Page 1 of 2 12 LastLast
Results 1 to 25 of 36

Thread: Change your passwords immediately!

  1. #1
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default Change your passwords immediately!

    Hey all.

    I'm saddened to tell you that there has been a hack on villavu, similar to the one on MITB. (https://www.moparisthebest.com/smf/i...514987.80.html). The attacker got in using the account of an admin (name doesn't matter), somehow also knew the password to the 2nd auth (HTTP auth, password may have been the same?) and got into the admin cp. Then changed the password of another admin that had access to the plugins section of VB, changed plugin code to something that resembles a minimalistic shell. I can only assume the worst and that he has indeed managed to dump (a part) of the database. The bandwidth logs would indicate something like this might have happened. The server itself seems to be safe - as the user only had access to the httpd account.

    You must all fear for the worst. Check your PM's. If you ever sent a password over PM to anyone, make sure you change it. PM's are also part of the database. While this really sucks, in my defence I can only say there wasn't much to do to prevent this - social engineering and phishing just happens, I suppose.

    This couldn't have come at a worse time as I am very busy trying to finish my bachelor thesis and I really don't have the time to install new forum software right now. However, it doesn't appear to be a problem with vBulletin - except for the idiots who work for them and decided you should be able to edit plugins (read: add php code) from the admincp.

    It is very well possible the forum has been hacked due to an admin using the same password over at mopar's - or a previous forum that has been compromised. Let me say this just once more: Never, I repeat, NEVER use the same password across different sites.

    Obviously we'll enforce a password change as well.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  2. #2
    Join Date
    Jan 2007
    Location
    the middle of know-where
    Posts
    1,308
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    For people who might be having problems thinking of a new password, might I suggest :

    On vacation in NeverLand,
    Code:
    typedef int bool;
    enum { false, true };

  3. #3
    Join Date
    Aug 2007
    Location
    Colorado
    Posts
    7,421
    Mentioned
    268 Post(s)
    Quoted
    1442 Post(s)

    Default

    I wonder what they were trying to accomplish. My password is changed, now.

    Current projects:
    [ AeroGuardians (GotR minigame), Motherlode Miner, Blast furnace ]

    "I won't fall in your gravity. Open your eyes,
    you're the Earth and I'm the sky..."


  4. #4
    Join Date
    Dec 2006
    Location
    Houston, TX USA
    Posts
    4,791
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by anonymity View Post
    For people who might be having problems thinking of a new password, might I suggest :

    Password cracking rarely involves brute-forcing

    Dictionary algorithms and common numbering patterns are also used.

  5. #5
    Join Date
    Jan 2007
    Location
    the middle of know-where
    Posts
    1,308
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by Wanted View Post
    Password cracking rarely involves brute-forcing

    Dictionary algorithms and common numbering patterns are also used.
    Tis true; I usually l33t $p3@k phrases. Buuut, Ima go change a few passwords now...
    On vacation in NeverLand,
    Code:
    typedef int bool;
    enum { false, true };

  6. #6
    Join Date
    Feb 2007
    Location
    PA, USA
    Posts
    5,240
    Mentioned
    36 Post(s)
    Quoted
    496 Post(s)

    Default

    Quote Originally Posted by Wanted View Post
    Password cracking rarely involves brute-forcing

    Dictionary algorithms and common numbering patterns are also used.
    correct

    rainbow tables are used where they take the most common passwords. run 4012 iterations of a specific algorithm compile it into a huge "rainbow table" and then brute force them all.

    for instance WPA2 security: (wiki)

    If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1.[10]
    the set of 95 permitted characters) is probably sufficient.[11] To further protect against intrusion, the network's SSID should not match any entry in the top 1000 SSIDs[12] as downloadable rainbow tables have been pre-generated for them and a multitude of common passwords.[13]
    brute forcing has escalated from change a single letter at a time to just loading a big as table into memory and plowing through it...

  7. #7
    Join Date
    Feb 2006
    Location
    Belgium
    Posts
    3,137
    Mentioned
    3 Post(s)
    Quoted
    5 Post(s)

    Default

    Isn't it possible to force a password change with vBulletin?

  8. #8
    Join Date
    Nov 2006
    Location
    Planet Earth
    Posts
    351
    Mentioned
    0 Post(s)
    Quoted
    26 Post(s)

    Default

    how unfortunate hopefully this is the only that happens and we dont see a chain of events occur

  9. #9
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by Freddy1990 View Post
    Isn't it possible to force a password change with vBulletin?
    Yes and no. You can only set when passwords should expire. Most users should now be prompted if they have not changed their password in 30 days. (You should change your password regardless, this all happened about 4 days ago)



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  10. #10
    Join Date
    Nov 2006
    Location
    Location, Location
    Posts
    1,126
    Mentioned
    6 Post(s)
    Quoted
    41 Post(s)

    Default

    I changed my password to the same until I saw this thread

  11. #11
    Join Date
    Jul 2011
    Location
    /home/litoris
    Posts
    2,226
    Mentioned
    0 Post(s)
    Quoted
    159 Post(s)

    Default

    I was just prompted to change it upon login, said it expired. Good thing I use different passes for most sites. (passes made up of words of different languages that i can remember for most sites, real randomized stuff for important places that I could lose things at)

  12. #12
    Join Date
    May 2007
    Location
    UK
    Posts
    4,007
    Mentioned
    1 Post(s)
    Quoted
    12 Post(s)

    Default

    Quote Originally Posted by Kave View Post
    I changed my password to the same until I saw this thread
    This ^

    -Boom

  13. #13
    Join Date
    May 2011
    Location
    In an Island.
    Posts
    1,413
    Mentioned
    2 Post(s)
    Quoted
    149 Post(s)

    Default

    That's not good =/ Already changed my pass, but I think I will have to change it again, due to specific reasons. Is there any other way to prevent another attack to SRL community?

  14. #14
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by UNKNOWN69 View Post
    That's not good =/ Already changed my pass, but I think I will have to change it again, due to specific reasons. Is there any other way to prevent another attack to SRL community?
    Yes; don't use the same password on different sites. I've taken some more precautions but there isn't really a lot I could have done to prevent this. I'm sorry, for what it's worth. Let's hope this was the first and last time.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  15. #15
    Join Date
    Jul 2008
    Location
    California
    Posts
    255
    Mentioned
    0 Post(s)
    Quoted
    2 Post(s)

    Default

    Hadn't realized my password was over three years old until I was told on login. Normally I'm better at changing my passwords than that , I guess SRL just managed to miss my regular change spree.
    Unfortunately, no active scripts atm.

  16. #16
    Join Date
    Feb 2007
    Location
    Colorado, USA
    Posts
    3,716
    Mentioned
    51 Post(s)
    Quoted
    624 Post(s)

    Default

    got prompted to change the pass so I did

    weird they are trying to hack it =/ I have no similar passwords so all good



    usually for my passwords I just smack my keyboard a few times and then memorize what comes out, use it as a pass.. got like 10 different ones
    The only true authority stems from knowledge, not from position.

    You can contact me via matrix protocol: @grats:grats.win or you can email me at the same domain, any user/email address.

  17. #17
    Join Date
    Apr 2007
    Location
    Lithuania
    Posts
    384
    Mentioned
    0 Post(s)
    Quoted
    15 Post(s)

    Default

    Quote Originally Posted by Flight View Post
    I wonder what they were trying to accomplish. My password is changed, now.
    Get passwords and try them on mail or paypal

  18. #18
    Join Date
    Feb 2007
    Location
    PA, USA
    Posts
    5,240
    Mentioned
    36 Post(s)
    Quoted
    496 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    Yes; don't use the same password on different sites. I've taken some more precautions but there isn't really a lot I could have done to prevent this. I'm sorry, for what it's worth. Let's hope this was the first and last time.
    well, we know it wasn't the first...

  19. #19
    Join Date
    Nov 2006
    Posts
    2,369
    Mentioned
    4 Post(s)
    Quoted
    78 Post(s)

    Default

    Ugh got to change my email password immediately. It was same as here :X
    Quote Originally Posted by DeSnob View Post
    ETA's don't exist in SRL like they did in other communities. Want a faster update? Help out with updating, otherwise just gotta wait it out.

  20. #20
    Join Date
    Jan 2011
    Location
    Denver, CO
    Posts
    1,351
    Mentioned
    2 Post(s)
    Quoted
    72 Post(s)

    Default

    Interesting how they did this to both MITB and Villavu. I'm sure you and Moparisthebest will figure out who did this, it looks like the staff have narrowed it down to someone using a box in the Netherlands.

  21. #21
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    It's obvious an inside job, or some admin who's really dumb, if you had the htaccess stuff on the admincp...

    Yay for keepass, another random huge password to throw out.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  22. #22
    Join Date
    Sep 2007
    Location
    Michigan
    Posts
    3,862
    Mentioned
    2 Post(s)
    Quoted
    1 Post(s)

    Default

    heh... my last password was some random generated thing sent to my email... so no fear in them getting into anything else of mine. Changed mine already.
    (Scripts outdated until I update for new SRL changes)
    AK Smelter & Crafter [SRL-Stats] - Fast Fighter [TUT] [SRL-Stats]
    If you PM me with a stupid question or one listed in FAQ I will NOT respond. -Narcle
    Summer = me busy, won't be around much.

  23. #23
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by Harry View Post
    It's obvious an inside job, or some admin who's really dumb, if you had the htaccess stuff on the admincp...

    Yay for keepass, another random huge password to throw out.
    Don't forget a lot of people have (or now...had) access to the admincp. Old administrators and moderators, etc. About 15 I think. If you have someone else's HTTP auth (whatever we should call it), you can still get access to admincp using another admin user.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  24. #24
    Join Date
    Aug 2008
    Location
    Finland
    Posts
    2,851
    Mentioned
    3 Post(s)
    Quoted
    2 Post(s)

    Default

    I've used the same pw pretty much everywhere until now.
    Ofcourse I've known that's bad, but I was just lazy and didn't bother changing it.
    Now I came up with a whole new base word which I've never used before, and change the last letter in different sites, and I have the last letter for every site written down on paper.

  25. #25
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    Quote Originally Posted by marpis View Post
    Now I came up with a whole new base word which I've never used before, and change the last letter in different sites, and I have the last letter for every site written down on paper.
    Cool, so if I figure out one of your sites I have a 3.84615385% chance to have your password from your other sites on my first guess.

    Just get Keepass or something similar and use a long unique password that you will never forget, and use automatically generated ones per-site.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •