Upgrade your passwords!

[Buzzfuzz]

Hi all,

Little quote from Amiga.org:

By Karlos:
Dear all,

Several accounts here have been compromised in recent days. We have no evidence at this time to suspect that the server itself has been compromised. So far the issue appears to be one brought about through the use of weak passwords used across multiple forums as all of the known compromised accounts have been misused on other forums already.

With that in mind, please change your passwords for this and every other amiga forum you visit, making sure each one is unique and as strong as possible (use mixed case, numbers and symbols where you can, the longer the better).

We apologise for any inconvenience.

Amigaworld.net has also been under fire, so maybe Amibay is next.
As advised above is best to make your password as heavy as possible, with Upper case letters, special characters and numbers.

---------- Post added at 13:52 ---------- Previous post was at 13:01 ----------

It seems that my EAB account is gone, although the posts are still there, so it is serious

 

[tokyoracer]

Thanks for the warning, done.

 

[johnim]

updated mine too

 

[ShambleS1980]

changed mine from Ihatepasswordssrsly
to 1hat3pa55w0rd55r5ly
That should do it..

"befor you ty that password its a lie, i actualy love passwords"

 

[Geraldine]

Thanks for the warning Buzzfuzz. I wonder why the Amiga community is being targeted?

 

[StrontiumDog]

The hacker can have my password for here if they so wish ... they can't do much with it except make my life easier by buying and selling miggy stuff for me

__________________

 

[paalrosen]

changed mine from Ihatepasswordssrsly
to 1hat3pa55w0rd55r5ly
That should do it..

"befor you ty that password its a lie, i actualy love passwords"

hehe. easily two remember it

have so many that I must have a separate notebook with all my passwords

love hackers, fu ..

 

[StrontiumDog]

Thanks for the warning Buzzfuzz. I wonder why the Amiga community is being targeted?

The original target apparently was Trevor Dickinson, he of the AmigaOne X1000 computer.

The person posted on various sites that his company, A-EON Technology had gone belly up and he was posting to say thank you to the community etc.

It transpires that Trevor had used the same password on multiple sites and this hacker was using his accounts to spread lies concerning his company.

 

[Buzzfuzz]

Really ?
Well, the thing he is forgetting, is that it's unique ID is sent to the email address and once I give that to the webmaster, than I can laugh and say, up yours you mofo!

Thanks for the warning Buzzfuzz. I wonder why the Amiga community is being targeted?

The original target apparently was Trevor Dickinson, he of the AmigaOne X1000 computer.

The person posted on various sites that his company, A-EON Technology had gone belly up and he was posting to say thank you to the community etc.

It transpires that Trevor had used the same password on multiple sites and this hacker was using his accounts to spread lies concerning his company.

 

[StrontiumDog]

Really ?
Well, the thing he is forgetting, is that it's unique ID is sent to the email address and once I give that to the webmaster, than I can laugh and say, up yours you mofo!

Not if the hacker changes the email address registered with the account. Any request you make to have the password reset goes straight to the hackers email address and subsequently ignored.

Only way to get your account back per se, is to email the board owner/admin directly and explain the problem and hope they can change the email address back so a password reset can be issued to you.

 

[Buzzfuzz]

No, I have been a VB admin on a site which is now closed, but it's ID is hard coded in the database and can only be changed on admin level.
Since EAB is running normally, he has not got access to it and I am the one who has it in my emailbox and that is part of the activation process.

Really ?
Well, the thing he is forgetting, is that it's unique ID is sent to the email address and once I give that to the webmaster, than I can laugh and say, up yours you mofo!

Not if the hacker changes the email address registered with the account. Any request you make to have the password reset goes straight to the hackers email address and subsequently ignored.

Only way to get your account back per se, is to email the board owner/admin directly and explain the problem and hope they can change the email address back so a password reset can be issued to you.

 

[StrontiumDog]

No, I have been a VB admin on a site which is now closed, but it's ID is hard coded in the database and can only be changed on admin level.
Since EAB is running normally, he has not got access to it and I am the one who has it in my emailbox and that is part of the activation process.

It is my understanding that passwords are salted, hashed and encrypted within the software and not even admin has access to them. All they can do is change the email address allowing the original owner to get a password reset email sent to him/her

 

[TheCorfiot]

No, I have been a VB admin on a site which is now closed, but it's ID is hard coded in the database and can only be changed on admin level.
Since EAB is running normally, he has not got access to it and I am the one who has it in my emailbox and that is part of the activation process.

It is my understanding that passwords are salted, hashed and encrypted within the software and not even admin has access to them. All they can do is change the email address allowing the original owner to get a password reset email sent to him/her

That is fairly true, although we cannot see the original password we can change it & inform the user of the temp password we have applied for them to be able to log on & then change it to their liking.

TC

 

[Buzzfuzz]

And that's why he is throwing with mud and then we shoot back with the big guns :laugh:

That is fairly true, although we cannot see the original password we can change it & inform the user of the temp password we have applied for them to be able to log on & then change it to their liking.

TC

 

[AmiNeo]

I joined eab a while back I think (samescreen name) but appear to have forgotten my password . Is there anyone that could reset it for me?

 

[Buzzfuzz]

It's below when you try to log on, if the system doesn't see your email address than you have been hacked too.

I joined eab a while back I think (samescreen name) but appear to have forgotten my password . Is there anyone that could reset it for me?

---------- Post added at 18:12 ---------- Previous post was at 18:06 ----------

Nope, did a quick check Amineo is posts n/a and you are not in the list, so your account is hacked too!

---------- Post added at 18:17 ---------- Previous post was at 18:12 ----------

If the admins @ EAB could start checking, that would be nice, could someone still with access PM these guys and have them lock our accounts and give them back to us by email.

Thanks to the one who PM's them in advance :wink:

 

[AmiNeo]

Do we have another board? It may have been another Amiga related one... Bah I cant remember its been a few months since I joined it, :roll:

 

[Geraldine]

Hey guys I can still access the site. I found one of the admins (Peter) on line and sent him a PM with a link back to this thread. Hopefully he can help?

 

[Merlin]

The only passwords that Admins set are temporary ones for new members that have had trouble signing up, so an Admin has had to create the account for them.

In all cases, these members are advised to change the password once they have logged in for the first time, that way Admin don't know the password.

 

[Geraldine]

Peter got back to me. He doesn't know how to go about fixing hacked accounts, so he advised me to PM Prowler, which I just did. In any case, its still worthwhile for the admins to know of any attack on their site. Hope Prowler can sort things out.