SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Warning: Web Forums Compromises Or A Bad Actor (And A Note Of Appreciation For SIGforum)
Go
New
Find
Notify
Tools
Reply
  
Warning: Web Forums Compromises Or A Bad Actor (And A Note Of Appreciation For SIGforum) Login/Join 
Nullus Anxietas
Picture of ensigmatic
posted
On May 26 somebody attempted to log in to my FTP server using a tagged email address/username I'd given a firearms web forum.

I went to the forum in question, logged in, changed my email address (successfully), and put the old email address in my mail server's "reject as compromised" list.

On May 27 it happened again. This time a non-firearms-related web forum.

On May 30 it happened a third time. Again: Another non-firearms-related forum.

Now there was a clear pattern. These three forums all had one thing in common: They use Fora/Xenforo web software. It later turned out they had another thing in common. More on that in a bit.

On May 31 it happened a fourth time.

Today there was a fifth occurrence, only, this time I was unable to log in. When I attempted to do a password change using my forum username I received no password reset email. When I attempted it using the tagged email address for that forum, I got back "No such account."

All five of these forums have another thing in common: They're all owned and operated by VerticalScope. Two of them show as owned by Second Media, but...
quote:
Second Media, which offers an advertising platform with an audience of more than 10 million outdoor, hunting, and fishing sports enthusiasts on over 100 websites, has been acquired by VerticalScope...
Ref: CFO Rick Client Second Media Acquired by VerticalScope

(VerticalScope has been actively buying-up every web forum it's been able to get its hands on for years.)

If it'd been one account compromised I'd have written it off as my account on that site being brute-force hacked by password-guessing. Maybe even it it'd happened twice. But, five times, all the same forum software, all five forums owned by the same entity? All in a little more than a week?

Not bloody likely, IMO.

Thus I surmise one of three things is happening: The Fora/Xenforo web software has an actively-exploited security flaw, VerticalScope's databases have been hacked, or VerticalScope has been selling it's user's email addresses.

I've tried to report this activity to one of the network security organizations to whose email security bulletins I subscribe, but, they've no apparent reporting mechanism and an email to them has gone unanswered.

One take-away of all this is the importance of never, ever using the same login credentials (username, password) on multiple Internet sites.

(Of the five sites: The only thing shared was I used the same username on two of them. They all, save one, had strong passwords with mixed case, numbers, and punctuation characters in them.)

The other take-away is the wisdom in using tagged email addresses for all on-line accounts, everywhere, whenever you can. If I'd used un-tagged email addresses at all these sites, the attempted abuse of my FTP server would've looked like any other run-of-the-mill FTP server abuse attempts. (My unadorned email address, thus my login username part, are all over the 'net. I've had them for some 40+ years.)

The sites for which my email addresses have been used to attempt to access my FTP server:

Walther Forums (Walther firearms)
DIY Chatroom (Do-It-Yourself site)
TrailBlazer/Envoy Forums (Chevy/GMS TrailBlazer/Envoy forums)
AVS Forums (Audio-Visual Science forums)
MP-Pistol Forums (Firearms forum)

I fully expect that, eventually, every forum I've joined which has since been acquired by VerticalScope and/or is running the Fora/Xenforo web software will find the email addresses I gave them used to attempt to exploit my FTP server. Yay.

Lastly, but, certainly not least of all: This is a shining example of but one of the many reasons we should all appreciate SIGforum and what parabellum so graciously provides us.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26029 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
Picture of iron chef
posted Hide Post
To quote para,
quote:
You know all those forums you had in mind when you posted your little rant? Yeah, most of them have been bought out over the past few years and some of them are now owned by foreign entities. It's not only that they are outside the borders of the United States that chafes me; it's that this ownership never appears in those gun forums and they do not give the first shit about the Second Amendment or firearms in general. These gun forums that have been snapped up- they now serve as venues to place ads, to generate revenue. Look around this forum. Do you see any ads? Don't misunderstand me. I'm all for free enterprise, but these boards formerly were owned by individuals- Americans and gun owners, but now they are owned by people who would be just as content with what they get out of owning those places if they were, say, jeep forums, watch collector forums, or any number of other hobbies and pursuits.

These groups who cruise the waters like sharks devouring whatever is in their path- they've come sniffin' around here and I have sent them away, and those who thought that my initial rejection of their offer was an overture to begin negotiations and come back around- well, they get told to climb up their own ass, and that I will never sell this place to these soulless people. Better to turn this place I love into a smoking hole in the ground. I could not be more serious.

https://sigforum.com/eve/forum...0601935/m/9540012105

SF is different, an outlier, and those of us who have been around the internet block a few times understand why. Cool
 
Posts: 3334 | Location: Texas | Registered: June 17, 2003Reply With QuoteReport This Post
Fighting the good fight
Picture of RogueJSK
posted Hide Post
quote:
Originally posted by ensigmatic:
VerticalScope has been actively buying-up every web forum it's been able to get its hands on for years.


Yep. They're currently sitting on right around 1500 different web forums.
 
Posts: 33431 | Location: Northwest Arkansas | Registered: January 06, 2008Reply With QuoteReport This Post
Ignored facts
still exist
posted Hide Post
quote:
On May 26 somebody attempted to log in to my FTP server


I'm not understanding something here. How does the FTP server come into play here?

It makes sense that someone was hacking in general, but not sure how the FTP server became a target, based on what you did on a forum.


.
 
Posts: 11212 | Location: 45 miles from the Pacific Ocean | Registered: February 28, 2003Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by radioman:
quote:
On May 26 somebody attempted to log in to my FTP server
I'm not understanding something here. How does the FTP server come into play here?
Somebody attempted to use the both the email addresses and the username portions of those email addresses (see below) to gain an authenticated login to my FTP server.

An email address consists of a "username" part and a "hostname" part. E.g.: Email address: "nobody@example.com". The username part is "nobody" and the hostname part is "example.com".
quote:
Originally posted by radioman:
It makes sense that someone was hacking in general, but not sure how the FTP server became a target, based on what you did on a forum.
Somebody harvested, or was given, my email addresses. They scanned the hostname part, found a live FTP server there, and attempted a login.

The fact they only tried once, for each email address and username part, suggests they thought they had a valid password for the associated user i.d. That, in turn, suggests the passwords, along with the email addresses, were gathered from those sites, as well. But, of the five sites, on only one was my login no longer functional. So I don't know.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26029 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Ignored facts
still exist
posted Hide Post
quote:
Somebody harvested, or was given, my email addresses. They scanned the hostname part, found a live FTP server there, and attempted a login.


Oh, now it makes total sense. You have your own e-mail setup as opposed to say, Gmail or hotmail, and someone thought it might be interesting to try to hack into it.

thanks for the added explanation.


.
 
Posts: 11212 | Location: 45 miles from the Pacific Ocean | Registered: February 28, 2003Reply With QuoteReport This Post
Ignored facts
still exist
posted Hide Post
quote:
If it'd been one account compromised I'd have written it off as my account on that site being brute-force hacked by password-guessing. Maybe even it it'd happened twice. But, five times, all the same forum software, all five forums owned by the same entity? All in a little more than a week?

Not bloody likely, IMO.


Did you get any forensic info such as IP address or general location of the hacker? If so, Was it the same from each of the 5 forums from which you mentioned?


.
 
Posts: 11212 | Location: 45 miles from the Pacific Ocean | Registered: February 28, 2003Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
 
Why are you running an FTP server? Knowing what I do about you, I am sure it is well-secured, but is not ftp really old tech?



When in doubt, mumble
 
Posts: 10887 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
His diet consists of black
coffee, and sarcasm.
Picture of egregore
posted Hide Post
Why would anybody want to buy others' web forums? What's in it for them? Where's the money?
 
Posts: 29043 | Location: Johnson City, TN | Registered: April 28, 2012Reply With QuoteReport This Post
Member
Picture of 229DAK
posted Hide Post
quote:
Originally posted by egregore:
Where's the money?
Advertisements.


_________________________________________________________________________
“A man’s treatment of a dog is no indication of the man’s nature, but his treatment of a cat is. It is the crucial test. None but the humane treat a cat well.”
-- Mark Twain, 1902
 
Posts: 9384 | Location: Northern Virginia | Registered: November 04, 2005Reply With QuoteReport This Post
The success of a solution usually depends upon your point of view
posted Hide Post
quote:
Originally posted by egregore:
Why would anybody want to buy others' web forums? What's in it for them? Where's the money?


Some web forums not called SIGforum monetize by crowding the sites with advertising that generate income, usually based on the number of visits or “clicks” the site gets. It is easy to forget how spoiled we are here.



“We truly live in a wondrous age of stupid.” - 83v45magna

"I think it's important that people understand free speech doesn't mean free from consequences societally or politically or culturally."
-Pranjit Kalita, founder and CIO of Birkoa Capital Management

 
Posts: 3947 | Location: Jacksonville, FL | Registered: September 10, 2010Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by radioman:
Did you get any forensic info such as IP address or general location of the hacker? If so, Was it the same from each of the 5 forums from which you mentioned?
Yeah. IP addresses. Not particularly interesting.
quote:
Originally posted by henryaz: 
Why are you running an FTP server?
To facilitate transferring files?

Plus, it turns out, it's an effective honey trap. Besides the recent incidents I see bad actors try to log into it all the time. (China comprises the vast majority of these.)
quote:
Originally posted by egregore:
Why would anybody want to buy others' web forums? What's in it for them? Where's the money?
Adverts and selling users' info.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26029 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Fighting the good fight
Picture of RogueJSK
posted Hide Post
quote:
Originally posted by 229DAK:
quote:
Originally posted by egregore:
Where's the money?
Advertisements.


Yep. Not only direct advertising on the forum pages, but also selling of user info to marketing firms for email/mail advertising purposes, and selling of forum perks (like dedicated subforums and promoted threads) to corporate sponsors/partners.

Edit: Oh, and also through selling access to various "tiers" of memberships. That's a hallmark of forums that have sold out to VerticalScope.

This message has been edited. Last edited by: RogueJSK,
 
Posts: 33431 | Location: Northwest Arkansas | Registered: January 06, 2008Reply With QuoteReport This Post
Thank you
Very little
Picture of HRK
posted Hide Post
Did I miss it or did you report it to Verticalscope, Fora/Xenforo or the web forums web masters.

Curious what they responded in that if it is the case that your information was harvested from them, they have a security breach that all users should be made aware of.

Logging in and posting it in the general forum to give administrators a hint, and in the same time warning users about the potential breach?
 
Posts: 24654 | Location: Gunshine State | Registered: November 07, 2008Reply With QuoteReport This Post
Baroque Bloke
Picture of Pipe Smoker
posted Hide Post
quote:
Originally posted by ensigmatic:
<snip>
One take-away of all this is the importance of never, ever using the same login credentials (username, password) on multiple Internet sites.
<snip>

Yes! Thank goodness for password managers. A long multi-character-set PW for each site.



Serious about crackers
 
Posts: 9693 | Location: San Diego | Registered: July 26, 2014Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by HRK:
Did I miss it or did you report it to Verticalscope, Fora/Xenforo or the web forums web masters.
No, I've yet to have tried that.

My experience on the first forum VS took over was site ownership become unresponsive. I suppose I should give that a try, nonetheless.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26029 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Thank you
Very little
Picture of HRK
posted Hide Post
quote:
Originally posted by ensigmatic:
quote:
Originally posted by HRK:
Did I miss it or did you report it to Verticalscope, Fora/Xenforo or the web forums web masters.
No, I've yet to have tried that.

My experience on the first forum VS took over was site ownership become unresponsive. I suppose I should give that a try, nonetheless.


Or for fun stick a post about how user data looks to be compromised to see how quick you a reply, or, get banned Big Grin

If user data has been compromised, people need to know...
 
Posts: 24654 | Location: Gunshine State | Registered: November 07, 2008Reply With QuoteReport This Post
Peace through
superior firepower
Picture of parabellum
posted Hide Post
quote:
Originally posted by RogueJSK:
quote:
Originally posted by ensigmatic:
VerticalScope has been actively buying-up every web forum it's been able to get its hands on for years.
Yep. They're currently sitting on right around 1500 different web forums.
I wouldn't have guessed that many, but the number doesn't surprise me.

The formerly privately-owned web forums are being commercialized. To a degree, it goes along with one of the points I was making here.



The people who now own these forums- they do not care about the Second Amendment. Torstar, the majority stockholder in VerticalScope is based out of Canada, where there is no constitutional right to own firearms and where firearms are being outlawed and confiscated at an ever-increasing pace.

What happens to those forums when these people finally decide that gun owners are the modern day equivalent of lepers? Don't think it can happen? Sure, the world isn't upside down right now. Everything is just fine.

Well, they ain't gettin' this one.
 
Posts: 110025 | Registered: January 20, 2000Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Warning: Web Forums Compromises Or A Bad Actor (And A Note Of Appreciation For SIGforum)

© SIGforum 2024