Jump to content
 

Has the RMweb databased been hacked?


Recommended Posts

This is one for the administrators but maybe you have has a similar email and not made the connection.

 

I have used an email alias for registration on the RMweb forum which is not used for any other purpose nor disclosed to anyone else (I use an alias for all on-line registrations to detect spam sources).

 

My email addres is not visible to anyone on-line BUT I have recieved a spam email 27/7/2012 (about a conspiricy at the 2012 Olympics) directed to that email address. This means that someone, somewhere, somehow has gained acces to the email address which should be secure.

 

Could be

  • the db has been hacked?
  • Member of staff?
  • Email address sold?

I would like to know the admistrators findings before altering my email sddress because if comprimised the alteration will be in vain.

Link to post
Share on other sites

This is one for the administrators but maybe you have has a similar email and not made the connection.

 

I have used an email alias for registration on the RMweb forum which is not used for any other purpose nor disclosed to anyone else (I use an alias for all on-line registrations to detect spam sources).

 

My email addres is not visible to anyone on-line BUT I have recieved a spam email 27/7/2012 (about a conspiricy at the 2012 Olympics) directed to that email address. This means that someone, somewhere, somehow has gained acces to the email address which should be secure.

 

Could be

  • the db has been hacked?
  • Member of staff?
  • Email address sold?

I would like to know the admistrators findings before altering my email sddress because if comprimised the alteration will be in vain.

 

Are you sure that security breach is not associated with your PC?

 

XF

Link to post
Share on other sites

Guest Max Stafford

Paul, are you on Facebook? I've been receiving spam of late than purports to come from family and friends for whom, although we are FB 'friends', I don't actually have email addresses which means I know where the spam came from.

 

Dave.

Link to post
Share on other sites

  • RMweb Gold

Paul, are you on Facebook? I've been receiving spam of late than purports to come from family and friends for whom, although we are FB 'friends', I don't actually have email addresses which means I know where the spam came from.

 

Dave.

Agree with Dave, I too get spam now that is clearly linked to someone harvesting something from Facebook. My Spam filter seems to identify them accurately as spam. I'm not getting any spam from the address I use for RMweb.

Link to post
Share on other sites

  • RMweb Premium

No spam here from the RMweb address. My ISP is very good at filtering spam and I only receive an average of 1 such message a day which is almost invariably in the Spam folder.

 

I use a different email address for FB registration and have also not been able to link any spam mail to that address, of which there is again very little, back to FB where all parts of my account are locked down to "Friends Only" access.

 

There are such beasts as random address generators which will successfully hit a number of genuine addresses in much the same way as an auto-dialler operated by a call-centre will sooner or later reach an active number whether or not it is on a "do no call" register.

Link to post
Share on other sites

Are you sure that security breach is not associated with your PC?

 

XF

Absolutely sure - I am IT professional.

 

No spam here from the RMweb address. My ISP is very good at filtering spam and I only receive an average of 1 such message a day which is almost invariably in the Spam folder.

 

I use a different email address for FB registration and have also not been able to link any spam mail to that address, of which there is again very little, back to FB where all parts of my account are locked down to "Friends Only" access.

 

There are such beasts as random address generators which will successfully hit a number of genuine addresses in much the same way as an auto-dialler operated by a call-centre will sooner or later reach an active number whether or not it is on a "do no call" register.

 

This one can't be a random generated one

Link to post
Share on other sites

Paul, are you on Facebook? I've been receiving spam of late than purports to come from family and friends for whom, although we are FB 'friends', I don't actually have email addresses which means I know where the spam came from.

 

Dave.

 

No I am not on facebook - please read the OP as this is a unique email address to RMweb and not used anywhere else ever.

Link to post
Share on other sites

Hi Paul,

 

See http://www.rmweb.co....wing-site-hack/

 

The issue was widely reported at the time and further attacks blocked. I did receive a similar email around that time before the Olympics after two previous emails in April.

 

Thanks Andy - Can you confirm that the security issue has been dealt with and it is safe to replace my email alias with another?

 

by the way - why ask us to change the password, surely they are all stored encrypted in the database?

Link to post
Share on other sites

  • RMweb Gold

Hi Paul,

 

The IPB software which RMweb uses contained a security flaw, as indicated by Andy. Many IPB sites were hacked into for email addresses -- videos showing how to do it were on YouTube at the time and may still be there. No doubt those email addresses are now on lists being happily sold far and wide. As far as I know that loophole has been fixed, but the IPB software is such that there may very possibly be others.

 

Why worry? No-one stores important personal information on RMweb. I don't understand the paranoia about spam. It's easily deleted and can be quite amusing. Recently I was notified that I had been appointed United Nations Ambassador for African Refugees. All I had to do was send them my bank details so that they could fix up my salary and official car. It made my day. smile.gif

 

Martin.

Link to post
Share on other sites

Hi Paul,

 

The IPB software which RMweb uses contained a security flaw, as indicated by Andy. Many IPB sites were hacked into for email addresses -- videos showing how to do it were on YouTube at the time and may still be there. No doubt those email addresses are now on lists being happily sold far and wide. As far as I know that loophole has been fixed, but the IPB software is such that there may very possibly be others.

 

Why worry? No-one stores important personal information on RMweb. I don't understand the paranoia about spam. It's easily deleted and can be quite amusing. Recently I was notified that I had been appointed United Nations Ambassador for African Refugees. All I had to do was send them my bank details so that they could fix up my salary and official car. It made my day. smile.gif

 

Martin.

What always amazes me is that these people can be sophisticated enough to hijack one's e-mails and details but so naive as to send utterly ridiculous messages out!

 

JE

Link to post
Share on other sites

by the way - why ask us to change the password, surely they are all stored encrypted in the database?

 

Purely precautionary as at the time I wasn't certain what data had been acquired; yes they are encrypted and even I don't have access but some determined hackers can work at encrypted files. It is evident that some kind of crack was applied to administrators passwords to carry out the actions they did.

Link to post
Share on other sites

  • RMweb Gold

What always amazes me is that these people can be sophisticated enough to hijack one's e-mails and details but so naive as to send utterly ridiculous messages out!

I think it sums them up, actually. You have to be slightly unbalanced to want to spend so much effort in order to achieve the result - and thus there isn't actually much imagination available for the message you triumphantly send. If ever there were a group of people who "need to get out more" this type of hacker is it!
Link to post
Share on other sites

I think it sums them up, actually. You have to be slightly unbalanced to want to spend so much effort in order to achieve the result - and thus there isn't actually much imagination available for the message you triumphantly send. If ever there were a group of people who "need to get out more" this type of hacker is it!

 

Sadly, they do have time and unfortunately they do get rewarded by the computer ignorant or illiterate masses who are taken in by such scams. Just the same, possibly more so, as the through the letter box snail mail equivalent, many people are taken in by this every day and once they realise their mistake are too embarrassed or ashamed to come forward.

Link to post
Share on other sites

  • RMweb Gold

I don't understand the paranoia about spam. It's easily deleted and can be quite amusing. Recently I was notified that I had been appointed United Nations Ambassador for African Refugees. All I had to do was send them my bank details so that they could fix up my salary and official car. It made my day. smile.gif

 

Martin.

 

What fascinates me is the number of spam messages which I receive in the French language - clearly a result of 'harvesting' or simply cruising round sites and definitely failing to understand the difference between French and Latin (a point which will probably be understood by those who know my e-mail address).

Link to post
Share on other sites

I wonder what the environmental impact is of Spam email? The email traffic must use electricity - at the servers, on your PC etc. Tiny amounts per email obviously, but when you think how many billions, if not trillions of spam emails get sent...

 

Spam is mildly annoying, but nothing more than that. Anyone stupid enough to respond to them must really be short of a few fishplates, but then enough must do, or nobody would bother doing it...

 

David

Link to post
Share on other sites

What always amazes me is that these people can be sophisticated enough to hijack one's e-mails and details but so naive as to send utterly ridiculous messages out!

 

I think it sums them up, actually. You have to be slightly unbalanced to want to spend so much effort in order to achieve the result - and thus there isn't actually much imagination available for the message you triumphantly send. If ever there were a group of people who "need to get out more" this type of hacker is it!

 

Actually there is a claim that the messages are deliberately worded to be blatant spams to weed out the false positives.

http://slatest.slate...o_obvious_.html

 

The scammers want to concentrate their efforts on the most gullible people and this is one way to filter out those who might be more cautious.

Link to post
Share on other sites

Spam is mildly annoying, but nothing more than that.

Exactly, how hard is to hit delete twice.

 

Anyone stupid enough to respond to them must really be short of a few fishplates, but then enough must do, or nobody would bother doing it.

Exactly, although I am still waiting for the $28million they promised me my (unknown about) Uncle had left me in his will. :jester:

 

Easy answer is just delete it and leave it at that.

Link to post
Share on other sites

  • RMweb Premium

Sadly, they do have time and unfortunately they do get rewarded by the computer ignorant or illiterate masses who are taken in by such scams. Just the same, possibly more so, as the through the letter box snail mail equivalent, many people are taken in by this every day and once they realise their mistake are too embarrassed or ashamed to come forward.

 

Agreed. You only have to read articles on this topic, where it is claimed that the losses made to this kind of scam is ever rising. So some one must be falling for it.

 

If the scammers weren't making money, the industry would die out.

Link to post
Share on other sites

On one of the company security courses I had to attend, the instructor labelled it as the "B T Barnum effect". There is one born every minute.

 

Then again I sometimes think the scammers just want a laugh. http://venturebeat.com/2012/09/11/wont-you-help-a-poor-nigerian-astronaut-who-just-wants-to-come-home-from-space/

Link to post
Share on other sites

If its an email address only used for signing up to RMWEB does it even matter if it gets spam?

 

On the face of it you are right but the reason this is done by many of us who run their own email accounts is to detect then help the organisation who have been hacked. It's not nice for RMweb or its members as far more damage can be done if undetected.

 

Regarding spam in general - if we all begin to accept it then we lowering our standards. There are people who are truly offended by some content and it is a pain when you have to wade through so much spam on a handheld.

 

Once on a list its like having been burgled (which I have) - you can never return to your former carefree life - hence the locking up proceedure when we now leave our house.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...