Somebody Is Up To No Good

Recommended Posts

I do not want to accuse anybody of doing anything wrong, but I'm getting the impression that somebody here is up to no good. I'm hoping that one of the honest moderators of SFN will see this thread and help figure out what is really going on.

Somebody has been trying to hack into my forum today. He or she was rapidly making password reset requests for my administrator account. I received over 20 notifications of these requests in my e-mail. Here is a screenshot of my inbox:

At the same time, that person was attempting to login the forum using my username and different passwords. Somebody was obviously really trying to break into my forum's administrator account.

That person's IP address was recorded in my forum's error log. It shows that the person is from the UK. Therefore, I am almost positive that this person is a member of SFN. I have done some advertising on other web sites, but my traffic stats show that almost all of those visitors are from the USA. The only UK visitors I see were from SFN.

I wasn't too concerned about this at first. I just made a warning post about it in my own forum. However, then the thread on SFN about my forum disappeared without any notice. When there is a legitimate reason to close a thread, a moderator usually just locks it. If it has to be deleted because of inappropriate conduct, a private message is usually sent to the members involved in the thread. However, that thread seems to have disappeared without a trace.

If an honest moderator did delete that thread for a good reason, then I apologize for bringing up this issue. However, I wonder if the moderator who deleted my thread could be the same person who has been trying to hack into my forum.

I have been a member of SFN for a long time, and I know that most of the moderators are good people. If one of the moderators is abusing his or her power, I'm sure the others would want to know about it. I would also like to know why somebody is trying to attack my forum.

I thought about posting the attacker's IP address in this thread, but I'm not sure if that would be the right thing to do. If an honest moderator wants to help me, please PM me and I will send the moderator the IP address. I hope we can figure out what is going on here.

Share on other sites

i doubt it was one of the mods. and don't post the ip up, if it was a competent hack attempt then it was probably just an innocent person who's computer was hacked.

Share on other sites

well its not going to be a Moderator or Admin is it, since we all know that these types of things are logged (incl the IP), thats how we find out peoples Double accounts when they try to evade a Ban etc...

And it was Me that removed the Thread, because it was getting out of hand.

so thats Part of your "mystery" solved

Share on other sites

perhaps a forum with such a provocative name is just asking for problems!?

Share on other sites

If you have the IP address handy, please private message it to me. I can find out if it was a member of staff, a member of SFN at all, or some random person.

Share on other sites

or just post it here, eithers good

its hardly going to be Staff, we know how these things work, in fact Ide be surprised if it was Anyone from SFN at all!

perhaps it was one of those Ghosts like Orbs LOL

Share on other sites

^ again, it's my understanding that competent hackers use compromised machines to relay information to and from their computer and the target computer. if thats the case, then the ip herme has will just be the last computer in the chain -- an innocent person who's machine was hacked.

wouldn't putting his ip address up in this thread be tantamount to saying 'hey, heres someone who's computer is probably easy to hack, and if you want to, his ip is blah.blah.blah.blah'?

Share on other sites

I doubt a competent hacker would spend the time to build up a chain of proxies to attack a 10-day-old forum.

Share on other sites

If you have the IP address handy, please private message it to me. I can find out if it was a member of staff, a member of SFN at all, or some random person.

I think that is abuse of your admin status. Nevermind whether or not it is public information, or part of whatever agreement we clicked yes to when signing up, it is wrong to pass information about SFN users' IP addresses to a third party.

And before you get personal, not it was not me....

Share on other sites

I did not say I was going to tell him if I discovered who it was (that would depend on what I could do about it), nor did I say I would send the IP information of SFN users to him. I can make the IP address search here on SFN without sending any data to anybody else.

Share on other sites

I can make the IP address search here on SFN without sending any data to anybody else.

If you are not going to take any action, then it is a pretty pointless exercise, isn't it?

Section 9 of the Official Forum policy says:

No information will be released or sold to any third party by forum administrators.

Share on other sites

The only action I could take was if I determined, as herme3 suspected, that it was a staff member here. I can't exactly ban someone else here for an offense on another website, but we may not particularly want to keep a staff member if they are doing something like that. However, it would not be my decision, so I can't really speculate on that.

Also, Section 9 is irrelevant, because I wouldn't be sending data to anybody. herme3 is not going to get a list of several thousand IP addresses to look through. I will look at the address he gives me, determine if it's someone here, and then determine the appropriate course of action from that point. The only people who would know who the person I found was would be the other staff members.

Share on other sites

Herme3

Hope you find that troublemaker thats messing up your forum. Search around your site and see if there is anyone who sounds nervous about IP investigations. That jerk would most likely be guilty.

Good Luck

Bettina

Share on other sites

Hey Bettina, good to see you back. I thought we had frightened you away!

Share on other sites

Yes, I have the IP address now, and it does not appear to be anybody from this forum.

Share on other sites

hmmm personnally i agree with everyone else - but glad to know its no one around here

Share on other sites

There didn't seem to be any unusual activity in the admin pages, so I don't think the person was successful and hacking in. Do you think they could possibly get my password? I know that all passwords are encrypted before being placed in the forum's MySQL database.

And it was Me that removed the Thread, because it was getting out of hand.

so thats Part of your "mystery" solved

I'm glad to hear this. My main concern was that one of the SFN moderators was against my forum, so he or she decided to delete the thread and attempt to hack into the forum. YT certaintly does not seem like the type of person who would harm another web site, so it does not appear that any of the mods are abusing their power.

perhaps a forum with such a provocative name is just asking for problems!?

Yes, I would expect occasional problems from people who protest the forum. That's why I backup the forum's database regularly. In most cases, I would simply ignore a hacking attempt like this or just post a warning in my forum. My greatest concern was that a SFN mod was abusing his or her power. If that was true, I thought it would be something that the other mods should know about.

perhaps it was one of those Ghosts like Orbs

LOL...

Hope you find that troublemaker thats messing up your forum. Search around your site and see if there is anyone who sounds nervous about IP investigations. That jerk would most likely be guilty.

I already checked, and it doesn't appear to be a registered member of my forum.

Yes, I have the IP address now, and it does not appear to be anybody from this forum.

Thanks Cap'n, that's good to know. I still wonder where this person came from. None of the search engines appear to have indexed the site yet, so it must have been somebody who saw a banner ad for my site.

Share on other sites

There didn't seem to be any unusual activity in the admin pages, so I don't think the person was successful and hacking in. Do you think they could possibly get my password? I know that all passwords are encrypted before being placed in the forum's MySQL database.

Just make sure it's something complex enough that nobody can just guess it.

Share on other sites

I @m T3h 1337 H@x0r, r3$p3(t My$ki11z

Share on other sites

**pretends to understand**

Share on other sites

Just make sure it's something complex enough that nobody can just guess it.

I do make my passwords complex. I usually combine letters and numbers, and I sometimes forget my passwords.

I'm more concerned about somebody breaking into my database and taking the passwords from there. They are all encrypted, so I only see a long string like "b1c1539fc19d323df2af1935c595fb71". Of course, that isn't an actual encrypted password, it's just an example of what one looks like.

Do you think the encrypted passwords are secure?

Share on other sites

they're only as good as the encryption algorithm

Share on other sites

Herme3: was there any damage done? what was the damage?

have you changed your passy since?

its still a little vague as to whether anyone actualy got IN or not?

as people here have said, make sure your passy is good, lots of leters and numbers mixed, and Nothing related to you or family in any way (that includes car Reg plates!).

Share on other sites

There didn't seem to be any unusual activity in the admin pages, so I don't think the person was successful and hacking in. Do you think they could possibly get my password? I know that all passwords are encrypted before being placed in the forum's MySQL database.

i am not a hacker of either definition, so i have no idea.

i do know, however, that it's quite obvious, if they guess your pw and can access your admin pannel, that they will be able to see your email addy.

the next logical step would be to try to access your SFN and/or email account using your athiestcrusades password, in case you are silly enough to use the same pw for both. it'd be a free hack.

your ac one probably wants to be something like adsdf0978a34hlk098. ie, completely random.

Create an account

Register a new account