Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

  1. Note: we recently updated out site software, please report any unseen issues - we do this often to insure your information is secure.
    Dismiss Notice

linuxforums.org hack

Discussion in 'General Linux' started by mrcrossroads, Jun 10, 2018.

  1. mrcrossroads

    mrcrossroads Member

    Joined:
    Nov 23, 2017
    Messages:
    36
    Likes Received:
    36
  2. wizardfromoz

    wizardfromoz Well-Known Member

    Joined:
    Apr 30, 2017
    Messages:
    871
    Likes Received:
    972
    So I understand, gentleman whom looks remarkably like Albert Einstein ... it's been a while :). Thanks for sharing.

    I only learned about it yesterday, my time, indirectly, through the writings elsewhere of one of our newest Members, @Vencorr .

    Are you out there, Nicholas?

    Cheers all

    Wizard
     
  3. mrcrossroads

    mrcrossroads Member

    Joined:
    Nov 23, 2017
    Messages:
    36
    Likes Received:
    36
    Yup, quite the resemblance huh?

    Life has been hectic, but it's good to visit again.
     
    atanere and wizardfromoz like this.
  4. Vencorr

    Vencorr New Member

    Joined:
    Jun 8, 2018
    Messages:
    6
    Likes Received:
    13
    I had to honestly think for a moment about where I had said this other than my twitter, then I remembered I linked my twitter to my account here. I am guessing that is how you learned about the information?

    Yeah, that seems to be the case. I'll explain some information that I know for other members.
    It seems LinuxForums.org had suffered a fairly bad breach. From what I have examined and heard, the admins are refusing to acknowledge it even exists, deleting any evidence from their forums.

    Anyway, I learned about the breach from HaveIbeenpwned.com and it seems their message indicated that the site has yet to respond to their multiple attempts at a response.

    It appears, also stating from HaveIbeenpwned.com, that the forum was "running on an old version of vBulletin" and the information that was stolen included "Email addresses, IP addresses, Passwords, and Usernames" from 276k users.

    That is all I know. Thank you for your time.

    Honestly, I feel that a forum should be honest with their users about a big breach in their security, as well as update what is required in the meantime to actually fix the issue from happening in the future. If you were running a website that had accounts, would you like to have a bunch of hacked accounts on your web server just because you weren't honest about the breach, or would you like to be honest about the breach so you actually have real users? You would most likely want those users to change their information and secure their account as much as possible, which requires being honest. The thought behind admins hiding the questions and information about it took little to none. It wasn't thought about. Even if they were greedy for something, they would have at least thought about it and actually said something. I find it funny that right now, it seems I am having a "database error" when connecting to their site.
     
    VP9KS and mrcrossroads like this.
  5. Condobloke

    Condobloke Active Member

    Joined:
    Apr 30, 2017
    Messages:
    144
    Likes Received:
    157
    Not only you getting the database error Nicholas, ....same here. I imagine they are feverishly working at updating their 2013 edition of vbulletin etc, which apparently got them into this mess initially.

    Then again....maybe not.......they are owned by masmedia ....Mumbai, Maharashtra.....that hack occurred back on 1st of May 2018,

    So....maybe they have closed the doors. Bit late when the horse has already bolted !

    Brian
     
    mrcrossroads likes this.
  6. Vencorr

    Vencorr New Member

    Joined:
    Jun 8, 2018
    Messages:
    6
    Likes Received:
    13
    I knew it wasn't just a coincidence. I have my doubts that they are updating, but since it is down and after the news about the breach leaked, it could be possible. Not like they will need to update to prepare for heavy traffic after this 'mistake'. According to some ranking sites, it doesn't look good.

    If they did happen to close doors, then I honestly don't think it would be such a bad thing. And the fact that even if they didn't know about the breach until later, the fact that they didn't bother warning their users is a big sign of "you better get the heck outta there" town.
     
  7. wizardfromoz

    wizardfromoz Well-Known Member

    Joined:
    Apr 30, 2017
    Messages:
    871
    Likes Received:
    972
    Just a word to the wise, folks - I was on my way back here to edit my Post above with a BTW, but saw the alerts, and hope I have not opened a can of worms (not you, Wizard, surely, the assembled throng laughs) :D

    And a note to Nicholas that I do not do destructive criticism, only constructive criticism, so take no offence where none is intended.

    We must be careful on sites such as this to not be seen as causing potential harm to the business of others, or else a lawsuit might appear out of thin air, something which our Admin @Rob could well do without :p.

    Linux Mint itself was compromised in February 2016, with 17.3 'Rosa' backdoored, and problems took until June that year to finally solve. With the introduction of version 18, the site had gone to SHA256 verification, so out of some bad came some good.

    https://blog.linuxmint.com/?p=2994

    and

    https://www.techrepublic.com/article/linux-mint-18-improves-security-mostly/

    are just two of many articles that covered it at the time.

    Also, if referencing an article and wanting to illustrate a point, don't copy more than, say, a paragraph, because of possible copyright issues.

    You are probably all aware of this, but for the benefit of those whom may not have thought of it ...

    Cheers all, and Nicholas I LOVE that signature ;).

    Wizard
    In all things, moderation ... except when it comes to putting heaps and heaps of Linux on a computer :cool:
     
  8. Condobloke

    Condobloke Active Member

    Joined:
    Apr 30, 2017
    Messages:
    144
    Likes Received:
    157
    in all things,moderation.....except when it comes to quantity of beer in the fridge
     
  9. Vencorr

    Vencorr New Member

    Joined:
    Jun 8, 2018
    Messages:
    6
    Likes Received:
    13
    My apologizes. I guess I kinda let myself go all over that. lol.

    @wizardfromoz , no worries. No can of worms opened. They are still in their cans. It is all good.
     
    Condobloke and wizardfromoz like this.
  10. wizardfromoz

    wizardfromoz Well-Known Member

    Joined:
    Apr 30, 2017
    Messages:
    871
    Likes Received:
    972
    @Vencorr - Nicholas, I don't believe you need to apologise. My 2nd psychiatrist, whom I adored, and trusted with my care for 14 years (cheeky bugger retired on my 60th birthday, last September) used to say to me words to the effect of "Chris, you don't need to apologise. Being the way you are is a part of what makes you unique".

    Not apologising, however, did not always sit well with me, so often I would say eg "I regret that you have taken offence, where I intended none", and try to take note of where I might have committed a gaffe and try not to repeat it.

    This section of the site, "General Linux", has a broad scope. Many Members may hold dual or more Memberships at other sites. So the OP, mrcrossroads, and other participants are to be applauded for wanting to bring a likely security breach to the attention of Members so that they can be informed and make a rational, considered judgement of any action (or not) to be taken from their end. You, Nicholas, and Brian (@Condobloke ) if I am not mistaken, are/were Members of the affected site. So you are in a good position to pass comment.

    BUT (there's always a but with the Wiz ... I could go somewhere with Wizard's butt but I won't :p) - where Brian and I came from before encountering this wonderful place (I was exiled, lol), they had been going through a long, drawn-out lawsuit. A senior Member of Staff had posted a Review of a software product, anti-malware, that was less than favourable, and the firm sued, and our place launched a counter suit ... blah blah.

    Hence my concerns that we "keep our heads". I want this site to "live long and prosper" :D

    More power to all of you, I'm off to work on Brian's moving project at the same time redeeming space on this Satellite to put on another 10 - 20 Linux.

    And regrets @mrcrossroads for consuming an inordinate amount of space in your thread expounding on Wizard's POV (point of view) - I will try not to make a habit of it :rolleyes:

    Wiz
     
    mrcrossroads, Condobloke and Vencorr like this.
  11. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    1,163
    Likes Received:
    1,153
    I want to give that comment a six-pack of "likes!" :D:D:D:D:D:D

    Cheers
     
  12. mrcrossroads

    mrcrossroads Member

    Joined:
    Nov 23, 2017
    Messages:
    36
    Likes Received:
    36
    It was under the Technology section on Google News the other day. Pretty shady of the admins to refuse to respond. I emailed them and have heard nothing back yet.


     
  13. mrcrossroads

    mrcrossroads Member

    Joined:
    Nov 23, 2017
    Messages:
    36
    Likes Received:
    36
    The forum is back up but I don't see a way to delete account. Mods seem to be nonexistent.
     
  14. VP9KS

    VP9KS Well-Known Member

    Joined:
    Apr 29, 2017
    Messages:
    281
    Likes Received:
    251
    Nothing like a big can of big juicy wigglers, eh?o_O
     
  15. VP9KS

    VP9KS Well-Known Member

    Joined:
    Apr 29, 2017
    Messages:
    281
    Likes Received:
    251
    Yeah Stan, I thought you might:p
     

Share This Page