Jump to content

InsanelyHacked!

ColdFusion

By ColdFusion

 Share

So it appears someone with nothing better to do took it upon themselves to bring down the site for no good reason. They used an Invision PowerBoard exploit which allowed them to gain root access to the database, and after backing it up for their own gratification and future exploitation, they deleted it. I guess this is some people's idea of fun, but the simple fact is: it's a serious crime. So serious in fact, that the investigation has been passed to the UK's Serious Organised Crime Agency (SOCA), and we have been able to provide them with a number of leads thanks to some sterling work from our excellent mods!

 

We'd like to take this opportunity to appologise for the fact that your email addresses have been compromised and may be passed/sold on to third parties who may like to inform you from time to time that is indeed possible to double the size of your genitalia and perform like a god or goddess in the bedroom. This is extremely unfortunate, but we can assure you that your passwords are safely encrypted on our server so we should be free of account abuse. However, if your password is not particularly strong, we recommend you change it to something stronger ASAP. This is because commonly used passwords could be compared against a list of their encrypted versions, so passwords such "hello" are really not a wise choice. We recommend that your password be at least 8 characters long and contain a mixture of letters and numbers.

 

When we purchased InsanelyMac we wrongly assumed that it was set up securely, and since the hosting equipment was part of the purchase, we saw no immediate reason to move the hosting away from ThePlanet. Obviously this incident has forced us to look carefully at the security arrangements, and as a result we have migrated the site over to our own servers, patched the forum to the latest version and added another layer of authentication where required. We have also revised our back-up strategy so that any future incidents can be recovered from more quickly. So despite being blackmailed by those claiming to be responsible for the attack, we are pleased to announce the return of InsanelyMac, now more secure than ever.

 Share
Go to articles

User Feedback

Recommended Comments



Sabr
The list is there, but have you tried the links?

 

Well, most of them work, but not mine.

 

Hmmm, that's strange. I'll pass it on to ColdFusion.

Link to comment
Share on other sites
EFI

Good thing the InsanelyMac is back up and running again...that was a quick recovery. I'm still a little ticked off that our e-mail adresses are compromised, but so far for me (knock on wood) either I'm not getting any spam to begin with(i.e my email is not sold yet), or Gmail's spam filter is impressively strong and dead accurate...and is filtering perfectly so far. I hope its the first one, because so far I havent received any spam. I hope it stays that way. :hysterical:

 

Any news at all on who(m) was behind all this?

Link to comment
Share on other sites
Ophiel X

i was alarmed a bit by this snippet:

 

"However, if your password is not particularly strong, we recommend you change it to something stronger ASAP. This is because commonly used passwords could be compared against a list of their encrypted versions, so passwords such "hello" are really not a wise choice. We recommend that your password be at least 8 characters long and contain a mixture of letters and numbers."

 

are you seriously saying you guys don't salt hashes? i thought that topic was covered in Forum Administration 101 :)

Link to comment
Share on other sites
haydio

They would use a MD5 hash I believe BUT if your password was hello they can match the hashes, Eg: if you password was 'hello' in the database it would appear as '5d41402abc4b2a76b9719d911017c592' and because hello could be a common pass they could easily match 5d41402abc4b2a76b9719d911017c592 to hello.

Link to comment
Share on other sites
np_
So it appears someone with nothing better to do took it upon themselves to bring down the site for no good reason. They used an Invision PowerBoard exploit which allowed them to gain root access to the database, and after backing it up for their own gratification and future exploitation, they deleted it. I guess this is some people's idea of fun, but the simple fact is: it's a serious crime. So serious in fact, that the investigation has been passed to the UK's Serious Organised Crime Agency (SOCA), and we have been able to provide them with a number of leads thanks to some sterling work from our excellent mods!

 

 

and how we know was not you for example ?

 

not happy about current "income" and decide to sell 80K emails , then let's blame "hackers" ?

 

any prove ?

Link to comment
Share on other sites
Alessandro17
and how we know was not you for example ?

 

not happy about current "income" and decide to sell 80K emails , then let's blame "hackers" ?

 

any prove ?

 

Oh come on, that is some of the worst nonsense I have ever read ;)

Link to comment
Share on other sites
wlfdgcrkz

"it's a serious crime?" lol.

So many devs have left here for so many logical reasons ie backstabbing, dishonesty, account-jacking, internal politics. insanelymac has become a not-so-innocent altruistic brotherly organization.

Amazing that this would happen to us? Unwarranted? Im just not sure.

 

Perhaps events like this should be kept in perspective.

 

 

just one members opinion.

Link to comment
Share on other sites
bwhsh8r
and how we know was not you for example ?

 

not happy about current "income" and decide to sell 80K emails , then let's blame "hackers" ?

 

any prove ?

there were about 3 hackers {censored}in with the server, it wasnt him.

Link to comment
Share on other sites
ColdFusion
i was alarmed a bit by this snippet:

 

"However, if your password is not particularly strong, we recommend you change it to something stronger ASAP. This is because commonly used passwords could be compared against a list of their encrypted versions, so passwords such "hello" are really not a wise choice. We recommend that your password be at least 8 characters long and contain a mixture of letters and numbers."

 

are you seriously saying you guys don't salt hashes? i thought that topic was covered in Forum Administration 101 ;)

 

 

They would use a MD5 hash I believe BUT if your password was hello they can match the hashes, Eg: if you password was 'hello' in the database it would appear as '5d41402abc4b2a76b9719d911017c592' and because hello could be a common pass they could easily match 5d41402abc4b2a76b9719d911017c592 to hello.

 

Yep that's right, MD5 encryption is used.

 

Can we prove that we didn't hack our own server and sell your email addresses? Yes thanks :)

Link to comment
Share on other sites
bwhsh8r
Can we prove that we didn't hack our own server and sell your email addresses? Yes thanks :)

:hysterical: too bad there were like 3 people playing on your server :s

 

 

and too bad you cant figure out who or which ones did it... although i hope you do.

Link to comment
Share on other sites
Good Old Leopard

ok its good the site's back up but i still want to know, what kind of servers is the site on now? I hope some b-{censored}ing apple quads with 32GB of ram like the one that i just got to use with Final Cut Studio 2 along with my octa core mac pro

Link to comment
Share on other sites
Alessandro17
Can we prove that we didn't hack our own server and sell your email addresses? Yes thanks :P

 

ColdFusion, you don't need to prove anything. It is just plain common sense that it was somebody else.

Link to comment
Share on other sites
skitz

Good to see everything back...

 

Strangely enough, im in Ozzie land and it seems faster now than before (joined recently, been reading for months), or maybe i'm going insane......ly mac... :(

 

c-ya,

b.t.w. OS x86 on podcast today

search for Aussie Tech Heads in iTunes, or myspace, episode 44.

I'll post in news section.

 

edit: i can't post in news, i'll find somewhere

Link to comment
Share on other sites
brewno
So it appears someone with nothing better to do took it upon themselves to bring down the site for no good reason.

 

Hmm, so that's why there was no more InsanelyMac bookmark icon... ;)

Link to comment
Share on other sites

×
×
  • Create New...