amuck-landowner

LET Hacked Again

drmike

100% Tier-1 Gogent
It seems as if vanillaforums.org is also having some trouble... I believe LET is now being hosted there, right?

 
Yes sir,  now LET has caused Vanillaforums to go down perhaps.... That would be a classic #fail if true.

I suspect if they cause too many problems they will find themselves migrating to another forums software and hosting provider.  They should have changes software among the waves of hacks.
 

dmmcintyre3

New Member
Saw this on LET:

  • Application: Vanilla
  • Application Version: 2.1a39
  • PHP Version: 5.3.3-1ubuntu9.10
  • Operating System: Linux
  • Server Software: nginx/1.0.5
  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31
  • Request Uri: /
  • Controller: Gdn_Database
  • Method: Query


Seriously, nginx/1.0.5 (19 Jul 2011) and ubuntu9.10 
 
Last edited by a moderator:
  • Like
Reactions: Zen

Zen

New Member
I'm surprised that out of everyone on the CC team they do not have any reputable sys admin that can fix things up security wise.
 

drmike

100% Tier-1 Gogent
Why aren't people posting on LET?   Are new posts not allowed/blocked?  Seems like only replies happening.
 

drmike

100% Tier-1 Gogent
Yikes, so members have to manually jump through the password reset routine?  Half the people on LET won't get through that hurdle :)
 

wlanboy

Content Contributer
Why aren't people posting on LET?   Are new posts not allowed/blocked?  Seems like only replies happening.
I tried a reply - it worked. I tried a new thread - timeout.

Someone posted the information that the passwords were stored in plaintext. So you should change them.
 

drmike

100% Tier-1 Gogent
I tried a reply - it worked. I tried a new thread - timeout.

Someone posted the information that the passwords were stored in plaintext. So you should change them.
That's mighty bad.  Makes sense why the site is quiet.

Plaintext leak + email addresses leaked is real bad.

Unsure what laws cover this, but this is second mass compromise of customer/user info in less than a year in that Buffalo location.
 

drmike

100% Tier-1 Gogent
Passwords are not stored in plain text on vanilla.
I saw some hashes on screencaps.  Those are intended to be "secure".

Someone said, but no one confirmed that the salt or something related was known.

Unsure if any export of data happened.
 

Oxide

New Member
Woohoo! Able to create new threads on LET now I'm starting to see new topics. Glad to see some progress being made. However I don't know how I feel about Vanilla after all of this...
 
Top
amuck-landowner