Page 5 of 5 FirstFirst ... 3 4 5
Results 61 to 73 of 73

Thread: Any Mods on? Concerned about the site being hacked.

  1. #61

    Default

    Quote Originally Posted by wayninja View Post
    Ok, I have no idea why that screams bruteforce. Bruteforce is really messy, leaves a really obvious trail, is extremely inefficient, and is fairly easily protected against. But I don't really know, so I won't argue either.

    It's just as likely that the password was intercepted because no encryption.
    Well, it being intercepted due to lack of https is quite a ways down on the likely scenarios of what happened. For that to occur, the hacker has to have a sniffer somewhere between the user's machine and the server. Possible, but not likely unless the users machine or the data center/server have been compromised.

    Many more likely scenarios, such as a vB vulnerability. The same username/password being used on other sites, which have been hacked and that username/password is out on dark sites.

    Hopefully, this will be a one off event. In the meantime, I've already reached out to vB and am looking at the various add ons, like the High Five system, to see if any of them now have a known vulnerability. Since this guy seems to be targeting vBulletin sites, it means there might be a vulnerability on vB that hasn't been discovered yet.

    This is one of the reasons, while a pain in the butt, that it's best to always use a unique password for every site that you are on. So, if Sony's username/password list is hacked and you have a Sony account, that it can't be used to get into your Amazon or Bank of America accounts.

  2. #62
    Join Date
    Jan 2011
    Location
    Centennial (which is in Colorado)
    Adopted Bronco:
    Meck
    Posts
    27,001

    Default

    Quote Originally Posted by tned-admin View Post
    Well, it being intercepted due to lack of https is quite a ways down on the likely scenarios of what happened. For that to occur, the hacker has to have a sniffer somewhere between the user's machine and the server. Possible, but not likely unless the users machine or the data center/server have been compromised.
    True, but wouldn't be the first time. Wouldn't be the thousandth time. A brute force without being directly connected to the server/database would run into lockout policies... so that makes the sniffer much more likely than brute force. If the hacker had direct access to the db itself, the server is already compromised most likely.

    Quote Originally Posted by tned-admin View Post
    Many more likely scenarios, such as a vB vulnerability. The same username/password being used on other sites, which have been hacked and that username/password is out on dark sites.
    Yes, a vulnerability is also high on the likely list. Agreed

    Quote Originally Posted by tned-admin View Post
    Hopefully, this will be a one off event. In the meantime, I've already reached out to vB and am looking at the various add ons, like the High Five system, to see if any of them now have a known vulnerability. Since this guy seems to be targeting vBulletin sites, it means there might be a vulnerability on vB that hasn't been discovered yet.
    Yep, his pattern indicates he's exploiting something about the technology used to run the forum, rather than the web server software or OS. Probably in the loop for some 0 day exploit recently discovered.

    Quote Originally Posted by tned-admin View Post
    This is one of the reasons, while a pain in the butt, that it's best to always use a unique password for every site that you are on. So, if Sony's username/password list is hacked and you have a Sony account, that it can't be used to get into your Amazon or Bank of America accounts.
    Yep, I do. I have an algorithm that I use that means I can use the "same" password, but the site itself will change a significant part of the password itself. Easy to remember, yet unique for each site.

  3. #63
    Join Date
    Jan 2009
    Location
    Phoenix, AZ
    Adopted Bronco:
    Phillip "TD" Lindsay
    Posts
    11,299

    Default

    Quote Originally Posted by tned-admin View Post
    Looking at the tool's Twitter account, he's going after vBulletin sites. Since he sometimes talks about getting control of mod accounts and other times admin accounts, that makes me think that it isn't a vBulletin hack, per se, but instead he's targeting moderators and running password hacks against them, but that's just a guess. I didn't see anything on vBulletin's support forum, so at this time, I don't think it's a vB exploit, but I plan to put in a support ticket with Vb just to be sure.
    Support for your suppositions can be found at the guy's YouTube channel home page, where there are videos of him hacking several other sites as well. Yes, I know its a he because he's talking to someone in the video "DUMB OWNER DELETES HIS OWN WEBSITE AFTER."

    https://www.youtube.com/channel/UCOC...r6RzPJdtB-oAgw
    I’m an Autistic Self-Advocate. If you have any questions about Autism/Asperger’s, feel free to ask. I’m not offended by any question asked by anyone who has a genuine desire to understand us better.

    https://aacphoenix.com/

  4. #64

    Default

    Quote Originally Posted by WTE View Post
    I have the same password on this site that I have used for 10 years. Time to change it.
    Let’s not get ahead of ourselves WTE. Why would anyone be interested in hacking your forum account?

  5. #65
    Join Date
    Dec 2007
    Adopted Bronco:
    Richard Simmons
    Posts
    30,177

    Default

    Quote Originally Posted by Al Wilson 4 Mayor View Post
    Let’s not get ahead of ourselves WTE. Why would anyone be interested in hacking your forum account?
    Slim would love to.

  6. #66
    Join Date
    Dec 2007
    Adopted Bronco:
    Kay Adams
    Posts
    54,753

    Default

    Quote Originally Posted by BeefStew25 View Post
    Slim would love to.
    Maybe I already have
    Quote Originally Posted by Day1BroncoFan View Post
    I'm happier than tom brady in a gay bar....

  7. #67
    Join Date
    Aug 2007
    Posts
    18,625

    Default

    Hi guys. I just ate a bowl of dicks.

  8. The Following 4 Users High Fived WTE For This Post:


  9. #68
    Join Date
    Jan 2011
    Location
    Centennial (which is in Colorado)
    Adopted Bronco:
    Meck
    Posts
    27,001

    Default

    It might be more efficient if you let us know when you aren't ****-gobbling.

  10. The Following User High Fived wayninja For This Post:


  11. #69
    Join Date
    Aug 2007
    Location
    Tracy, CA
    Posts
    19,015

    Default

    Quote Originally Posted by WTE View Post
    Hi guys. I just ate a bowl of dicks.

    #gay
    Attached Images Attached Images  
    "Oh I’m sorry, did I break your concentration?”
    Jules Winnfield - Pulp Fiction

  12. #70
    Join Date
    Aug 2007
    Posts
    18,625

    Default

    Slim, get off my cloud!

  13. #71

    Default

    Quote Originally Posted by wayninja View Post
    We should all be issued RSA tokens and 2 factor authentication for site logon.
    My wife constantly complains about the two factor I've put on our Amazon account. We've had people try and hack our account twice recently, they couldn't get any further because the didn't have the authentication code from my phone.

    It's a pain in the neck, but it's nice having that extra security between us and our credit card info.

  14. #72

    Default

    Quote Originally Posted by WTE View Post
    Hi guys. I just ate a bowl of dicks.
    Totally believable. I bet they were Tom Brady flavored.

  15. The Following 3 Users High Fived Freyaka For This Post:


  16. #73
    Join Date
    Apr 2012
    Location
    Denver
    Adopted Bronco:
    Dangerous Freedom Lock
    Posts
    25,132

    Default

    Quote Originally Posted by wayninja View Post
    this:

    good song

Go
Shop AFC Champions and Super Bowl gear at the official online Pro Shop of the Denver Broncos!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Broncomania Site Is Hacked------------
    By BroncoSexyDaddy in forum Broncos Talk
    Replies: 55
    Last Post: 08-31-2007, 03:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
status.broncosforums.com - BroncosForums status updates
Partner with the USA Today Sports Media Group