Announcement

Collapse
No announcement yet.

Forum compromised

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Forum compromised

    I notice that there is a dump of usernames and passwords for this forum here - http://pastebin.com/pQQnVh2W There is also a separate dump from last month but without passwords.

    The passwords looked hashed but that won't stop some weak passwords from being discovered.

    If you use the same password for other sites I suggest you change it.

    The version of vbulletin being used here is very old and is most likely vulnerable to an SQL injection attack
    Last edited by Uhtred; 26th August 2015, 19:50.
    Tags: None
  • #2
    Good lord that is not good.
    Are there not any security measures for this forum/website?

    Highly concerning.

    Comment

    • #3
      First of all....this guy is not telling porkies. That's definitely a valid dump.

      SQL Injection attacks happen all the time, on systems with far greater security than maestro.org.uk. It happens a lot.... think .gov.uk

      Luckily these hashes (look md5 to me) haven't been "cracked on the net". You can easily check, just copy your hash and paste it into google.

      Some bloke in Nicosia, Cyprus seems very interested in them......

      And thank-you to the OP for bringing this to light.
      1989 MG Maestro Turbo #413

      1986 MG Maestro EFi - Dead but still here
      1985 Austin Maestro 1.3 L - Dead and in heaven

      2001 Rover 75 CDT (Daily Runner)

      Comment

      • #4
        I hope they can't get any further details address phone no. Etc, this is serious

        Comment

        • #5
          Calm down. Please have some context here. This is not Ashley Madison. People are committing suicide because of that one!

          This happened to Sony and a US Government Recruitment agency.

          This is all you need to do. Look at all your accounts which use the same e-mail address e.g. Facebook, e-mail account etc **that use the same password**, and change it.

          The passwords have been hashed, which considering the age of the forum, hats off to the webmaster.

          Keep calm people.
          Last edited by Mat_C; 26th August 2015, 21:33.
          1989 MG Maestro Turbo #413

          1986 MG Maestro EFi - Dead but still here
          1985 Austin Maestro 1.3 L - Dead and in heaven

          2001 Rover 75 CDT (Daily Runner)

          Comment

          • #6
            I hope someone doesn't hack my account here and try to sell my car I don't have anymore! Or make outlandish comments that I daren't make myself...






            I hate montegos!


            Seriously, what harm can be done with this info?

            Comment

            • #7
              Most annoying thing is harvesting of e-mail addresses which means we'll get more spam.
              www.maestroturbo.org.uk - The Tickford Maestro Turbo Register
              www.rover200.org.uk - The Rover 200/400 (R8) Owners Club
              www.roverdiesel.co.uk - My Rover Diesel Site

              Comment

              • #8
                >>Seriously, what harm can be done with this info?<<

                b**ger all.

                It is best practice to follow advice I gave above, but linkedin / ebay had millions of hashes stolen and I'm still alive
                1989 MG Maestro Turbo #413

                1986 MG Maestro EFi - Dead but still here
                1985 Austin Maestro 1.3 L - Dead and in heaven

                2001 Rover 75 CDT (Daily Runner)

                Comment

                • #9
                  Originally posted by Uhtred View Post
                  I notice that there is a dump of usernames and passwords for this forum here - http://pastebin.com/pQQnVh2W There is also a separate dump from last month but without passwords.

                  The passwords looked hashed but that won't stop some weak passwords from being discovered.

                  If you use the same password for other sites I suggest you change it.

                  The version of vbulletin being used here is very old and is most likely vulnerable to an SQL injection attack
                  Mmm one post in a year and possibly spam. Not convinced at all
                  1958 Ford Consul Convertible. I love this car
                  1965 Ford Zodiac Executive. Fab cruiser being restored
                  1997 Jaguar Xk8 Convertible. Such a fab car
                  2003 MGZT V8. BRG and new project
                  2004 MGZT cdti. Great workhorse
                  2004 MGZT V8. Black I love this car

                  Comment

                  • #10
                    Spam? Take a look at the data man.

                    Comment

                    • #11
                      Originally posted by Jeff Turbo View Post
                      Mmm one post in a year and possibly spam. Not convinced at all
                      I signed up to sell my father in laws montego in the classifieds last year and deleted the posts once sold. Every now and then I punch my email address into google and see if I get any hits and doing so returned a couple of results relating back to this forum.

                      It doesn't bother me, I use a password manager but I wanted to make sure others were aware.

                      Comment

                      • #12
                        Originally posted by E_T_V View Post
                        Most annoying thing is harvesting of e-mail addresses which means we'll get more spam.

                        And they were told several months ago the forum was compromised due to the spamming of email addresses.

                        http://www.maestro.org.uk/forums/showthread.php?t=21315

                        Just update the forum it is not rocket science.
                        Last edited by Beaker; 27th August 2015, 08:07.
                        Rover 200 and 400 Owners Club (for wedge shape rovers, including coupe, tourer and cabriolet). - www.rover200.org.uk

                        Comment

                        • #13
                          Sorry Jeff, but it's a fact. It lists everybody who ever signed up for an forum account, in order of date.

                          In the top ten we have a lot of the club founders etc, which is to be expected.

                          Bit of a trip down memory lane for me
                          1989 MG Maestro Turbo #413

                          1986 MG Maestro EFi - Dead but still here
                          1985 Austin Maestro 1.3 L - Dead and in heaven

                          2001 Rover 75 CDT (Daily Runner)

                          Comment

                          • #14
                            As im not computer literate I have no idea im afraid
                            1958 Ford Consul Convertible. I love this car
                            1965 Ford Zodiac Executive. Fab cruiser being restored
                            1997 Jaguar Xk8 Convertible. Such a fab car
                            2003 MGZT V8. BRG and new project
                            2004 MGZT cdti. Great workhorse
                            2004 MGZT V8. Black I love this car

                            Comment

                            • #15
                              Here's another one, looks like it was taken before Beaker changed her e-mail address (re the "SPAM" thread)

                              http://www.skymem.com/xdoc/document-...8d87e1f48ab4f7
                              1989 MG Maestro Turbo #413

                              1986 MG Maestro EFi - Dead but still here
                              1985 Austin Maestro 1.3 L - Dead and in heaven

                              2001 Rover 75 CDT (Daily Runner)

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X