BidorBuy forums hit with stealth hack

How ironic is that?!

Magicdude got hacked.

At least he now has precedent to show the prosecutors what actual hacking is...:D
 
DJ... said:
How ironic is that?!

Magicdude got hacked.

At least he now has precedent to show the prosecutors what actual hacking is...:D
Click to expand...

Hahaha - bloody agents. We will leave no stone unturned until we find out who did it :mad: and bring justice onto those horrible people....

I think everyone running forum software or even Wordpress can feel the PITA with frequent security exploits. I think MyBB underestimates the technical savviness of it's readers and left out the part that our social/community software is running on completely different servers, VLANs and uses a dedicated MySQL instance just for that purpose.

Although we use single sign-on, our passwords are salted and hashed across the different systems. All our servers are chrooted and run in a jailed and virtualised CentOS environment - the auxiliary systems (such as forum, blog) have no access to our primary transactional system which runs on a completely different network.

Biggest disappointment of this event: Riccardo Spagni should have contacted us first - so now he lost out on some cool bidorbuy swag.

BTW: Forum functionality was restored at 13:30 today.
 
Update from Naschenweng (so weird using your real name :P):

Naschenweng has informed MyBroadband that they have successfully rebuilt their forum server. Their own investigation into the matter also suggests that the vBSEO exploit creeped into the system after they performed an upgrade in the last 7 days.
Click to expand...
 
MagicDude4Eva said:
Hahaha - bloody agents. We will leave no stone unturned until we find out who did it :mad: and bring justice onto those horrible people....

I think everyone running forum software or even Wordpress can feel the PITA with frequent security exploits. I think MyBB underestimates the technical savviness of it's readers and left out the part that our social/community software is running on completely different servers, VLANs and uses a dedicated MySQL instance just for that purpose.

Although we use single sign-on, our passwords are salted and hashed across the different systems. All our servers are chrooted and run in a jailed and virtualised CentOS environment - the auxiliary systems (such as forum, blog) have no access to our primary transactional system which runs on a completely different network.

Biggest disappointment of this event: Riccardo Spagni should have contacted us first - so now he lost out on some cool bidorbuy swag.

BTW: Forum functionality was restored at 13:30 today.
Click to expand...

Called the call centre before posting the screencast, nobody knew what I was talking about or who to put me through to, so I hung up in frustration.
 
fluffypony said:
Called the call centre before posting the screencast, nobody knew what I was talking about or who to put me through to, so I hung up in frustration.
Click to expand...

Not funny if true. We keep call records, so if you can't remember who you spoke to, please PM me approximate time of the call and gender of the customer care agent - we will then narrow this down and figure out what happened.
 
MagicDude4Eva said:
Not funny if true. We keep call records, so if you can't remember who you spoke to, please PM me approximate time of the call and gender of the customer care agent - we will then narrow this down and figure out what happened.
Click to expand...

Sure - I'll check the time and pm you now
 
MickeyD said:
Surely you knew that MD4E here at MyBB was the B0B CTO? You could have contacted him personally...
Click to expand...

I had no idea - I really don't frequent these forums, last time I visited was August 2013.

And don't call me Shirley!
 
i.got~issues said:
My thinking exactly... a PM maybe about it would have been a logical step....
Click to expand...

Had I known he was here I would've definitely pm'd - I even searched through my old emails to find some dude who works at BoB that I'd been in contact with once or twice ages ago, but I have too many BidorBuy system mails archived to find it among the thickets.
 
fluffypony said:
I had no idea - I really don't frequent these forums, last time I visited was August 2013.

And don't call me Shirley!
Click to expand...

Do you know why the following sounds familiar?

fluffypony said:
Called the call centre before posting the screencast, nobody knew what I was talking about or who to put me through to, so I hung up in frustration.
Click to expand...

That's exactly what happened to MagicDude4Eva when he tried to alert City Of Johannesburg to a security flaw on their system and then posted about it online here and then CoJ claimed hacking and all kinds of BS and laid a complaint at the police...

Hahahaha!
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X