linuxforums.org hack



wizardfromoz

Super Moderator
Staff member
Gold Supporter
Credits
13,656
So I understand, gentleman whom looks remarkably like Albert Einstein ... it's been a while :). Thanks for sharing.

I only learned about it yesterday, my time, indirectly, through the writings elsewhere of one of our newest Members, @Vencorr .

Are you out there, Nicholas?

Cheers all

Wizard
 

Vencorr

New Member
Credits
0
I only learned about it yesterday, my time, indirectly, through the writings elsewhere of one of our newest Members, @Vencorr .
I had to honestly think for a moment about where I had said this other than my twitter, then I remembered I linked my twitter to my account here. I am guessing that is how you learned about the information?

Yeah, that seems to be the case. I'll explain some information that I know for other members.
It seems LinuxForums.org had suffered a fairly bad breach. From what I have examined and heard, the admins are refusing to acknowledge it even exists, deleting any evidence from their forums.

Anyway, I learned about the breach from HaveIbeenpwned.com and it seems their message indicated that the site has yet to respond to their multiple attempts at a response.

It appears, also stating from HaveIbeenpwned.com, that the forum was "running on an old version of vBulletin" and the information that was stolen included "Email addresses, IP addresses, Passwords, and Usernames" from 276k users.

That is all I know. Thank you for your time.

Honestly, I feel that a forum should be honest with their users about a big breach in their security, as well as update what is required in the meantime to actually fix the issue from happening in the future. If you were running a website that had accounts, would you like to have a bunch of hacked accounts on your web server just because you weren't honest about the breach, or would you like to be honest about the breach so you actually have real users? You would most likely want those users to change their information and secure their account as much as possible, which requires being honest. The thought behind admins hiding the questions and information about it took little to none. It wasn't thought about. Even if they were greedy for something, they would have at least thought about it and actually said something. I find it funny that right now, it seems I am having a "database error" when connecting to their site.
 

Condobloke

Well-Known Member
Credits
9,306
Not only you getting the database error Nicholas, ....same here. I imagine they are feverishly working at updating their 2013 edition of vbulletin etc, which apparently got them into this mess initially.

Then again....maybe not.......they are owned by masmedia ....Mumbai, Maharashtra.....that hack occurred back on 1st of May 2018,

So....maybe they have closed the doors. Bit late when the horse has already bolted !

Brian
 

Vencorr

New Member
Credits
0
Not only you getting the database error Nicholas, ....same here. I imagine they are feverishly working at updating their 2013 edition of vbulletin etc, which apparently got them into this mess initially.

Then again....maybe not.......they are owned by masmedia ....Mumbai, Maharashtra.....that hack occurred back on 1st of May 2018,

So....maybe they have closed the doors. Bit late when the horse has already bolted !

Brian
I knew it wasn't just a coincidence. I have my doubts that they are updating, but since it is down and after the news about the breach leaked, it could be possible. Not like they will need to update to prepare for heavy traffic after this 'mistake'. According to some ranking sites, it doesn't look good.

If they did happen to close doors, then I honestly don't think it would be such a bad thing. And the fact that even if they didn't know about the breach until later, the fact that they didn't bother warning their users is a big sign of "you better get the heck outta there" town.
 

wizardfromoz

Super Moderator
Staff member
Gold Supporter
Credits
13,656
Just a word to the wise, folks - I was on my way back here to edit my Post above with a BTW, but saw the alerts, and hope I have not opened a can of worms (not you, Wizard, surely, the assembled throng laughs) :D

And a note to Nicholas that I do not do destructive criticism, only constructive criticism, so take no offence where none is intended.

We must be careful on sites such as this to not be seen as causing potential harm to the business of others, or else a lawsuit might appear out of thin air, something which our Admin @Rob could well do without :p.

Linux Mint itself was compromised in February 2016, with 17.3 'Rosa' backdoored, and problems took until June that year to finally solve. With the introduction of version 18, the site had gone to SHA256 verification, so out of some bad came some good.

https://blog.linuxmint.com/?p=2994

and

https://www.techrepublic.com/article/linux-mint-18-improves-security-mostly/

are just two of many articles that covered it at the time.

Also, if referencing an article and wanting to illustrate a point, don't copy more than, say, a paragraph, because of possible copyright issues.

You are probably all aware of this, but for the benefit of those whom may not have thought of it ...

Cheers all, and Nicholas I LOVE that signature ;).

Wizard
In all things, moderation ... except when it comes to putting heaps and heaps of Linux on a computer :cool:
 

Condobloke

Well-Known Member
Credits
9,306
in all things,moderation.....except when it comes to quantity of beer in the fridge
 

wizardfromoz

Super Moderator
Staff member
Gold Supporter
Credits
13,656
@Vencorr - Nicholas, I don't believe you need to apologise. My 2nd psychiatrist, whom I adored, and trusted with my care for 14 years (cheeky bugger retired on my 60th birthday, last September) used to say to me words to the effect of "Chris, you don't need to apologise. Being the way you are is a part of what makes you unique".

Not apologising, however, did not always sit well with me, so often I would say eg "I regret that you have taken offence, where I intended none", and try to take note of where I might have committed a gaffe and try not to repeat it.

This section of the site, "General Linux", has a broad scope. Many Members may hold dual or more Memberships at other sites. So the OP, mrcrossroads, and other participants are to be applauded for wanting to bring a likely security breach to the attention of Members so that they can be informed and make a rational, considered judgement of any action (or not) to be taken from their end. You, Nicholas, and Brian (@Condobloke ) if I am not mistaken, are/were Members of the affected site. So you are in a good position to pass comment.

BUT (there's always a but with the Wiz ... I could go somewhere with Wizard's butt but I won't :p) - where Brian and I came from before encountering this wonderful place (I was exiled, lol), they had been going through a long, drawn-out lawsuit. A senior Member of Staff had posted a Review of a software product, anti-malware, that was less than favourable, and the firm sued, and our place launched a counter suit ... blah blah.

Hence my concerns that we "keep our heads". I want this site to "live long and prosper" :D

More power to all of you, I'm off to work on Brian's moving project at the same time redeeming space on this Satellite to put on another 10 - 20 Linux.

And regrets @mrcrossroads for consuming an inordinate amount of space in your thread expounding on Wizard's POV (point of view) - I will try not to make a habit of it :rolleyes:

Wiz
 

mrcrossroads

Member
Credits
92
It was under the Technology section on Google News the other day. Pretty shady of the admins to refuse to respond. I emailed them and have heard nothing back yet.


I had to honestly think for a moment about where I had said this other than my twitter, then I remembered I linked my twitter to my account here. I am guessing that is how you learned about the information?

Yeah, that seems to be the case. I'll explain some information that I know for other members.
It seems LinuxForums.org had suffered a fairly bad breach. From what I have examined and heard, the admins are refusing to acknowledge it even exists, deleting any evidence from their forums.

Anyway, I learned about the breach from HaveIbeenpwned.com and it seems their message indicated that the site has yet to respond to their multiple attempts at a response.

It appears, also stating from HaveIbeenpwned.com, that the forum was "running on an old version of vBulletin" and the information that was stolen included "Email addresses, IP addresses, Passwords, and Usernames" from 276k users.

That is all I know. Thank you for your time.

Honestly, I feel that a forum should be honest with their users about a big breach in their security, as well as update what is required in the meantime to actually fix the issue from happening in the future. If you were running a website that had accounts, would you like to have a bunch of hacked accounts on your web server just because you weren't honest about the breach, or would you like to be honest about the breach so you actually have real users? You would most likely want those users to change their information and secure their account as much as possible, which requires being honest. The thought behind admins hiding the questions and information about it took little to none. It wasn't thought about. Even if they were greedy for something, they would have at least thought about it and actually said something. I find it funny that right now, it seems I am having a "database error" when connecting to their site.
 

Phylly

Member
Credits
0
Okay, everyone now I have a question on this issue with linuxforums.org -- are they perhaps, possibly, related to/have anything to do with, etc, etc, etc, to linuxquestions.org? From what I can tell of the first/log-in page of linuxforums, they have similar formats, but that could just be because limited imaginations, or something of that sort.
 

atanere

Well-Known Member
Credits
18
I don't think there is any relationship between them. And they look quite different from my phone! :D

Cheers
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top