-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Important Notice - Security Breach
- Thread starter Phases
- Start date
- Status
I see that you got it all figured out, which is great. I did want to say being a programmer myself who has implemented user databases with salted password hashes, it is very unlikely that the hackers will be able to figure out the stored passwords. Honestly, it wouldn't even be worth their effort unless it was for a person who they specifically targeted.
Of course, this does depend on the complexity of the salt somewhat. Does anyone know if the hackers may have been able to determine what the salt was?
trparky
Android Enthusiast
There is something that I'm involved with on the Internet that's been known to help stop exploits like this. It's kind of like a firewall/intrusion detection system for PHP scripts. It uses a series of rules to detect common exploit techniques used by hackers and has been known to stop SQL injection, cross-site scripting exploits, and remote code injection. It has been proven very effective in stopping the bad guys.
If you guys here want to know about it, contact me. I'll be glad to get you into contact with the lead developer.
When I was developing a site that stored passwords I remember making the password hash based on SHA512 with four pieces of random data along with the username and password as part of the the data that's hashed.
If you guys here want to know about it, contact me. I'll be glad to get you into contact with the lead developer.
When I was developing a site that stored passwords I remember making the password hash based on SHA512 with four pieces of random data along with the username and password as part of the the data that's hashed.
mod security ?
Atomic rules. (or the whole ASL suite)
To me it's pointless to run any website of any kind of user base without mod_security rules. I'm sure they already would have that.
Although I don't actually run any site without it. even if it has 5 hits lol 
But even a WAF is not perfect. There is a lot more to security than just a WAF and a Firewall, a secured kernel. disabling of services that are known to cause issues, and even the hardware on the data center end, Keeping software up to date as well of course. If with as much knowledge someone may have in security there is always ways to improve or learn things. If your not critical of that knowledge you have you can never move forward and learn more. People that have good practices and are not egoistical about being secure are better off.
I'm new here, but I run some fairly high traffic sites. Personally I think how it was handle was pretty good. I mean what really can they do after the fact. For anyone that runs a "Server" themselves and thinks that security is something that isn't an everyday job, then they don't know what they are doing, and for others complaining about the breach I assume are completely clueless.(They problably have one small site that know one will hack because it's pointless)
For a site with low traffic say 10K pageviews a month you might have 100's of attacks a month. If you get a million page views a month you now are in the 100,000 or more attacks per month. Bigger the site the more of a target the site is, and the more likely you'll get hit eventually. It's really expodentail. Best thing you can do is be on top of it with as much of the knowledge you have an keep learning and improving.
V.Lee
Member
I just happened to log in today and see this. (Yes an email might have gotten me here sooner, but I understand that the admin staff was a bit busy ).
Many thanks to the staff who are obviously working hard on addressing both the problem itself *and* the multiple comments here.
I did want to mention one thing which I wouldn't bring this up except for the timing. The other day I got an email from Facebook that "Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. For your protection, we've temporarily locked your account until you can review this activity and make sure no one is using your account without your permission.".
The reason I'm mentioning it is that the email was sent on 7/11 in the morning. Yes, same password (although not any more!). On line, FB brought up a map where it says the ip was located, and showed a map of Japan. (Which is pretty far from the mid-Atlantic where I am). I don't understand internet security or ips at all, so that part may not be meaningful. I'm just passing it along in case it means anything to those of you tracking this down.
).Many thanks to the staff who are obviously working hard on addressing both the problem itself *and* the multiple comments here.
I did want to mention one thing which I wouldn't bring this up except for the timing. The other day I got an email from Facebook that "Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. For your protection, we've temporarily locked your account until you can review this activity and make sure no one is using your account without your permission.".
The reason I'm mentioning it is that the email was sent on 7/11 in the morning. Yes, same password (although not any more!). On line, FB brought up a map where it says the ip was located, and showed a map of Japan. (Which is pretty far from the mid-Atlantic where I am). I don't understand internet security or ips at all, so that part may not be meaningful. I'm just passing it along in case it means anything to those of you tracking this down.
GirlFriday
Member
Wow..rude and arrogant much?
Newsflash. Yahoo was hacked. Twitter was hacked. LinkedIn was hacked. Amazon was hacked. Sony was hacked repeatedly. The largest credit card payment processor in the U.S. was hacked. It happens to the big boys too. I am a webmaster for about half a dozen sites. It's not an easy job and fighting hackers and spammers and idiotic script kiddies is quite a battle. There is no such thing as a hacker proof website. Period. All webmasters can do is work hard to stay one step ahead. Hackers are always creating new ways to do things and new exploits. It never ends.
Get off your high horse.
Newsflash. Yahoo was hacked. Twitter was hacked. LinkedIn was hacked. Amazon was hacked. Sony was hacked repeatedly. The largest credit card payment processor in the U.S. was hacked. It happens to the big boys too. I am a webmaster for about half a dozen sites. It's not an easy job and fighting hackers and spammers and idiotic script kiddies is quite a battle. There is no such thing as a hacker proof website. Period. All webmasters can do is work hard to stay one step ahead. Hackers are always creating new ways to do things and new exploits. It never ends.
Get off your high horse.
Thanks for the heads up re the breach guys, just wish you could send a email out to everybody so we can get the changes done before further damage if any.
I never share same pass on accounts but know many people does and would be important if everyone could change their passwords before attempts are made on other forums and websites.
All the best and keep on with the work.
I never share same pass on accounts but know many people does and would be important if everyone could change their passwords before attempts are made on other forums and websites.
All the best and keep on with the work.
I just received this email:
Android Forums noreply@androidforums.com
12:14 PM (8 minutes ago)
to me
Dear jcash3,
Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.
The person trying to log into your account had the following IP address: {mod removal}
All the best,
Android Forums
Being that I haven't logged on in a while... I wonder how many times they were in my account.
Android Forums noreply@androidforums.com
12:14 PM (8 minutes ago)
to me
Dear jcash3,
Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.
The person trying to log into your account had the following IP address: {mod removal}
All the best,
Android Forums
Being that I haven't logged on in a while... I wonder how many times they were in my account.
jcash, chances are you have an app on your phone trying to connect to AF. Update your login credentials on anything that connects (e.g. the official AF app, Tapatalk, Forum Runner, etc.) and it should take care of it.
Just did that, looks like that may be the problem. I opened the app and go another notification. Didn't know that it had saved my info.
I just received this email:
Android Forums noreply@androidforums.com
12:14 PM (8 minutes ago)
to me
Dear jcash3,
Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.
The person trying to log into your account had the following IP address: (removed)
All the best,
Android Forums
Being that I haven't logged on in a while... I wonder how many times they were in my account.
You've posted from very similar IPs from Verizon in the past, so it's most likely you were assigned that at some point recently. I'm sure that it will be the same case for you as with everyone else before, that an android app is to blame, so please check to make sure your apps have your updated password and then see if more emails arrive.
So far all cases of these login attempts have been users' own phones attempting to log in with old passwords
GirlFriday
Member
Good grief! Take the time to read the darn thread or at least search it!!
I just received this email:
Android Forums noreply@androidforums.com
12:14 PM (8 minutes ago)
to me
Dear jcash3,
Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.
The person trying to log into your account had the following IP address: {mod removal}
All the best,
Android Forums
Being that I haven't logged on in a while... I wonder how many times they were in my account.
It's ok.
We don't mind folks asking whatever they need or want to get this all sorted.
For everything else, there's always the trunk monkey.
chrisluger2012
Newbie
Thanks for the hard work which you have done for US 
The email account associated with my androidforums account was compromised on 7/11/12. I started to receive failed delivery status emails for those spam attempts from my account to dead email addresses.
I was notified of the spam by a person in my address book. Embarrassing.
I had not logged into the forum in some time and did so today at random. I agree with some of the previous posters that an email from this site informing me of the breach would have helped.
I was notified of the spam by a person in my address book. Embarrassing.
I had not logged into the forum in some time and did so today at random. I agree with some of the previous posters that an email from this site informing me of the breach would have helped.
Phases
NO LONGER ADMIN
Thank you for the report - passing it up to Rob.
Unless that password is what you use for your gmail account - they wouldn't (shouldn't?) be related. If it is.. it is my understanding the way the passwords are salted it would be really hard or not possible to crack that password, but I'm not 100% on that. Need to hear from the server/developer team.
- Status