Hosted InvisionPower Boards Hacked

[raindog308]

DNS/WHOIS shows that Evernote's discussions are hosted by IPS using their hosted communities.

I asked in the IPB forum if they'd been hacked and the mods there deleted the thread without comment, so...  

$ nslookup discussion.evernote.com
Non-authoritative answer:
discussion.evernote.com canonical name = evernote.ipsdns.com.
Name:   evernote.ipsdns.com
Address: 50.28.75.27
$ whois ipsdns.com
<snip>
Tech Name: LINDY THROGMARTIN
Tech Organization: INVISION POWER SERVICES, INC.
Tech Street: PO BOX 2365
Tech City: FOREST
Tech State/Province: VA
Tech Postal Code: 24551
Tech Country: US
Tech Phone: 4343524334
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: [email protected]
Name Server: NS1.IPSLINK.COM
Name Server: NS2.IPSLINK.COM

 

 

[HalfEatenPie]

Wow yikes.  

I guess no actual detail as to what the hack was?

 

[raindog308]

Not that I've seen yet.  I'll be very interested to know if this was a security failing at IPS or a bug in IPB.

IPS's hosted communities are pretty generic cPanel hosting, though you're only allowed to host IPBoard.  It could certainly be some kind of OS-level hack, cPanel hack.  Heck, it could be a rogue employee.

Could be some guy who leaves half-eaten pies all over the place.  Those types are dangerous.

They're perhaps not quite ready to talk about it yet...hopefully they'll make an announcement.

 

[DomainBop]

Looks like Evernote wasn't the only one to get hit. 

11 days ago: http://www.dslreports.com/forum/r29297397-ESET-s-Forum-Hacked , https://forum.eset.com/topic/2590-security-incident-on-forumesetcom/

 

[raindog308]

Holy merde...11 days and so far the only announcements were from clients and not IPS?

 

[raindog308]

Well my thread is back, but you'll have to be an IPS customer to see it...

http://community.invisionpower.com/topic/401069-was-hosted-ips-hacked/

Long story short, no explanation.

 

[GreenHostBox]

This is pretty shocking that IPS is trying to hide these attacks or I suppose. IPS will be long gone if all these forums are getting hacked and nothing is being done or said.

P.S.: MyBB #1

 

[libro22]

I'm actually curious on the hashed password issue. MD5 has been vulnerable and can be decrypted, I'm not sure what algo did they use for their old forum. But has there been an instance (in the industry) where hackers were able to access other accounts from other websites of a user in the list that they got, let's say trying the same password for the email listed? Do hackers even try this? 

This may be off-topic but I'm concerned on building databases with critical user info on it. Let's say on an e-commerce system, if you encrypt user profile and CC info, should you store the key on a separate table (assuming your primary key is hashed combination of various keys)? Those encrypted data should be read by a different set of stakeholders that's why using the user password as key will not work. Or, will saving a different encrypted data for another user's view work? But that is against the theory of database architecture.

Okay i'm off-topic, but if anyone can shed a light, that would be great