Forums have again been hacked

[spunkarooney]

I refer to this thread http://www.frequentflyer.com.au/community/open-discussion/have-changed-title-13331.html started by me 23/05/2008 (now closed).

Today, in similar circumstances I received yet another spam message to the email address I use exclusively for the Australian Frequent Flyer (AFF) forums.

This time the spam relates to “ONLINE pharmac_! SAVE 20% TODAY!”

So, it would seem that the AFF database has been hacked again!

I really hope that people aren’t storing any sort of personal information (aside from email address) in their profile details as it is clear that proper security isn’t being applied here – despite previous claims to the contrary.

 

[tba]

So you get one spam email and think the site's been hacked?

Spam is sent to random email address all the time, guess someone got lucky this time....

 

[spunkarooney]

So you get one spam email and think the site's been hacked?

Spam is sent to random email address all the time, guess someone got lucky this time....

I was correct last time and I am correct this time.

It’s not just a random address but a very unique and long email address that would be next to impossible for someone to just randomly guess.

I wouldn’t make such a claim unless I was pretty damn confident I knew what I was talking about.

 

[opusman]

So use a filter and get over it. One spam does not the end of the world make.

 

[spunkarooney]

So use a filter and get over it. One spam does not the end of the world make.

I am not concerned about one spam message, I am concerned about the security of personal information on this site.

I would expect the site owners to be equally just as concerned – especially if someone’s personal information is misused and they decide to lodge a complaint with the Office of the Federal Privacy Commissioner.

 

[gilby08]

Geez someone needs to lighten up a bit, it's probably just a bot randomly crawling through various websites. And seriously what "personal" information will they get?
If it's your phone number and address well i can get that from the WhitePages..
No issue here IMO.

 

[russ]

Sorry to hear about the spam

Having been spammed by other (presumably hacked) fora, I usually use a disposable mailinator address for registration

 

[spunkarooney]

Geez someone needs to lighten up a bit, it's probably just a bot randomly crawling through various websites. And seriously what "personal" information will they get?
If it's your phone number and address well i can get that from the WhitePages..
No issue here IMO.

A “a bot randomly crawling through various websites” wouldn’t have been able to capture the email address I have registered with AFF. That email address is only stored in the database of AFF and in my secure records. (My records have not been hacked.)

The sorts of “personal” information one would get from accessing AFF’s database would depend on what personal information each user has entered. Also, if they have access to the member records then they probably also have access to all messages – private and otherwise. People exchange all sorts of information in those messages – I would imagine.

As for my phone number, it’s not listed in the White Pages, so good luck with that.

 

[trippin_the_rift]

Sorry to hear about the spam

Having been spammed by other (presumably hacked) fora, I usually use a disposable mailinator address for registration

What the OP means is the email address they used here is exclusively used for this forum. I do exactly the same thing and am too receiving junk.

For example, my email address used here might be similar to this: [email protected] , this meaning any email that comes in is either a legit email from that site, the site is selling the DB, or they've been hacked.

 

[spunkarooney]

Sorry to hear about the spam

Having been spammed by other (presumably hacked) fora, I usually use a disposable mailinator address for registration

Yes, same.

 

[spunkarooney]

What the OP means is the email address they used here is exclusively used for this forum. I do exactly the same thing and am too receiving junk.

For example, my email address used here might be similar to this: [email protected] , this meaning any email that comes in is either a legit email from that site, the site is selling the DB, or they've been hacked.

I would say that the site has been hacked.

In the first incident, the email received clearly indicated that they had hacked the site and presumably sent the email to all members as a trophy.

In today’s incident, the fact that the stuff being promoted is an “online pharmac_” (probably selling prescription drugs illegally) also suggests to me hacking of the site. No Australian-based site with any sense would sell such stuff as the risk of getting caught is too high.

The software used to run these “bulletin board” type sites often has vulnerabilities and if not kept up to date can leave the user data open to hacking.

Now, I have to say that I am a member of many, many sites and this has never happened with those other sites in many years. Yet with AFF, it has happened twice.

 

[spunkarooney]

Just a bit more information:

I use one address for the email subscription to AFF and another email address for the AFF forums. The spam was receive on the email address used for email subscription.

So, it appears that someone has access to the subscription list for the AFF site.

 

[one9]

Hi,

Unfortunately many popular scripts (eg. vBulletin or mailing list software) have been built insecurely and many "hackers" often find vulnerabilities for such scripts. Then the script maker will release a patch, and then some time later, another vulnerability will be found.

I run multiple websites and despite good security and passwords, have had information stolen before.

That is why I never store very personal information (credit card numbers, DOBs) in databases on normal webservers.

 

[clifford]

Yes it's a fact of life, so no one should be surprised when it happens.

Just don't store sensitive information on public websites!

 

[odysseus]

Though you say it wasn't the forum side, there's a fair bit of such hacking going around lately. The OCAU forums which are significant in Australia were hacked a month or so back, with a similar issue. And that's not the only incident.

 

[spunkarooney]

I’d like to hear what the site owner has to say seeing this is the 2nd time this has occurred.

 

[harvyk]

Two words - School Holidays...

In my former life I used to be a security engineer. You could always tell when it was school holidays as our security logs would double if not triple. It was mainly script kiddies (aka kids who think hacking means you load up the "hack a server in 15 minutes" program and press start). They are bored, and thus pick out random computers to hack. Nothing more nothing less.

Given that AFF is being run using "off the shelf" software chances are there is at least one or two vulnerabilities in the system which are not yet known about (to the developers) or are not yet patched

That said, most email servers have ways of confirming email addresses without actually sending any emails (and yes it's easy to script a checker app if one does not already exist), furthermore harvesters are out and about looking for anything which looks like an email address to add to lists. There is more than the outside chance that anyone receiving spam emails are receiving it because of bad luck rather than any actual hacking. (I have a set of email addresses, ones I give out to all and sundry knowing I'll receive spam as a result, and others which I never give out, and yet they are still found out).

 

[drewbles]

Just a bit more information:

I use one address for the email subscription to AFF and another email address for the AFF forums. The spam was receive on the email address used for email subscription.

So, it appears that someone has access to the subscription list for the AFF site.

Having worked in the ISP world (network and system security engineer) for the past 15 years, I can safely say it's more likely they've just spam'd you and not hacked AFF.

Trust me, if you look at the mail logs I've seen, the spammers simply try *everything*. Random dictionary words, random character combinations, everything. I've had email addresses equally 'difficult' that receive spam, and they're only used for internal purposes (read: auto-generated reports that are sent to me only).

I'd say filters it, ignore it and move on (but feel free to change all your info on here if you're overly concerned about security).

If they had access to the 'subscription list' we all would have been spam'd. Modus Operandi for Spammers is email everything they can email. If you've been spam'd, we all would've been.

*edit* harvyk said it all for me pretty much

 

[straitman]

I’d like to hear what the site owner has to say seeing this is the 2nd time this has occurred.

spunkarooney,

I have to ask the obvious question. Have you reported this to admin or the moderators or are you relying on this thread to do so :?:

Lately I have had a little of the sort of emails to which you refer but simply look at them, do not down load them then bounce them and then they dry up for a while. Then it starts again.

I do not know if you have been spammed or the site has been hacked but with the right limits in place I am comfortable.

 

[serfty]

FWIW, Moderators are indeed viewing this. I can only repeat what has been posted as well as indicating that other than that, since this was a one off email address it should not be causing too much issue.

FWIW, admin is away and is not contactable (by email or mobile). Admin will be back early next week.

I suggest sending admin a PM or email then sit tight.