|
Post by Brave Adventures on Dec 15, 2014 1:06:20 GMT -9
Something horrible has happened.
Our server has been hacked and hijacked. Please change your passwords and ignore any suspicious emails sent from us.
I'm trying to get this sorted out with our hosting company, but all of our files may have been deleted and any passwords you used on our site are no longer safe.
I'm horribly sorry about this.
Ryan
|
|
|
Post by morlock on Dec 15, 2014 3:37:45 GMT -9
When you say "any passwords you used on our site are no longer safe", I do hope that you are not storing our plain passwords on your server.
EDIT: And of course good luck with getting back your server in order!
|
|
|
Post by cowboyleland on Dec 15, 2014 3:40:00 GMT -9
Good luck Ryan. I hope you can get your files back.
|
|
|
Post by Brave Adventures on Dec 15, 2014 4:40:22 GMT -9
When you say "any passwords you used on our site are no longer safe", I do hope that you are not storing our plain passwords on your server. EDIT: And of course good luck with getting back your server in order! Payment information would not have been stored on the site since that is handled separately by PayPal. If you created a member login though, your login would have been encrypted and stored in a database, but since the site has been hacked the member login information is probably compromised even though it is encrypted. I recommend changing any passwords you used on our site because it is better safe than sorry. I'm still trying to sort through the damage. Ryan
|
|
|
Post by aaron on Dec 15, 2014 5:31:49 GMT -9
why would someone do this? it's not like were huge companies with massive firewalls? I thought these hackers like a challenge? aren't we kind of like beating up little kids on a playground? I mean my old site didn't even have encryption on it for crying out loud.... well I hope all goes well with your site and you can get things back to normal soon!
|
|
|
Post by emergencyoverride on Dec 15, 2014 5:56:04 GMT -9
Sorry to hear that man. Ihope it goes smoothly getting it back.
|
|
|
Post by morlock on Dec 15, 2014 6:28:16 GMT -9
why would someone do this? it's not like were huge companies with massive firewalls? I thought these hackers like a challenge? aren't we kind of like beating up little kids on a playground? I mean my old site didn't even have encryption on it for crying out loud.... well I hope all goes well with your site and you can get things back to normal soon! Don't look too much for reasons. Could be an automated script that detected a vulnerability which then got either automatically or manually exploited. Moreover, you thinking that this site is not interesting doesn't mean an attacker would assume the same.
|
|
|
Post by slayride35 on Dec 17, 2014 4:31:20 GMT -9
Changed my PW. Thanks for the heads up. Good luck sorting it all out with the hosting company.
|
|
|
Post by Cardstock Dane on Dec 17, 2014 12:32:32 GMT -9
why would someone do this? it's not like were huge companies with massive firewalls? I thought these hackers like a challenge? aren't we kind of like beating up little kids on a playground? I mean my old site didn't even have encryption on it for crying out loud.... well I hope all goes well with your site and you can get things back to normal soon! I have another hobby I haven't told anyone here about - I'm a scambaiter and a scam warner, when I don't deal with real life or build paper models and minis. That means, that I waste scammers time (sometimes with hillarious results), gather any RL information I can about scammers, try to close their bank accounts, and work to warn potential victims. My ultimate goal is to write a PhD about the phenomenon, but that's still at least a year into the future. Now, even though I mainly deal with 419 scammers, I know enough about internet crime in general to say: They're not targetting your businesses. They're targeting personal information of any kind they can get their hands on. Any data can be sold by a hacker to a scammer. The email addresses are valuable, because they can be sold as maillists. Passwords to this form, how worthless they may seem, can be coupled with email addresses - you'd be surprised how many people that just uses the same password for all their online accounts. Any names and addresses can be used for identity theft, which can be an incredible bad experience for anyone to go through, and credit card and bank data can obviously be misused, but in this case, we're in the clear. The "dark web" is a sinister place indeed. Luckily, we have some sunshine spots on the internet as well, like this little site and forum.
|
|
|
Post by Brave Adventures on Dec 17, 2014 16:26:37 GMT -9
morlock was right. It would have been some kind of automated script sent out to exploit vulnerabilities. I just found out this morning that there was a security hole in a popular cms plugin that was exploited. Apparently many websites at the hosting company were affected, so the technical support team is swamped. I've redirected the DNS, so the server is cut off from the URL. Now, all I can do is wait for the hosting company's technical support team. @cardstock Dane, that's an interesting hobby. There are definitely a lot of scammers out there. Ryan
|
|
|
Post by mahotsukai on Dec 18, 2014 8:39:32 GMT -9
|
|