LET Hacked Again

[drmike]

I would thread carefully @buffalooed because Chris might...

Humourous @marcm.    I just go straight to lead poisoning on fools.  The clip is loaded.

 

[Novacha]

It seems as if vanillaforums.org is also having some trouble... I believe LET is now being hosted there, right?

 

[drmike]

It seems as if vanillaforums.org is also having some trouble... I believe LET is now being hosted there, right?

 

Yes sir,  now LET has caused Vanillaforums to go down perhaps.... That would be a classic #fail if true.

I suspect if they cause too many problems they will find themselves migrating to another forums software and hosting provider.  They should have changes software among the waves of hacks.

 

[dmmcintyre3]

Saw this on LET:

• Application: Vanilla
• Application Version: 2.1a39
• PHP Version: 5.3.3-1ubuntu9.10
• Operating System: Linux
• Server Software: nginx/1.0.5
• User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31
• Request Uri: /
• Controller: Gdn_Database
• Method: Query

Seriously, nginx/1.0.5 (19 Jul 2011) and ubuntu9.10 

 

[MannDude]

Jeeze!



http://support.vanillaforfree.com/

 

[Zen]

I'm surprised that out of everyone on the CC team they do not have any reputable sys admin that can fix things up security wise.

 

[drmike]

I'm surprised that out of everyone on the CC team they do not have any reputable sys admin that can fix things up security wise.

Like I've said, they can't keep good people there.

 

[dmmcintyre3]

 

[drmike]

Now LET has google bombed themselves:

http://www.google.com/#output=search&sclient=psy-ab&q=lowendtalk

#1 result

Offers - LOW END SHIT - LowEndTalk

www.lowendtalk.com/categories/offers?

•  

 

25GB of Usenet credit Blocknews swap it for a VPS minimum 64MB in Europe ...

 

[OnePoundWebHosting]

Appears to be back up now.........

 

[drmike]

Why aren't people posting on LET?   Are new posts not allowed/blocked?  Seems like only replies happening.

 

[thisisnotnetomx]

I cant even enter

 

[Oxide]

Why aren't people posting on LET?   Are new posts not allowed/blocked?  Seems like only replies happening.

 

Yeah, it won't let me post a new thread.

I cant even enter

 

Why not, did you issue a password reset?

 

[drmike]

Yikes, so members have to manually jump through the password reset routine?  Half the people on LET won't get through that hurdle

 

[wlanboy]

Why aren't people posting on LET?   Are new posts not allowed/blocked?  Seems like only replies happening.

I tried a reply - it worked. I tried a new thread - timeout.

Someone posted the information that the passwords were stored in plaintext. So you should change them.

 

[drmike]

I tried a reply - it worked. I tried a new thread - timeout.

Someone posted the information that the passwords were stored in plaintext. So you should change them.

That's mighty bad.  Makes sense why the site is quiet.

Plaintext leak + email addresses leaked is real bad.

Unsure what laws cover this, but this is second mass compromise of customer/user info in less than a year in that Buffalo location.

 

[Zen]

Passwords are not stored in plain text on vanilla.

 

[drmike]

Passwords are not stored in plain text on vanilla.

I saw some hashes on screencaps.  Those are intended to be "secure".

Someone said, but no one confirmed that the salt or something related was known.

Unsure if any export of data happened.

 

[xBytez]

Jeeze!



http://support.vanillaforfree.com/

$Configuration['Database']['Engine']                           = 'MySQL';

$Configuration['Database']['Name'] = 'vanillaforfree';

$Configuration['Database']['Host'] = '127.0.0.1' ;

$Configuration['Database']['User'] = 'vanillaforfree';

$Configuration['Database']['Password'] = 'vanilla123!';

wow perfect password.

 

[Oxide]

Woohoo! Able to create new threads on LET now I'm starting to see new topics. Glad to see some progress being made. However I don't know how I feel about Vanilla after all of this...