- This topic is empty.
- December 16, 2007 at 9:34 pm #606459AnonymousInactive
I got this in the mail:
The following is an email sent to you by “Casino Crush Online Gambling”. If this message is spam, contains abusive or other comments you find offensive please contact the webmaster of the board at email@example.com
I am sorry to say but I hacked geno
And sure enough, the site seems to be hacked.December 17, 2007 at 12:44 am #756665AnonymousInactive
Yeap sure enough, I called him and he was aware a few hrs ago about it. Bastards!December 17, 2007 at 2:09 am #756671vladcizsolMember
That sucks!December 17, 2007 at 2:50 am #756675AnonymousInactive
That is a real shame. I couldnt believe someone would have the audacity to send out emails bragging about it.December 17, 2007 at 4:27 am #756676paoloMember
Would be nice to know if password database to their forums might be compromised because of this. So if registered persons should take some actions because of this with their usernames and passwords to other places.December 17, 2007 at 5:04 am #756677AnonymousInactive
phpbb db’s have an MD5 checksum password field, would be a real pain in the arse to decrypt them all.December 17, 2007 at 5:07 am #756679AnonymousInactive
Hi there all,
Thanks for posting about this Dominique, and I can confirm yes we were hacked today unfortunately.
Obviously it’s never good to be hacked, but luckily one of my admins called me straight away and they had about 20 mins (for me to get back from the dinner I was having with friends at the time), to delete our admins, and a few other members that were online at the time.
Fortunately because of the limited time, the damage appears to be minimal and user accounts were restored from a recent backup (not as recent as I’d like but well that’s something now taken care of in case of a repeat).
As for worries about passwords, I don’t believe it is possible for a hacker to see a users password (it is not even shown in the Administration screens – it can only ever be reset), and in User Profile screens – likewise (and then the current password must be entered by the member in order to complete a password change). The passwords (as AFC says above – md5 encrypted when stored in the database).
Without giving away too much in case the hacker happens to be a CAP member – I have put in place a few things to try and reduce the possibility of this happening again but I guess people with nothing better to do may eventually find some other way of getting in.
Just in case anyone does get their phpbb hacked, I have created some ‘recovery scripts’ which will enable recovery from backed-up tables to the current database tables if anyone would like them – just let me know and I’ll gladly forward them with some instructions that I’ll make up in time. If this is something you would like (note it is only for phpbb version 2.x.x powered forums) – then please drop me a PM and I’ll get to it when I can.
Best regards always everyone,
Geno/CCDecember 17, 2007 at 7:49 am #756684AnonymousInactive
i am so sorry to hear that bad news
and this makes me so mad
have peeps nothing better to do!?
I wish you could find out forsure who was it and make his name official.
Best wishes to you Geno.
MarinaDecember 17, 2007 at 1:12 pm #756701AnonymousInactive
I’m sorry to hear you got hacked. PHPBB does have quite a negative track record with regards to security vulnerabilities. I’m sure your precautions will do the job but if you have any doubts I think switching to VBulletin may be another option to reduce the risk.December 17, 2007 at 1:36 pm #756703AnonymousInactive
I have to say this is the main reason I agonized over a switch to VB, was not an easy move but I love the results. If you ever go that way Geno drop me a line and I can help you out on it.December 17, 2007 at 1:45 pm #756704AnonymousInactive
Sounds like the hacker knows who you are, Geno… That makes it sound like it is either someone at CAP or at the very least, someone in the industry.
I don’t know why people spend their time doing this type of stuff. Anyway – glad you are back online.December 17, 2007 at 2:15 pm #756706AnonymousInactive
Could just be someone from the Crush forum too…December 17, 2007 at 2:23 pm #756707AnonymousInactive
It is a real shame if it was someone from CAP, it is hard to think that a community member would be so hateful.December 17, 2007 at 2:26 pm #756709AnonymousInactive
@Dominique 148356 wrote:
Could just be someone from the Crush forum too…
Yeah, that’s why I said ‘someone in the industry’… I meant someone that either affiliates, plays, or just hangs out talking about casinos in forums. It appears to be someone who at least knows the name Geno and a regular hacker doesn’t search for that detail… They just put ‘Hacked by German Hackers’ and move on to the next victim.December 17, 2007 at 2:45 pm #756712AnonymousInactive
That is really low. Geno, we hope you find out who they are.