Go | New | Find | Notify | Tools | Reply |
Nullus Anxietas |
On May 26 somebody attempted to log in to my FTP server using a tagged email address/username I'd given a firearms web forum. I went to the forum in question, logged in, changed my email address (successfully), and put the old email address in my mail server's "reject as compromised" list. On May 27 it happened again. This time a non-firearms-related web forum. On May 30 it happened a third time. Again: Another non-firearms-related forum. Now there was a clear pattern. These three forums all had one thing in common: They use Fora/Xenforo web software. It later turned out they had another thing in common. More on that in a bit. On May 31 it happened a fourth time. Today there was a fifth occurrence, only, this time I was unable to log in. When I attempted to do a password change using my forum username I received no password reset email. When I attempted it using the tagged email address for that forum, I got back "No such account." All five of these forums have another thing in common: They're all owned and operated by VerticalScope. Two of them show as owned by Second Media, but... Ref: CFO Rick Client Second Media Acquired by VerticalScope (VerticalScope has been actively buying-up every web forum it's been able to get its hands on for years.) If it'd been one account compromised I'd have written it off as my account on that site being brute-force hacked by password-guessing. Maybe even it it'd happened twice. But, five times, all the same forum software, all five forums owned by the same entity? All in a little more than a week? Not bloody likely, IMO. Thus I surmise one of three things is happening: The Fora/Xenforo web software has an actively-exploited security flaw, VerticalScope's databases have been hacked, or VerticalScope has been selling it's user's email addresses. I've tried to report this activity to one of the network security organizations to whose email security bulletins I subscribe, but, they've no apparent reporting mechanism and an email to them has gone unanswered. One take-away of all this is the importance of never, ever using the same login credentials (username, password) on multiple Internet sites. (Of the five sites: The only thing shared was I used the same username on two of them. They all, save one, had strong passwords with mixed case, numbers, and punctuation characters in them.) The other take-away is the wisdom in using tagged email addresses for all on-line accounts, everywhere, whenever you can. If I'd used un-tagged email addresses at all these sites, the attempted abuse of my FTP server would've looked like any other run-of-the-mill FTP server abuse attempts. (My unadorned email address, thus my login username part, are all over the 'net. I've had them for some 40+ years.) The sites for which my email addresses have been used to attempt to access my FTP server: Walther Forums (Walther firearms) DIY Chatroom (Do-It-Yourself site) TrailBlazer/Envoy Forums (Chevy/GMS TrailBlazer/Envoy forums) AVS Forums (Audio-Visual Science forums) MP-Pistol Forums (Firearms forum) I fully expect that, eventually, every forum I've joined which has since been acquired by VerticalScope and/or is running the Fora/Xenforo web software will find the email addresses I gave them used to attempt to exploit my FTP server. Yay. Lastly, but, certainly not least of all: This is a shining example of but one of the many reasons we should all appreciate SIGforum and what parabellum so graciously provides us. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | ||
|
Member |
To quote para,
https://sigforum.com/eve/forum...0601935/m/9540012105 SF is different, an outlier, and those of us who have been around the internet block a few times understand why. | |||
|
Fighting the good fight |
Yep. They're currently sitting on right around 1500 different web forums. | |||
|
Ignored facts still exist |
I'm not understanding something here. How does the FTP server come into play here? It makes sense that someone was hacking in general, but not sure how the FTP server became a target, based on what you did on a forum. . | |||
|
Nullus Anxietas |
Somebody attempted to use the both the email addresses and the username portions of those email addresses (see below) to gain an authenticated login to my FTP server. An email address consists of a "username" part and a "hostname" part. E.g.: Email address: "nobody@example.com". The username part is "nobody" and the hostname part is "example.com". Somebody harvested, or was given, my email addresses. They scanned the hostname part, found a live FTP server there, and attempted a login. The fact they only tried once, for each email address and username part, suggests they thought they had a valid password for the associated user i.d. That, in turn, suggests the passwords, along with the email addresses, were gathered from those sites, as well. But, of the five sites, on only one was my login no longer functional. So I don't know. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Ignored facts still exist |
Oh, now it makes total sense. You have your own e-mail setup as opposed to say, Gmail or hotmail, and someone thought it might be interesting to try to hack into it. thanks for the added explanation. . | |||
|
Ignored facts still exist |
Did you get any forensic info such as IP address or general location of the hacker? If so, Was it the same from each of the 5 forums from which you mentioned? . | |||
|
member |
Why are you running an FTP server? Knowing what I do about you, I am sure it is well-secured, but is not ftp really old tech? When in doubt, mumble | |||
|
His diet consists of black coffee, and sarcasm. |
Why would anybody want to buy others' web forums? What's in it for them? Where's the money? | |||
|
Member |
Advertisements. _________________________________________________________________________ “A man’s treatment of a dog is no indication of the man’s nature, but his treatment of a cat is. It is the crucial test. None but the humane treat a cat well.” -- Mark Twain, 1902 | |||
|
The success of a solution usually depends upon your point of view |
Some web forums not called SIGforum monetize by crowding the sites with advertising that generate income, usually based on the number of visits or “clicks” the site gets. It is easy to forget how spoiled we are here. “We truly live in a wondrous age of stupid.” - 83v45magna "I think it's important that people understand free speech doesn't mean free from consequences societally or politically or culturally." -Pranjit Kalita, founder and CIO of Birkoa Capital Management | |||
|
Nullus Anxietas |
Yeah. IP addresses. Not particularly interesting. To facilitate transferring files? Plus, it turns out, it's an effective honey trap. Besides the recent incidents I see bad actors try to log into it all the time. (China comprises the vast majority of these.) Adverts and selling users' info. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Fighting the good fight |
Yep. Not only direct advertising on the forum pages, but also selling of user info to marketing firms for email/mail advertising purposes, and selling of forum perks (like dedicated subforums and promoted threads) to corporate sponsors/partners. Edit: Oh, and also through selling access to various "tiers" of memberships. That's a hallmark of forums that have sold out to VerticalScope.This message has been edited. Last edited by: RogueJSK, | |||
|
Thank you Very little |
Did I miss it or did you report it to Verticalscope, Fora/Xenforo or the web forums web masters. Curious what they responded in that if it is the case that your information was harvested from them, they have a security breach that all users should be made aware of. Logging in and posting it in the general forum to give administrators a hint, and in the same time warning users about the potential breach? | |||
|
Baroque Bloke |
Yes! Thank goodness for password managers. A long multi-character-set PW for each site. Serious about crackers | |||
|
Nullus Anxietas |
No, I've yet to have tried that. My experience on the first forum VS took over was site ownership become unresponsive. I suppose I should give that a try, nonetheless. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Thank you Very little |
Or for fun stick a post about how user data looks to be compromised to see how quick you a reply, or, get banned If user data has been compromised, people need to know... | |||
|
Peace through superior firepower |
I wouldn't have guessed that many, but the number doesn't surprise me. The formerly privately-owned web forums are being commercialized. To a degree, it goes along with one of the points I was making here. The people who now own these forums- they do not care about the Second Amendment. Torstar, the majority stockholder in VerticalScope is based out of Canada, where there is no constitutional right to own firearms and where firearms are being outlawed and confiscated at an ever-increasing pace. What happens to those forums when these people finally decide that gun owners are the modern day equivalent of lepers? Don't think it can happen? Sure, the world isn't upside down right now. Everything is just fine. Well, they ain't gettin' this one. | |||
|
Powered by Social Strata |
Please Wait. Your request is being processed... |