Boards.ie Attack - What Happened? Please post all questions here.

unkel

Boardsie lives - hurray!

Random wrote: »

My name is Jack Bauer tom murphy (dev/conor/dav/darragh/whoever), and this is the longest day of my life.

so .. anyways .. couple more questions .. i'm interested!
= can you give us more details as to how the admin account was compromised?
= was it the vbullietin admin account or the server one?
= how was it detected so quick? do you have alerts setup or something? or was this a slow response time relative to what it should be?
= what have you spent the last 36 hours doing?


thanks

+1

Exactly what I was thinking.

Most importantly - how "the" admin account was compromised. How the hell can that happen? :eek: Was there nothing that could have prevented it happening? Why is microsoft.com never down and we are? (apart from they've loads more money )

The Muppet

MFZ wrote: »

Why that?
They have (parts of) the user database. They had access to an administrative account.
Chances are they have the salt, too.

Cracking simple passwords is done quite quick.

MFZ

I wish them the best with mine, whatever use it will be to them.

Just to echo the sentiments being expressed on how Boards.ie handled this. Thanks for not employing the mushroom approach.

Pissed_Off

OK I give up I'm a technophobe but as my name suggested I am well pissed-off! Little did I think when I signed up to Boards.ie that this sort of crap was likely to happen. While I appreciate it is not your fault could you at least please expedite things a bit!!! I have received an email from the Rugby forum about posting match streams but still no new password so I can't log in!!! My original username is Judgement Day and I can't see how I can be receiving rugby boards info but no new password. This whole debacle has caused me major inconvenience and makes me doubt the whole concept of being on the Boards. I'm sure you're doing your best but please!!!!!

Suaimhneach

Well done. Any ungrateful posts are people who dont get how truly epic the boards.ie ethos is.

My take on it, the hacker was trying to make boards.ie sweat and cause a publicty event and try make boards.ie look bad. Not to say they didnt have malicious intent, but from reading this thread, that's the feeling I get. Thank f*ck they failed at that.

Steve

MFZ wrote: »

Why that?
They have (parts of) the user database. They had access to an administrative account.
Chances are they have the salt, too.

Cracking simple passwords is done quite quick.

MFZ

AFAIK in Vb the salt is randomised per user so its not that straightforward and I doubt it's stored in the user table.

The benefit vs cost of cracking boardsies login passwords would be so small as to be worthless and besides it's academic unless someone is silly enough to revert to their old password.

The Muppet

Pissed_Off wrote: »

OK I give up I'm a technophobe but as my name suggested I am well pissed-off! Little did I think when I signed up to Boards.ie that this sort of crap was likely to happen. While I appreciate it is not your fault could you at least please expedite things a bit!!! I have received an email from the Rugby forum about posting match streams but still no new password so I can't log in!!! My original username is Judgement Day and I can see how I can be receiving rugby boards info but no new password. This whole debacle has caused me major inconvenience and makes me doubt the whole concept of being on the Boards. I'm sure you're doing your best but please!!!!!

I'd look for a refund if I were you.;)

thomond2006

Well done DeVore, Admins, Developers et all..

You taught those fcukers who's boss!

Great job!

AckwelFoley

Pissed_Off wrote: »

OK I give up I'm a technophobe but as my name suggested I am well pissed-off! Little did I think when I signed up to Boards.ie that this sort of crap was likely to happen. While I appreciate it is not your fault could you at least please expedite things a bit!!! I have received an email from the Rugby forum about posting match streams but still no new password so I can't log in!!! My original username is Judgement Day and I can't see how I can be receiving rugby boards info but no new password. This whole debacle has caused me major inconvenience and makes me doubt the whole concept of being on the Boards. I'm sure you're doing your best but please!!!!!

you, my good chap have few serious things in life to bother you.

Be Greatful

Steve

Pissed_Off wrote: »

OK I give up I'm a technophobe but as my name suggested I am well pissed-off! Little did I think when I signed up to Boards.ie that this sort of crap was likely to happen. While I appreciate it is not your fault could you at least please expedite things a bit!!! I have received an email from the Rugby forum about posting match streams but still no new password so I can't log in!!! My original username is Judgement Day and I can't see how I can be receiving rugby boards info but no new password. This whole debacle has caused me major inconvenience and makes me doubt the whole concept of being on the Boards. I'm sure you're doing your best but please!!!!!

Have you read the notices? You don't get a mail.

Go here and reset your password.

Dave!

/goes to Conspiracy Theories to find out what really happened

Saibh

Pissed_Off wrote: »

OK I give up I'm a technophobe but as my name suggested I am well pissed-off! Little did I think when I signed up to Boards.ie that this sort of crap was likely to happen. While I appreciate it is not your fault could you at least please expedite things a bit!!! I have received an email from the Rugby forum about posting match streams but still no new password so I can't log in!!! My original username is Judgement Day and I can't see how I can be receiving rugby boards info but no new password. This whole debacle has caused me major inconvenience and makes me doubt the whole concept of being on the Boards. I'm sure you're doing your best but please!!!!!

Did you check your spam folder (email from no-reply@boards.ie)

Add it to your contacts

Darragh

invalidusername wrote: »

Id love to be able to log back in as my usual self.

Unfortunatley the email account i used when i set up in July 2006 was haxzored by the FBI and i no longer can use it as its pending in a case against me*.

Yours sincerely

Snyper








*may not be true, may be because it was an old work email, in aplace i dont work anymore

Have you emailed us at hello@boards.ie?

Spiritoftheseventies

The Muppit wrote: »

I'd look for a refund if I were you.;)

you the muppet or just his avatar

Darragh

Thekk08 wrote: »

any word on when adverts might be back up lads?

Not yet, I'm afraid. We're working on it

The Muppet

Spiritoftheseventies wrote: »

you the muppet or just his avatar

I am The Muppet, You bayview?

Ye'll have to try and cope without me in soccer for a while until I get my password sorted, Tell the lads not to fret I'll definitely be back.

Darragh

dancineile wrote: »

Well done to all at HQ. It's tough when a production system goes down for any reason, the external attacks really suck (have a few of those t-shirts myself).

Well done on the excellent communications and in getting everything back up and running.

It's great to have this essential service back :-)

Pity I can't access my registration e-mail address. I don't envy you having to sort out all the people in the same boat as me. It's only a username, but it's like an old friend at this stage :-)

Au revoir to 'dancin', hello to 'dancineile' - Imaginative, huh?

You can just drop us an email to hello@boards.ie and we will add you to a waiting list of accounts that need to be "verified"

Spiritoftheseventies

The Muppit wrote: »

I am The Muppet, You bayview?

Ye'll have to try and cope without me in soccer for a while until I get my password sorted, Tell the lads not to fret I'll definitely be back.

will do

Darragh

Tragedy wrote: »

Awesome work on keeping people informed and in the loop, kudos on that.

Rather dissappointed at how cynically it seemed to be turned into a PR exercise though, both through twitter and pushing it in the news. Ah well, exposure is good I guess!

Not exactly sure how it was "turned into a PR exercise"? Re exposure - it's not exactly what I'd have termed good publicity!

MFZ

DeVore wrote: »

[*]16:00 Published homepage message and started sending approximately 300,000 emails.

Btw: This email never got to me. And no, there is no such thing as a spam folder.
And yes, password reset did work (apparently).

MFZ

Zeouterlimits

W00t for the Boards.ie team!!
Shocked when I came to the site yesterday afternoon, happy to have it back

Daemos

Darragh wrote: »

Not yet, I'm afraid. We're working on it

Take your time, the longer it takes you the longer break we AMods get. In fact ye might as well wait until ye all get into the office on Monday, have a nice peaceful weekend

AlmightyCushion

Random wrote: »

My name is Jack Bauer tom murphy (dev/conor/dav/darragh/whoever), and this is the longest day of my life.

so .. anyways .. couple more questions .. i'm interested!
= can you give us more details as to how the admin account was compromised?
= was it the vbullietin admin account or the server one?
= how was it detected so quick? do you have alerts setup or something? or was this a slow response time relative to what it should be?
= what have you spent the last 36 hours doing?


thanks

I imagine it was a DB server admin account. I doubt vbuilleting admin accounts have that type of access, I could be wrong though.

Steve wrote: »

AFAIK in Vb the salt is randomised per user so its not that straightforward and I doubt it's stored in the user table.

The benefit vs cost of cracking boardsies login passwords would be so small as to be worthless and besides it's academic unless someone is silly enough to revert to their old password.

I doubt they want boards accounts. Most likely they are hoping that people are using the same password here as they are for their email account they signed up with. So say you signed up with steve@gmail.com with the password stevehasabigknob!!!. They're banking on you using the same password for your steve@gmail.com account. They log in to that and get access to your paypal, ebay and all your other accounts. Hence the importance of changing the passwords on any other sites you use.

200motels

Well done for the quick action, I heard one of the lads on Matt Cooper and he explained it perfectly, again well done to everyone concerned.

Spiritoftheseventies

Just to ask but are old passwords stored here. Ie if steven changed his password from xy to yz on boards would xy still be stored on the database.

The Muppet

AlmightyCushion wrote: »

I imagine it was a DB server admin account. I doubt vbuilleting admin accounts have that type of access, I could be wrong though. I doubt they want boards accounts. Most likely they are hoping that people are using the same password here as they are for their email account they signed up with. So say you signed up with steve@gmail.com with the password stevehasabigknob!!!. They're banking on you using the same password for your steve@gmail.com account. They log in to that and get access to your paypal, ebay and all your other accounts. Hence the importance of changing the passwords on any other sites you use.

And hence the importance of the "cynical* media involvement to get the word out.

AckwelFoley

Darragh wrote: »

Have you emailed us at hello@boards.ie?

done

Buford T Justice

So glad that normal service has resumed at last

Well done on the hard work guys.....

Spiritoftheseventies

The Muppit wrote: »

And hence the importance of the "cynical* media involvement to get the word out.

if they then went into paypal account and started using credit card numbers wouldn't the same ip address keep showing up by same user hence arousing suspicion.

Darragh

Algernon wrote: »

I can't access my other (main, 5,000+ posts) username as I signed up using an email address for which I can't remember the password.

Surely you should be able to reset the password on that other email address?

Steve

AlmightyCushion wrote: »

I doubt they want boards accounts. Most likely they are hoping that people are using the same password here as they are for their email account they signed up with. So say you signed up with steve@gmail.com with the password stevehasabigknob!!!. They're banking on you using the same password for your steve@gmail.com account. They log in to that and get access to your paypal, ebay and all your other accounts. Hence the importance of changing the passwords on any other sites you use.

But... I already know your gmail password.. AChazabigknob (old joke for those that don't follow)

Good point though.

Given the media attention this thread has, I pity poor steve@gmail.com

DaPoolRulz wrote: »

Take your time, the longer it takes you the longer break we AMods get. In fact ye might as well wait until ye all get into the office on Monday, have a nice peaceful weekend

We live in hope! :cool: