Boards.ie Attack - What Happened? Please post all questions here.

24-01-2010 1:51pm

Conor wrote: »

It was a current admin.

Perhaps I'm asking for too much detail, but, do you know if they targetted a specific admin acccount from the outset of their operation, or if their choice of admin account to crack was arbitrary?

Conor · 24-01-2010 2:07pm

-JammyDodger- wrote: »

Perhaps I'm asking for too much detail, but, do you know if they targetted a specific admin acccount from the outset of their operation, or if their choice of admin account to crack was arbitrary?

That's more detail than I'm willing to go into.

That said, I'm pretty sure they'd take any admin account they'd get their hands on.

24-01-2010 2:13pm

Thanks, Conor. Things are a little clearer in my head now.

Bonito · 24-01-2010 3:37pm

All who got the site back up and running - fair play and pure excellence with the fast response and with keeping your users updated.

Those who are blaming boards for their other accounts (msn, gmail, paypal) being hacked due to using same passwords. A.) It's your own fault for not having unique passwords, I've done this since I have started on the internet. and B.) It's not Boards fault that a shower of dishonest and destructive bastards hacked the site and ****ed everything up.

The blame is not on boards. Change your passwords regularly, save them in drafts on your phone, in a folder on your pc or even allow your internet browser to save them.

martinjr · 24-01-2010 3:56pm

Well done to all concerned for getting this forum back quite quickly as there was a lot of work involved. There are a lot of dedicated folks out there. It's important to have 'our own' site.

I happened to be logged on Friday when this happened but haven't noticed anything susp on my account.

Well Done,
martinjr

Sully · 24-01-2010 4:19pm

I really think that all the Boards.ie HQ Team need to a big round of applause tbh. The amount of work that went into securing the forums, letting everybody know, going to the media, and keeping everyone regularly in the loop was unbelievable. I have yet to come across such a fantastic response to a security incident of this nature.

The lads did not just do great. They did not just do good, okay or even grand. Each and everyone of them were fantastic. Absolutely brilliant. They were very quick to respond, dealt with the issue promptly and have had site back up and running in what really was no time at all (even if it felt ages for us regular users). It was very organised. One would nearly suggest that it was bloody staged as it was pretty perfect.

At the end of the day, we all owe it to the Boards.ie HQ Team. I could not careless if they were volunteers or paid workers. They did above and beyond what would be considered normal to get the service (of this nature) back up and running so quickly. The fact they notified each and everyone of us by email and made a plea for the media (going as far as the BBC for christ sake!) to warn people shows just how great these guys really are.

So folks, I would like to thank you all very much for not only providing such an excellent forum, keeping the community happy and having it up and running smoothly as much as possible. But I want to extend the thanks for the fantastic response to the incident and the method in which it was approached by each and everyone of you.

Thank You.

RasTa · 24-01-2010 6:21pm

I need my 11 year old account back! Joined up back when the site was quake.ie. I really hope it's not gone.

maryd26 · 24-01-2010 6:45pm

Darragh wrote: »

No, I'm afraid not. They were always protected, even I (using an admin account) couldn't see them. Sorry - I know it's a pain!

Ah well cheers anyway... just get to become more inventive with my passwords, and at least this reminder occurred without major inconvenience/loss.

Well done again:)

Soil Mechanic · 24-01-2010 7:00pm

^
Ditto.
Nuff Said.

A resounding "Nice One" to all the boards.ie team;
a resounding "BLAHHHH" to all the moaners & big gurns, you should be more password aware- STOP COMPLAINING!

Thanks,
SM

billy the squid · 24-01-2010 7:09pm

I see from the help desk that you have a policy of not merging accounts

in light of the fact that many of us are using temporary accounts until we get control of our main accounts back. will we be allowed to merge the temp account with our main account?

RasTa · 24-01-2010 8:03pm

squidlimerick wrote: »

I see from the help desk that you have a policy of not merging accounts

in light of the fact that many of us are using temporary accounts until we get control of our main accounts back. will we be allowed to merge the temp account with our main account?

Nah that's too much work for the admins. It turns out I can log into my old email account but I can't do anything with it, I try and delete mails but it won't connect to the server.

I can take a screenshot of the last email which is a Boards.ie PM notification from 2003

eerwegtweg · 24-01-2010 9:07pm

TimTim wrote: »

Just two questions from me:

I know vBulletin hashes passwords using MD5 but was there a salt used in hashing? (is it even possible with vbulletin?)

If the above answer is no is it possible to get my original hashed password sent by pm? I actually can't remember what password I used for boards.ie and I need to figure out what logins i need to reset.

Anyone know if boards can tell us what our original password was? Like TimTim I can't remember which of the few passwords that I regularly use is the one that I used for Boards!

I don't want to have to change every single log in I have out there!

Sully · 24-01-2010 9:20pm

eerwegtweg wrote: »

Anyone know if boards can tell us what our original password was? Like TimTim I can't remember which of the few passwords that I regularly use is the one that I used for Boards!

I don't want to have to change every single log in I have out there!

Nope, Boards.ie does not know your password. I believe it reset them all after the incident and besides - whatever value is stored for your password would be a difficult, and time consuming process to "break" into what would have been your old password.

Darragh · 24-01-2010 10:23pm

squidlimerick wrote: »

I see from the help desk that you have a policy of not merging accounts

in light of the fact that many of us are using temporary accounts until we get control of our main accounts back. will we be allowed to merge the temp account with our main account?

That's definitely something we're working on. We have a meeting about it in the morning and will let you know what we decide.

If you haven't already emailed hello@boards.ie (I know you have sl) please get yourself added to the list of people who need to access their account.

Thanks and best regards

Darragh

Posy · 25-01-2010 12:08am

I have always used the same email for boards, my email, facebook, digital spy etc.. I've used this password for years because it's a pretty strong one. I never knew about hacking and things. I now have different (and very strong) passwords for everything. Thanks, boards, for the lesson in security. And if anything had happened to my email account or anything it would have been my own fault; I certainly wouldn't have blamed you admin guys- you've all been great in a crisis!

congo_90 · 25-01-2010 12:19am

Fair play to boards for conveying the message in a timely matter. Thanks to the site being down I actually bothered to start studying my cisco course!
Came home to find boards still down and didn't know what to do. I checked my facebook. Shook my fist at society then went asleep.

All in all a nightmare but glad to see boards up and running in full swing.
Easy way to clear off old inactive accounts I guess.

Any details being released at all?
I subbed for another 3months (ironic how that email arrived but not the warning one) so my 13 euro will fix boards server...simples :P

billy the squid · 25-01-2010 1:15am

Darragh wrote: »

That's definitely something we're working on. We have a meeting about it in the morning and will let you know what we decide.

If you haven't already emailed hello@boards.ie (I know you have sl) please get yourself added to the list of people who need to access their account.

Thanks and best regards

Darragh

am already on the list, and can wait

main reason for creating this account was to let co-mods know that I was out of the game for the time being.

Posy · 25-01-2010 1:39am

I think January 2010 is going to break some sort of new registrations record!

YULETIRED · 25-01-2010 3:34am

Posy wrote: »

I think January 2010 is going to break some sort of new registrations record!

i think it will also mark some sort of defections record.

Snowbat · 25-01-2010 5:06am

Here's my SpamAssassin report for the Boards.ie Annoucement email. I'd guess the Spamhaus PBL listing and the lack of rDNS for [79.125.52.71] caused many deliverability/flagged-as-spam problems.

X-Spam-Report: 
	*  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
	*      [score: 1.0000]
	*  0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
	*  0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
	*  2.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
	*      1)
	*  1.0 RCVD_IN_BARRACUDABL RBL: Received from host in BARRACUDABL
	*      [79.125.52.71 listed in bb.barracudacentral.org]
	*  0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
	*      [79.125.52.71 listed in dnsbl.sorbs.net]
	*  0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
	*      [79.125.52.71 listed in zen.spamhaus.org]

edit: 79.125.52.71 seems to have rDNS now

DOC09UNAM · 25-01-2010 10:08am

Posy wrote: »

I have always used the same email for boards, my email, facebook, digital spy etc.. I've used this password for years because it's a pretty strong one. I never knew about hacking and things. I now have different (and very strong) passwords for everything. Thanks, boards, for the lesson in security. And if anything had happened to my email account or anything it would have been my own fault; I certainly wouldn't have blamed you admin guys- you've all been great in a crisis!

I would assume that Boards uses the standard md5 hash encode, so if you have a "Really Strong" Password, then it might not have been cracked, a mix of numbers and random letters often works the best.

seamus · 25-01-2010 10:30am

This thread is lacking it's own slogan and title credits.

We also need a big banner across the bottom of the screen repeating the same information over and over again every 2 minutes.

Sherifu · 25-01-2010 10:38am

seamus wrote: »

This thread is lacking it's own slogan and title credits.

"now ye're hacked"*

*shamelessly borrowed** from theregister story comments

**stolen

Conor · 25-01-2010 10:56am

DOC09UNAM wrote: »

I would assume that Boards uses the standard md5 hash encode, so if you have a "Really Strong" Password, then it might not have been cracked, a mix of numbers and random letters often works the best.

vBulletin hashes the password, salts it, then hashes again. So, if you have a strong password, yes, it may not have been compromised.

BUT

You have to assume that it was.

DOC09UNAM · 25-01-2010 11:10am

Conor wrote: »

vBulletin hashes the password, salts it, then hashes again. So, if you have a strong password, yes, it may not have been compromised.

BUT

You have to assume that it was.

Oh, sweet, Yeah, i changed most of my passwords anyway, no harm being safe about things.

AckwelFoley · 25-01-2010 12:07pm

im beginning to love the new username

you can keep snyper*

i might sell him on ebay.

:pac:

*not even remotely true

Zab · 25-01-2010 12:33pm

Any chance you can unban sneakemail.com addresses? This is now a paid service, and I use it for pretty much everything. Boards is one of only two places I've come across so far that don't allow them.

The Muppet · 25-01-2010 12:33pm

I like the anonimity my new username affords me.

Have to get working on the postcount as I miss the sigs and avatars.:D

Work/Boards , Decisions Decisions.

DeVore · 25-01-2010 3:36pm

Official Mode Off.

We're heart-sick about this lads and ladies, we're not happy in the slightest. Its been a horrible experience but what can you do except let everyone know asap. Believe me its a pretty sickening thing to see your website logo on the 6.1 news telling everyone that you have lost 280,000 passwords (when the truth is much more subtle then that, but thats the message that goes across).

Its a very hard thing to do, to decide to actively go out and try to get media to broadcast that we have been hacked when what you REALLY want to do is bury your head and pretend nothing happened.

On the plus side, we took our belief that our way of doing things is better then the "usual" way, and trusted it. Trusted that people would see past the "sorry, our bad" and on to the "they did the right thing". Its tremendously heartening to see the messages of support, it really has cheered us up and kept us determined.

We're really sorry this happened, we couldnt have prevented it but we have taken steps to mitigate its repeat. Thanks for understanding.

DeV.

helimachoptor · 25-01-2010 4:14pm

Dev, of course I understand if you cant share this but do you think this was just a random attack or was Boards.ie specifically targeted for a reason you know of?

Boards.ie Attack - What Happened? Please post all questions here.

Comments