Author Topic: Possible Hack  (Read 81 times)

0 Members and 1 Guest are viewing this topic.

Offline =CfC=Fitz

  • Administrator
  • Hero Member
  • *****
  • Posts: 861
    • View Profile
    • Chuffy's Flying Circus
Possible Hack
« on: September 16, 2019, 04:25:22 AM »
Hi all,

My web host advised that the site may have been hacked. I've cleared up the back end but I suggest that you all change your passwords asap. I've deleted a lot of stuff for unused themes and a couple of files that may affect the current theme so please let me know if you spot any issues with the site.

Pip pip,

Fitz

Offline Storebror

  • Chuffy's Flying Circus
  • Full Member
  • ****
  • Posts: 170
  • In loving memory of when I cared.
    • View Profile
    • Special Aircraft Service
Re: Possible Hack
« Reply #1 on: September 16, 2019, 08:03:30 AM »
Thanks for taking care of this Fitz.
Seems to be hacker season again.
@work our telephone system has been hacked on the weekend.
After a few thousand international calls, our provider cut the line.
A colleague of mine had a few hundred calls on his list... I consider myself lucky as my phone list is clear.

Cheers!
Mike
Learn. Challenge. Improve. -

Offline cjd-2010

  • Chuffy's Flying Circus
  • Full Member
  • ****
  • Posts: 104
    • View Profile
Re: Possible Hack
« Reply #2 on: September 16, 2019, 09:13:23 AM »
Password changed to something stronger and equally forgettable! 😁

Cheers,Chris
Fly Navy.Sail Army.Walk Sideways

Offline CFC_Conky

  • Chuffy's Flying Circus
  • Hero Member
  • ****
  • Posts: 2849
    • View Profile
Re: Possible Hack
« Reply #3 on: September 16, 2019, 10:12:35 PM »
Done.
Going to church doesn't make you a Christian any more than standing in a garage makes you a car.

Offline =CfC=Fitz

  • Administrator
  • Hero Member
  • *****
  • Posts: 861
    • View Profile
    • Chuffy's Flying Circus
Re: Possible Hack
« Reply #4 on: September 17, 2019, 01:56:06 AM »
I should probably also mention that if you use the same password on any other sites you might want to change those as well. Hackers have a habit of trying email/password combinations wherever they can.

Offline Storebror

  • Chuffy's Flying Circus
  • Full Member
  • ****
  • Posts: 170
  • In loving memory of when I cared.
    • View Profile
    • Special Aircraft Service
Re: Possible Hack
« Reply #5 on: September 17, 2019, 10:52:07 AM »
It should be noted though that SMF does not store plain text passwords and it does not use a reversible encryption either.
Passwords are stored in hashed&salted format.
Hashed means it's one-way encryption, you cannot simply "decrypt" a hashed password.
Salted means that so called "rainbow tables" are useless when attempting to guess the matching password for a hash.
What's left is a brute force attack, which works for pretty simple and short passwords, so complexity is the key.
My password generally have both uppercase and lowercase letters, numbers and special characters like "+-#&%$()" etc, and they're at least 10 characters long.
Not that his would make unhashing impossible, but with today's hardware, it would take a little longer than all of us are going to stay on this planet, even if we sum it up.
Nevertheless, of course I don't recycle passwords across sites - this is something I'd generally suggest not to do at all, never ever.

Cheers!
Mike
Learn. Challenge. Improve. -