Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Hope you've passed all you know to the authorities, blackmail......tut tut
    [URL="http://www.aviationweb.net/"]Aviation Web[/URL="http://www.aviationweb.net/"]

    Comment


    • #32
      Bill, I asked Steve to pass on details in the ticket you opened, I'll gladly track down the entry point if you wish and I'll also do a quick audit of your code if you wish in my spare time.

      Where in your code did you have passthru?
      Scott MacVicar

      My Blog | Twitter

      Comment


      • #33
        Thanks, I'll have Stuart (scotsmist) contact you, he's going thru the logs if thats OK

        Comment


        • #34
          hI Scott. Stuart this time. wife's making a coffee (wish it was me)

          Can I contact you by PM ?
          vbPortal Developer

          Comment


          • #35
            Passwords, smashwords.... all that effort and they get to post on your forums without registering their own account.

            Yep, worth all that supercomputer time to bypass the registration process.

            Comment


            • #36
              I hope you get this sorted out guys, keep strong.

              Comment


              • #37
                You should have agreed to pay the money and obtained their e-gold information and then report them to the authorities...
                Steve
                CreedFeed - Feed Your Need!
                http://www.creedfeed.com

                Comment


                • #38
                  Originally posted by CreedFeed View Post
                  You should have agreed to pay the money and obtained their e-gold information and then report them to the authorities...
                  Good idea!. Try emailing them back and say you will accsept the offer, (they may do it).

                  Comment


                  • #39
                    I can't say what steps were, will be taken yet. But, when they are in a lawless country there's not much the authorities can do. Best we can do is try to solve this for the whole community. Worst is fail, thats why we need to work together.
                    Last edited by wajones; Wed 26th Jul '06, 6:31pm.

                    Comment


                    • #40
                      Originally posted by scotsmist View Post
                      As wife of one of VB Portals developers i would like you all to know that no one is sticking their heads in the sand, I watch hours turn into days with him either coding,answering messages of looking at log files and not to mention the having a heart attack over this portal but still there he is trying to find the source of this and make it secure etc... I think you should all be less judgmental or see if your anymore capable.
                      I don't think it is anyones intention to judge anyone here. I think we're all a bit concern for security as even myself I was notified via email about this incident. Granted I paniced for a minute or so, I realize you guys were basing the entire user login and permission system and just disregarded it as generally I doubted they would get my password.
                      ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
                      Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

                      Comment


                      • #41
                        Originally posted by ManagerJosh View Post
                        I don't think it is anyones intention to judge anyone here. I think we're all a bit concern for security as even myself I was notified via email about this incident. Granted I paniced for a minute or so, I realize you guys were basing the entire user login and permission system and just disregarded it as generally I doubted they would get my password.
                        thanks.
                        the wife went to bed hours ago. she was just being supportive. it doesn't happen that often so I wasnt going to stop her
                        vbPortal Developer

                        Comment


                        • #42
                          Well good for her to support her husband. Go get some sleep too. You have some sleepless nights ahead of you.
                          ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
                          Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

                          Comment


                          • #43
                            Originally posted by wajones View Post
                            We regret to say yes vbPortal has been hacked this morning using a PHP passthru() hack, we are down and our user table has most likely been compromised. Although it's most likely not prosible to get your passwords I would change them anywhere else you might use them.

                            Were working very hard to resolve this issue and will let you know when we have found out how they got access to the server and have it fixed.

                            I can't add anything right now.
                            Some guy called Morfeus got my server last week, througth phpAdsNew2 not updated, using this : http://phpadsnew.com/two/nucleus/index.php?itemid=45

                            We installed a brand new operating system, new passwords and son on.
                            A very very annoing thing, I know
                            Italian Body Building & Fitness : www.BodyWeb.com
                            Italian unofficial support Forum : www.vBulletin.it

                            Comment


                            • #44
                              Originally posted by Neal-UK View Post
                              Hope you've passed all you know to the authorities, blackmail......tut tut
                              Looks a bit more than blackmail to me

                              Theft of data and then held to ransom for the return of said data with no guarantees but the word of a villain or group of villains that that would stop a sale of the stolen data to the highest bidder.
                              Blackmail for the private disclosure of alleged security hole against a mass dissclosure.
                              Racketry style extortion by threatening ones place of business or its employees and/or volunteers with visible damage.
                              And for a tidy sum aswell, although they didnt really do the homework on the figure properly or take into account any % of non licenced vbulletin accounts on phpportals.com

                              By complying with such demands would have just been giving funds to them, where they could possibly have allready stolen the data quietly anyway and put it up for auction after, the mass disclosure of is really worthless, it would only lead to a fix of whatever the security hole is/was, this is just added to try to aid the fear element of the whole mail in general. Defacing a site and using the built in vb-mailer to notify a customer base is nothing more than vandalism and ensuring maximum coverage of the vandalism.

                              Originally posted by CreedFeed View Post
                              You should have agreed to pay the money and obtained their e-gold information and then report them to the authorities...
                              To me that looks like it would have been futile, a five minute readup shows e-gold is an off-shore account governed by some out of US jurestiction "laws of nevis".

                              Originally posted by NashTax View Post
                              Good idea!. Try emailing them back and say you will accsept the offer, (they may do it).
                              Doubt it would do any good now, this is a public forum where anyone can read including said villains.


                              PS multi quote isnt working in the retro style.

                              Comment


                              • #45
                                We thank everyone for being so supportive, extortion is something I would never pay. Even if I had all that money they thought I had.

                                Being retired for health reasons, a daughter in college, a wife that deserves more than I can afford. They just tried their big score on the wrong person.

                                I could shut down phpPortals and actually boost my income Under these circumstances I never will. I would rather donate all the money I make to chase these criminals if I have any left.

                                No score for them here

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X