Help - Search - Members - Calendar
Full Version: FeeVerte.net Absinthe Forums are back!
The Fée Verte Absinthe Forum - The Oldest, Largest, Most Authoritative Absinthe Forum. > General > Administrative News & Site Updates
Pages: 1, 2
Kallisti
The questions you’re all dying to have answered:
  1. Yes, the forum was hacked.
  2. No, it was not hacked within the community. But there were some admin logs that initially led us to believe this might have been the case. The perp, probably some random script kiddie, found our site via google by searching on our invision version #. I have the server logs to prove it.
  3. Yes, we immediately upgraded to 2.1.7, the site should now be safe from related attacks. We kept the site down until we were very sure of the extent of the attack, what to do about it and how to fix it.
This was actually an Invision wide attack, many boards all over the net have been lost and damaged. We were lucky and escaped relatively unharmed.

Relatively?

Yes, because it does appear that the perp got access to the Admin CP and downloaded a backup of our database. What this means is that they may have access to all of our passwords.

What you need to do:

The admins have of course changed theirs, but we strongly recommend that all users change their passwords ASAP. If your password had anything in common with your email accounts, or any other accounts that could be connected with your account here, we strongly recommend that you change your passwords NOW.

Please feel free to contact us by PM or Email if you have any further questions or concerns. There may be a few UI bugs due to the recent upgrade. Please post about them or email and we’ll look into them.

Thank you,
Management
Lord Stanley
I was wondering what the hell was going on.
Thanks for getting things back up and running.
Marc
Glad everything is back online without any loss or damage.

Good job and bravo abs-cheers.gif
Absinthesizer
Are we talking or are we drinking?

But (gulp), glad to see the forum back up! (gulp)
green beh
WELL DONE on getting the forum back up!


i missed it all so much! :)



and now... abs-cheers.gif


radioflux
Hm. Aren't passwords supposed to be stored encrypted?
sixela
Yes. But if they are an English word or very close to it, there are successful brute force attacks through the "crack" utility and others.
SoulShade
Thanks for all the (I'm sure) hard work, and the heads up! Glad things are up and running.
traineraz
EEK!

Glad it's all fixed . . . Thanks for keeping us up to date, too!
Fredie
QUOTE(Absinthesizer @ Jul 30 2006, 02:28 PM) *

Are we talking or are we drinking?

But (gulp), glad to see the forum back up! (gulp)



I'll louche to that!! abs-cheers.gif
Helfrich
Who the fuck is fluffyredux?
Outerlimits
groupwave reversed.gif Glad to see FV is up and running again. I have constructed a voodoo doll dedicated to the hacker and have put all of my sewing neddles into it.
el_yotcho
I logged into the forums today about an hour ago for the first time in at least several months, but it said my last login was today at 5-ish. Is that a glitch, or was that the hax0r? Thanks
MarKoPoLo
QUOTE(radioflux @ Jul 30 2006, 03:18 PM) *

Hm. Aren't passwords supposed to be stored encrypted?


There are utilities out there that allow you to use these encrypted files. In other words, anything encrypted can be decrypted.
hartsmar
QUOTE(radioflux @ Jul 30 2006, 03:18 PM) *

Hm. Aren't passwords supposed to be stored encrypted?


Not to get techy or so but they're stored in MD5 which is proven less powerful than people have thought and have been cracked. And as Sixela says, a very easy way is Brute Forcing.

If this is a script kiddie attack it's likely that he/she will do just that. Run a Brute Force program against the table of passwords and likely end up cracking some of them within hours.
Marc
But the question is : what for ? what's the interest of cracking and accessing our accounts or even the admins accounts ? what's the gain ?
hartsmar
For a script kiddie - the "thrill" of "doing" a successful attack.
For anyone else. Nothing.

If you use the same password anywhere else - change it.

sixela
QUOTE(MarKoPoLo @ Jul 31 2006, 07:08 AM) *

QUOTE(radioflux @ Jul 30 2006, 03:18 PM) *

Hm. Aren't passwords supposed to be stored encrypted?


There are utilities out there that allow you to use these encrypted files. In other words, anything encrypted can be decrypted.


Nope. They canot use the encrypted passwords, except to try and crack them. If they're not dictionary words or close to them, bruteforcing is possible but requires quite some computational power - beyond that of the typical script kiddy, but not e.g. the NSA is the US (or anyone with a very large computer).

Another reason to use strong passwords, with upper/lowercase, symbols, punctuation, etc.

Steyr850
QUOTE(hartsmar @ Jul 31 2006, 02:37 AM) *

If you use the same password anywhere else - change it.


Do you mean any other forums?
hartsmar
For instance, and e-mail accounts etc.

If there are ANY other places where you use the same password as the one you had/have here, change it.
alanmoss
Alternatively if you consider it too much work to change the password with your bank or any other online account where you use the same email address and password (Amazon?), just tell Hartsmar or myself by PM and we will liberate your funds for you!

Hartsmar has an expensive habit to support, and I have a young and growing family to support ....
traineraz
Shoes?
mxreb0
Sorry the forum was hacked everybody. Admins: thanks for getting things back together.
hartsmar
QUOTE(alanmoss @ Jul 31 2006, 08:17 AM) *

Hartsmar has an expensive habit to support, and I have a young and growing family to support ....


Family. Yes, those people require money as well.
I like your idea, Alan.
Wild Bill Turkey
offtopic2.gif
I just noticed I can't find the Absinthe Collector's Forum listed in the links section anywhere. Shouldn't it be under Sister Sites or something?
G&C
I'm sure it's just an Over Site.
Marc
QUOTE(Wild Bill Turkey @ Aug 2 2006, 06:41 AM) *

I just noticed I can't find the Absinthe Collector's Forum listed in the links section anywhere. Shouldn't it be under Sister Sites or something?


What the hell is Oxy doing ? first he forgot to list Absinthe Classics and Now Absinthe Collector's Forum blink.gif

hartsmar
Well, Oxygenee.com is listed, and that is where the forum is so...
But sure, it could be a little more obvious.
Le Gimp
Man, just when I think I can remember all my passwords this comes along and I have to start all over again.
Marc
That was your 10000th post Le Gimp, congratulations abs-cheers.gif
The Standard Deviant
Hmm, and he registered yesterday…
traineraz
He's a prolific sort.
Marc
shhh he is the FV hacker
traineraz
Nah, only thing Gimpy hacks is the English language.
Le Gimp
abs-cheers.gif w00t2.gif
Absomphe
Damn you, Gimpy, you beat my two day posting record by three posts! ranting.gif
Le Gimp
I cheated and used a script.
AntonioTertius
You would think those people-hackers-could find something more useful to do with their time,like drinking absinthe!
jacal01
Which one do you have in mind?
Le Gimp
I get an error message when I hit the 'View New Posts' tab. Been getting it for a week.
Nymphadora
me too
traineraz
I've been having trouble just getting pages to load, though it seems to be more a problem from work than from home. It's really slow, and often fails to load.

Other sites (WS, for example) don't have any issue.
Steyr850
What he said.

All functions slow for me, Log-on/off, Add Reply, Back/Forward, everyting (both at work and at home). Seems things are stiffled right now.

G&C
Works well, then it doesn't.


Doesn't matter where I are.
Steyr850
True. Refresh alot seems to create breaks.

Funking Wormholes.
Head_prosthesis
Again, appypollyloggys to Gimp who I deleted accidentally
in my clean sweep of the dirty old abused condoms that used to
be member accounts. Similar names were popping up in my
searches and I was getting loopy then >poof< Le Gimp was gone.

But the new improved Gimp has bionic wit and a 400GB libary
of wildly amusing Woofisms.

He's the Million Dollar Bionderosi.
Le Gimp
Hey, no problem.

Chit happens.
justabob
QUOTE(G&C @ Aug 21 2006, 07:55 PM) *

Works well, then it doesn't.


Doesn't matter where I are.


Yeah, I pay the big bucks for this cable absinthe network and its slow as dial-up. These guys arnt careful I will be changin over to satellite!
Kallisti
I've been online with support several times this week. Because it is intermittent, it is difficult to troubleshoot, but we're workin' on it!

And Oxy is holding a riffle to their head chickawow.gif

I expect results soon.
Oxygenee
I visualize it as a serrated knife, and quite a bit lower down the body.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2018 Invision Power Services, Inc.