (Windows XP)

 

Keith

Share this post


Link to post
Share on other sites

RMWeb wasn't the only site to go down. My son has a classic Mini and the Mini Forum has been closed for a few days while they try and sort it out. Again they got access to the email details and I received a message from a different group called 'The True Jubilee' inviting my son to join them in occupying Parliament on 5th November. The Mini Forum is another with thousands of members and so it looks like they targeted those where the disruption would have the most impact. I feel like going to London on 5/11 and shoving a big rocket where the sun don't shine - in the word of Corporal Jones 'They don't like it up'em'

 

Mike

Share this post


Link to post
Share on other sites

Andy? Help required please

 

I cannot log in on my other computer using Firefox or IE9, on Windows 7..

 

It looks like something got corrupted when I tried to change the password and got the error message.

I doesn't matter if I use the password I had originally or the new one I tried to enter, both are invalid!

 

The computer I was on when I tried to change the password seems OK on auto log-in with Firefox but not if I try manually or if I try using IE8 (Windows XP)

 

Keith

Just gone through the password recovery procedure to enter a new password.

 

Everything now fine (I think!)

 

Keith

Share this post


Link to post
Share on other sites

Hi Andy.

 

Not a huge problem in the grand scheme of things, but just noticed this at the bottom of the site.

 

users.jpg

 

Tom.

Share this post


Link to post
Share on other sites

Are these 'Anonymous' people in any way inspired by the Tooting Popular Front?

Andy

Share this post


Link to post
Share on other sites

Hi Andy,

 

Thanks for the update - would it be prudent to put this information (that email addresses have been harvested, and we should change our passwords) on the front page of the site as a message of the day? (In the same box as the MI3 link).

 

That way people who don't look at this sub-forum and missed the status updates will know what's going on.

 

Can you also confirm what's been accessed by the hackers? Just email addresses, or email addresses and encrypted passwords? Does IPB store passwords as hashes, or as encrypted plaintext? It's important because it determines whether we should change our passwords on this site only, or everywhere we use that password or similar ones.

 

Thanks,

 

Will

Share this post


Link to post
Share on other sites

Are these 'Anonymous' people in any way inspired by the Tooting Popular Front?

Andy

 

They're just bandwagon jumpers.

 

The original "Anonymous" was born on the 4chan message board, to protest against Scientology - that's where the guy fawkes mask imagery that we've all seen originated.

 

Since then, it's grown to cover the concept of being 'anonymous' on the internet, like most of us hiding behind a screen name on the computer (although of course for most of us it's protection rather than to hide misdeeds). It's grown to cover a whole swathe of 'internet organised protests and campaigns' and, unfortunately, has gone way beyond its original aim as everyone jumps on the "let's be anonymous" bandwagon. Whilst of course some of the original 4chan group were and still are hackers, and as part of the original protest defaced the Scientology website, in many people's minds the idea of hacking and anonymous go hand in hand - hence why whoever it was responsible for attacking this site used the concept/brand, as it were, rather than using their own name. Of course, "anonymous" have been blamed for attacking and defacing all sorts of websites in the name of their cause, whatever the cause may be, when in fact it has nothing to do with the original, capitalised, Anonymous born out of the anti-scientology protests some years back.

 

The anti-Scientology protest was really the first of its kind - organised solely via the internet through people who knew each other only by screen names and a joint interest - and lots of others simply followed the concept. One of the original things with Anonymous was that there was, and still is, no "leadership", it's a hive mind concept - so whereas with many groups if you take out the leader the group falls apart, in the "anonymous/Anonymous" concept can carry on and there are always other to take over projects and do the work when others fall. I believe "you can't kill an idea" is something that works well in this idea.

 

So next time you see someone wearing a guy fawkes mask, yelling "lol Xenu" and trying to give you a leaflet on the evils of Scientology... don't blame them personally for taking down RMWeb.

Share this post


Link to post
Share on other sites

I've still not received any emails - perhaps they sent them to me in my invisible ink but I've changed my password anyway.

  • Like 2

Share this post


Link to post
Share on other sites

I've still not received any emails - perhaps they sent them to me in my invisible ink but I've changed my password anyway.

 

Me neither - but then I'm another one who seems to use invisible ink on here at times (and I use different passwords for different parts of the 'net so knowing my RMweb one wouldn't do anyone any good, and I've changed it too).

Share this post


Link to post
Share on other sites

Thanks for the clarification Cromptonnut.

I found one of the emails in the spam folder and thought it sounded like some sort of prank with undertones of Wolfie Smith. I hope that there are no other problems from this activity.

Andy

Share this post


Link to post
Share on other sites

Does RMweb have a privacy policy and can members request copies of personal information held, as provided by UK data protection laws, even though it is hosted overseas?

Share this post


Link to post
Share on other sites

Does RMweb have a privacy policy and can members request copies of personal information held, as provided by UK data protection laws, even though it is hosted overseas?

 

The privacy policy is quite straightforward. The only data held is the chosen display name, login name and email address entered by the user on registration. The passwords are encrypted within the database and are not accessible by any site users. The software logs IP addresses from any location used and can be used in identifying multiple accounts in the case of any problem. No other personal information is held and all details can be supplied on request if proof can be given that you are the relevant party. None of the data held is shared with any other party and is only used in connection with the operation of the site.

Share this post


Link to post
Share on other sites
Does RMweb have a privacy policy and can members request copies of personal information held, as provided by UK data protection laws, even though it is hosted overseas?

 

RMweb contains no personal information other than that which you yourself entered, and which you can see and change at any time by going to your profile settings: http://www.rmweb.co.uk/community/index.php?app=core&module=usercp

 

regards,

 

Martin.

Share this post


Link to post
Share on other sites

The passwords are encrypted within the database and are not accessible by any site users.

Looking at this thread it appears IPB do hash the passwords, which is good, although since the salt is stored in the database, once this is compromised it's not that hard to brute force matches for simpler passwords. I assume the hackers did access the database since they have the email addresses?

 

I guess the recommendation should be to change your password elsewhere if it's the same as the one you use here, and also simple/short?

 

Cheers,

 

Will

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.