Jump to content

Security Issue - Admin Accounts Cracked

Koby

By Koby
in Broadcast Station

 Share

Recommended Posts

Koby Order of Ambrosia

Koby

Posted
Posted

I pondered on whether I should let this be known or not at first, but decided this was something that definitely needed to be let known.


 


Apparently someone managed to obtain Renzourin's password and successfully logged into the admin control panel. The same user apparently had somehow obtained multiple passwords of my own through unknown means (likely other sites were compromised). Luckily the user did not have my password that I use for this site and that Renzourin's account didn't have any real privileges that could have done major damage. However, despite this; there is no log of my credentials being altered, yet I too was unable to access my account without some alterations.


 


Luckily; whoever it was doesn't seem to have done much. They changed the passwords of a couple accounts and gave one of them my email address. Though the fact this took place in the first place could likely mean a lot more accounts have or could be compromised and I suggest everyone change their password even if you don't believe you need to.


 


In case you're wondering; yes I have remained up-to-date with the IP.Board Security Patches. This crack does not appear to be a flaw in our security nor our server; but rather the fact that someone obtained our passwords from other sites. I don't use my password for this forum else where; but apparently Renzourin did and that allowed his account to be compromised.


 


I've demoted him for now until I can talk to him and make sure something like this doesn't happen again.


 


Just a reminder to everyone; especially my staff, it's best to make sure you use a different password for every site. If you have any staff powers here, please do not use the password you use here anywhere else and be sure it's not something simple that can be cracked with a dictionary algorithm.


 


----


 


Some information on the crack:


 


IP Address: 212.7.208.145


 


It's a Poland IP Address for what appears to be dedicated server providers. Though it's likely this IP is fake/proxied.


 


Suspected real IP of the user: 76.24.86.129


^ That's a Comcast user from Massachusetts.


It's not proven that this is the culprit; but I'm pretty sure it is.


 


Link to comment
Share on other sites
  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

SoultakerSpirit
SoultakerSpirit

Maybe someone is jealous cause they don't have a cool site like this and wanted to crash it.

An IP BreAKDoWN
An IP BreAKDoWN

Everyone, this is a good time to start using LastPass. Don't forget your Firefox and Chrome extensions for auto logins. LastPass is a tool that'll help curb all of horrible password practices every

lemmingllama
lemmingllama

I like to actually know the passwords for the sites. Lets say this program becomes obsolete, and also my computer dies. There would be no way to retrieve my accounts. I know it is unlikely, but it is

Renzourin Order of Ambrosia

Renzourin

Posted
Posted (edited)

hmphh i hadnt even noticed a poland and a Mass ip fucking hell alright, in a moment im force changing my password and changing my email into a fresh one ill be creating just for this account


 


EDIT: its been done the password has been changed into something completely unique that i never have nor will i ever use on another site and the email has been changed into something i just created 5 minutes ago my account should now be secure but in the meantime im gonna run a full scan of every virus/malware thing i have to check for shit


Edited by Renzourin
Link to comment
Share on other sites
Koby Order of Ambrosia

Koby

Posted
  • Author
Posted

hmphh i hadnt even noticed a poland and a Mass ip fucking hell alright, in a moment im force changing my password and changing my email into a fresh one ill be creating just for this account

 

EDIT: its been done the password has been changed into something completely unique that i never have nor will i ever use on another site and the email has been changed into something i just created 5 minutes ago my account should now be secure but in the meantime im gonna run a full scan of every virus/malware thing i have to check for shit

I don't think it's your fault, or that it was even virus/malware related. Judging from the fact the culprit had intel on numerous passwords I use; I'm guessing other sites we visit were compromised and they obtained the passwords there; did a simple google search for accounts on the web with our usernames and found us; or knew of this site and thus looked for sites that may have been capable of being exploited. Either way; the issue is definitely an off-site matter, and just goes to show why everyone should always try to use separate passwords for each site they visit.

Link to comment
Share on other sites
An IP BreAKDoWN Ward of Justice

An IP BreAKDoWN

Posted
Posted

Everyone, this is a good time to start using LastPass. Don't forget your Firefox and Chrome extensions for auto logins.

LastPass is a tool that'll help curb all of horrible password practices everyone here, including the ones Renzourin is having. I personally used a 100 unique scrambled character password that is changed between sites. Though is can be done easily on the computer, you might think it's impossible to type that on a phone. However LastPass is in the Google Play store, iOS too. It does have a subscribtion base service to use (only in the mobile app), but is starting to look like the only good solution at the time.

Guys! Get LastPass, make your master password a super giant thats easy to type on a phone like: correcthorsebatterystable (better yet, CorrecthorseBatterystable~ , get creative), change your password on EVERY site that you use (using the password generator). I was scared to use a password like Ged9SGPZu6jhg^!%k4jcUty&YBdWXwVf5Ht296VkFe34ySARpz^@V&MAE3V%rfrn@bgN7n$2SQjWnS8m3AX$qaxcz$@xStVgxNFu at first, but I haven't had an issue yet and I've been using it for a year now. I HAD to get the mobile app to make any of this usable.

  • Like 2
Link to comment
Share on other sites
JohnFlower Order of Ambrosia

JohnFlower

Posted
Posted

Everyone, this is a good time to start using LastPass. Don't forget your Firefox and Chrome extensions for auto logins.

LastPass is a tool that'll help curb all of horrible password practices everyone here, including the ones Renzourin is having. I personally used a 100 unique scrambled character password that is changed between sites. Though is can be done easily on the computer, you might think it's impossible to type that on a phone. However LastPass is in the Google Play store, iOS too. It does have a subscribtion base service to use (only in the mobile app), but is starting to look like the only good solution at the time.

Guys! Get LastPass, make your master password a super giant thats easy to type on a phone like: correcthorsebatterystable (better yet, CorrecthorseBatterystable~ , get creative), change your password on EVERY site that you use (using the password generator). I was scared to use a password like Ged9SGPZu6jhg^!%k4jcUty&YBdWXwVf5Ht296VkFe34ySARpz^@V&MAE3V%rfrn@bgN7n$2SQjWnS8m3AX$qaxcz$@xStVgxNFu at first, but I haven't had an issue yet and I've been using it for a year now. I HAD to get the mobile app to make any of this usable.

This totally didn't sound like an ad >_>

LastPass. Use it.

  • Like 1
Link to comment
Share on other sites
lemmingllama Order of Ambrosia

lemmingllama

Posted
Posted

Sorry, I was really high and about to run out the door to work.

I don't know really how to talk about LastPass that'll make people use it. I could just show peeps this video, but I don't know if that's any better. But what's wrong ads though?

 

Well, unless the rules have been changed then there is a rule stating that advertising isn't allowed. It's fine to condone a product, but entire posts about it are normally not the best. Still, the program you mentioned seems interesting, although I would personally never use it.

Link to comment
Share on other sites
  • Nekone locked this topic
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Referrals: gamebillet, GamersGate, Humble, Play-Asia, Voidu
×
×
  • Create New...
Please Sign In or Sign Up