Reminder to protect your account / Member account lost

General conversation and chit chat - The place for non-shooting specific topics. Introduce yourself here.

Reminder to protect your account / Member account lost

Post by Aster » 24 Sep 2018, 11:33 am

Hi all,

It appears one of our member accounts was accessed by a spam bot a few days ago. Short version of the story, in a single day nearly all of the members 3,100+ posts where edited, and replaced with copy/paste spam and other nonsense.

Unfortunately, the only course of action after such an event is to delete the account. While we run backups, they are on site-wide and server levels, designed to restore the entire site after a critical incident. We cannot do restorations at an account level.

The account was of a member who has not been active on the forum for a while, but even so, it's a terrible waste of information.

Protect your account!

If your password is simple or obvious, change it. If you use the same password across multiple sites/networks, I'd strongly suggest using different ones for your more valuable accounts, so you cannot lose all of them if your password is acquired by someone.

See here for some password tips: How to choose a secure password.

This is the first time we've had to do this in years and it's a real shame. I hope we never have to do it again.
Last edited by Aster on 25 Sep 2018, 8:01 am, edited 1 time in total.
See you on the firing line.
User avatar
Aster
Moderator
 
-

Re: Reminder to protect your account / Member account lost

Post by bladeracer » 24 Sep 2018, 12:12 pm

I noticed it but it seemed fairly selective so I assumed the member was editing his posts himself.
Practice Strict Gun Control - Precision Counts!
User avatar
bladeracer
Field Marshal
Field Marshal
 
Posts: 12655
Victoria

Re: Reminder to protect your account / Member account lost

Post by Oldbloke » 24 Sep 2018, 2:07 pm

bladeracer wrote:I noticed it but it seemed fairly selective so I assumed the member was editing his posts himself.


Same here.
The greatest invention in the history of man is beer.
https://youtu.be/2v3QrUvYj-Y
Member. SFFP, Shooters Union.
SSAA, the powerful gun lobby. :lol: :lol: :lol: :lol:
Hunt safe.
User avatar
Oldbloke
Field Marshal
Field Marshal
 
Posts: 11192
Victoria

Re: Reminder to protect your account / Member account lost

Post by sungazer » 24 Sep 2018, 3:21 pm

I have a few websites that I look after and I have pretty reasonable security measures and keep all the components updated but they were hacked somehow and the email accounts were used to send out thousands of emails and then other pages were added to the site.

Same the only way was to restore to an earlier time and then try more secure measures. They are bloody good these hackers and a pain in the arse for the hobbyist webmaster.
sungazer
Sergeant Major
Sergeant Major
 
Posts: 1525
Other

Re: Reminder to protect your account / Member account lost

Post by Stix » 24 Sep 2018, 4:19 pm

Can i ask what the account name is...or was...?
The man who knows everything, doesnt really know everything...he's just stopped learning...
Stix
Colonel
Colonel
 
Posts: 3675
South Australia

Re: Reminder to protect your account / Member account lost

Post by 2freeq » 24 Sep 2018, 7:40 pm

Thanks for clearing that up. Some of his edited replies were pretty full on. Makes you wonder why the spammers even bother. What good dis it do? or better still what did it achieve?
Howa 1500 .223
Marlin XT22SR .22LR
Lithgow .22LR
EMEI Chinese side lever .117 Air Rifle
2freeq
Lance Corporal
Lance Corporal
 
Posts: 123
New South Wales

Re: Reminder to protect your account / Member account lost

Post by 2freeq » 24 Sep 2018, 7:42 pm

Stix wrote:Can i ask what the account name is...or was...?


Bentaz was the one hacked
Howa 1500 .223
Marlin XT22SR .22LR
Lithgow .22LR
EMEI Chinese side lever .117 Air Rifle
2freeq
Lance Corporal
Lance Corporal
 
Posts: 123
New South Wales

Re: Reminder to protect your account / Member account lost

Post by Stix » 24 Sep 2018, 7:56 pm

:? :wtf:

Really..?


Hhhmmmnnmmm.....................................................
The man who knows everything, doesnt really know everything...he's just stopped learning...
Stix
Colonel
Colonel
 
Posts: 3675
South Australia

Re: Reminder to protect your account / Member account lost

Post by bigrich » 25 Sep 2018, 4:42 am

What sort of halfwit does stuff like that ? They should get a life instead of sitting at a computer and eating MacDonald’s all day. Unless it was the Chinese, or the Russians. Could be Sam Lee working for North Korea. Tin foil hat time again..... :lol:
User avatar
bigrich
Brigadier
Brigadier
 
Posts: 4483
Queensland

Re: Reminder to protect your account / Member account lost

Post by Aster » 25 Sep 2018, 7:59 am

bladeracer wrote:I noticed it but it seemed fairly selective so I assumed the member was editing his posts himself.


There was a scattering of intact posts in more recent topics, once you went back a little further almost everything was compromised; thousands of posts replaced with trash.

If it were only a handful of posts affected we'd just delete them, and re-secure the account. That wasn't the case in this instance.
See you on the firing line.
User avatar
Aster
Moderator
 
-

Re: Reminder to protect your account / Member account lost

Post by Gaznazdiak » 25 Sep 2018, 10:05 am

I tried to update my password to something stronger yesterday.

I gave up after three attempts ended without result.

I put in the new password, repeated it as asked, put in the old one, pressed the go button and was returned to the start of the process every time.

Any ideas what I might be doing wrong?
fideles usque ad mortem
User avatar
Gaznazdiak
Warrant Officer C1
Warrant Officer C1
 
Posts: 1379
New South Wales

Re: Reminder to protect your account / Member account lost

Post by Aster » 25 Sep 2018, 6:27 pm

Hey Gaz,

Hmm. I've just tried myself and it worked fine.

Are you given an error message? Or does it just return you to the empty page as if you'd just arrived there?
See you on the firing line.
User avatar
Aster
Moderator
 
-

Re: Reminder to protect your account / Member account lost

Post by Gaznazdiak » 25 Sep 2018, 7:42 pm

G'day Aster,
Tried again just now, same result

I put in the new password, repeated as stipulated, entered my old password, pushed the reset button and it returned to the start with all fields empty.

This was using my phone with the latest Android update, I'll fire up the old laptop tomorrow and try it with the browser on that.
fideles usque ad mortem
User avatar
Gaznazdiak
Warrant Officer C1
Warrant Officer C1
 
Posts: 1379
New South Wales


Back to top
 
Return to Off topic - General conversation