Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Boards.ie hacked?

  • 12-08-2019 7:59am
    #1
    Registered Users Posts: 304 ✭✭Oxter


    Just received an email purporting to be from Boards.ie

    "Message from Sareo1" giving a link to dodgy photo and with the boards.ie logo.

    Only way they could have got my email is from Boards.ie. no reference to my username and no private messages in my Boards folder.


«134567

Comments



  • Got the same..from a sara. Dodgy photo,
    Private message to boards though.


  • Registered Users Posts: 3 Dvk1986


    Oxter wrote: »
    Just received an email purporting to be from Boards.ie

    "Message from Sareo1" giving a link to dodgy photo and with the boards.ie logo.

    Only way they could have got my email is from Boards.ie. no reference to my username and no private messages in my Boards folder.


    I also got this email


  • Registered Users Posts: 116 ✭✭RioM


    Got the same..from a sara. Dodgy photo,
    Private message to boards though.

    Same here


  • Registered Users Posts: 630 ✭✭✭sidcon


    Would help explain my Netflix account being accessed in Galway when I know nobody in Galway, I used the same passwords (all changed now)


  • Registered Users Posts: 507 ✭✭✭Sinus pain


    sidcon wrote: »
    Would help explain my Netflix account being accessed in Galway when I know nobody in Galway, I used the same passwords (all changed now)

    Are you near enough to Galway? My daughter used mine in finglas and said it was being used in Meath


  • Advertisement
  • Registered Users Posts: 16,060 ✭✭✭✭iamwhoiam


    My inbox is filling with messages from ploxis . I cant access it and getting a 1015 error


  • Registered Users Posts: 9,420 ✭✭✭splinter65


    I heard from Sara too


  • Registered Users Posts: 3 Martin 19


    RioM wrote: »
    Same here

    Got the same here as well account must be hacked


  • Closed Accounts Posts: 4,431 ✭✭✭Mortelaro


    I got a pm notification for a new PM that took me to an old pm
    You know in the touch version where the pm icon goes red
    I replied to the old one as if it was new :D
    I'm assuming this spam caused it


  • Registered Users Posts: 130 ✭✭omeara1113


    me too


  • Advertisement
  • Registered Users Posts: 2,462 ✭✭✭bennyineire


    This is not what you call a hack, this is somebody claiming to be from boards, basically cloning and a phising attempt.

    You see this happening with banks and even Facebook accounts, as in all these cases never click on a link sent to you in an email unless you are 100% sure it is legit and even at that I would still check with the sender first. Live by this rule with emails and you should be fine


  • Registered Users Posts: 824 ✭✭✭The chan chan man


    Same here!


  • Registered Users Posts: 76 ✭✭citygal93


    I also got this but it went straight to my junk once I opened it.


  • Closed Accounts Posts: 809 ✭✭✭Blaizes


    I got a dodgy looking email purporting to be from boards.ie a short time ago. I didn’t open it.


  • Closed Accounts Posts: 332 ✭✭Tikki Wang Wang


    This is not what you call a hack, this is somebody claiming to be from boards, basically cloning and a phising attempt.

    You see this happening with banks and even Facebook accounts, as in all these cases never click on a link sent to you in an email unless you are 100% sure it is legit and even at that I would still check with the sender first. Live by this rule with emails and you should be fine

    Yes but how did they have all the Boards users email addresses? Hope GDPR insurance is up to date


  • Registered Users Posts: 55,433 ✭✭✭✭Mr E


    Not hacked, but it's a spam attack.

    Thousands of accounts created since last night to send tens of thousands of private messages. The office are looking into ways to stop them or slow them down.

    We're deleting the private messages, but that's after you've received the email notification (which is why the PM may not be there when you go looking for it).

    Your account is safe and your email address has not been compromised.

    It goes without saying - please don't click any links from this PM, or from the copy of the PM in the PM notification email.


  • Registered Users Posts: 33,519 ✭✭✭✭dudara


    As far as I am aware, there was no data breach from Boards.

    Last night, we experienced a high level of new account sign-ups, probably via automated script. These accounts then started sending spam PMs to users, which in turn would have triggered automated email notifications (if enabled by the user).

    The tech team here have disabled the accounts, and deleted the spam PMs. We cannot however though delete any notification emails as these were already sent.

    If you have any questions for the Boards HQ staff, please use the Help Desk.


  • Boards.ie Employee Posts: 5,461 ✭✭✭✭✭Boards.ie: Mark
    Boards.ie Employee


    Morning all,

    There hasn't been a data breach. However, as Mr E and dudara have said, there were new user accounts set up that spammed PMs with dodgy links. As is normal practice, emails were sent to users to alert them of new PMs containing a preview of the message.

    The Admins and the dev team have been working hard to try to keep on top of things and ban these users and delete the PMs that they have sent (but it was not possible to delete the sent emails, which is why these PMs are inaccessible despite getting an email about them).

    You should not click on the link sent in the email/Private Message and if you do get a message that seems suspicious, please report it by clicking on the little warning triangle in the top right corner of a message.

    It is possible to turn off email notifications for private messages via the User Control Panel under Private Messaging.

    487912.PNG


  • Closed Accounts Posts: 12 jonnie45


    I am an IT professional - also been involved in security coding.



    Lots of supposition here, people supposing that because an email arrived then someone has their email address who should not.



    Any half competent coder could write a script to create an account and then spider the forums looking for user names and then send them private messages using the boards.ie system - ten or twenty minutes work for someone who knows what they are doing.



    One issue here is that once a spider (web-bot) has successfully managed to obtain an account how does it find users to spam through the PM messaging system - no good just having an account you need to train your web-bot to find valid user names for instance mine is jonnie45.



    Easy enough - simply write a web-bot that can spider forum posts and find user names there - the bot just does what you would do mechanically. First set up an account and then decide by looking at a forum page which user you want to send a PM to.



    That is one of the main problems with off the shelf generic forum software - the issue for a bot is how to decipher amongst all of the text on a page which bits are the usernames - you can do it by eye but how does a bot do it?



    Well its actually we make it very easy for the person writing the web-bot

    example....


    Here is my username as you would see it on the website Jonnie45

    but here is an example of how it might look if you took a look at what we call the source code for the page which your browser turns into something you can read....


    < a class="username">Jonnie45</a>


    That class bit is the key - it is set to "username" in my example but the whole point is that if you scanned a forum page for the word "username" you would find the location of all the user names on that page.


    The solution would be if all generic forum software had a configuration stage for the site administrators so that "username" could be changed to something else - for instance "boardsieuser"


    That would mean that the people who wrote the bot would have to take a look at every forum they wanted to attack and get someone to actually take a look at the source code for the page and find out "ok on this site we need to search for "username" but on this site over here we need to search for "nameofuser" and on this website over here they have been smarter and called it "yellowelephant"


    Unfortunately most forum software "off the shelf" does not include the ability to change these things.



    Instead of having to go to all the trouble of visiting each site and getting a human being to find out that for a particular site they need to search for "yellowelephant" they just need to look at one example website that uses that particular forum software, find out what the magic token is and then their bot will be able to attack any forum that uses the same software.


    Of course as the owners of this site have pointed out they have flood control but really most attacks are very low grade, successful penetration of database stored information is rarer than this kind of attack which on the face of it looks very simple.



    The bot in this case probably did not do anything that a legit site user could not do mechanically - it just does it a lot faster.


  • Registered Users Posts: 1,316 ✭✭✭Absoluvely


    @jonnie45 the members list is available here https://www.boards.ie/vbulletin/memberlist.php

    :pac:


  • Advertisement
  • Registered Users Posts: 2,862 ✭✭✭Dr Turk Turkelton


    jonnie45 wrote: »
    I am an IT professional - also been involved in security coding.



    Lots of supposition here, people supposing that because an email arrived then someone has their email address who should not.



    Any half competent coder could write a script to create an account and then spider the forums looking for user names and then send them private messages using the boards.ie system - ten or twenty minutes work for someone who knows what they are doing.



    One issue here is that once a spider (web-bot) has successfully managed to obtain an account how does it find users to spam through the PM messaging system - no good just having an account you need to train your web-bot to find valid user names for instance mine is jonnie45.



    Easy enough - simply write a web-bot that can spider forum posts and find user names there - the bot just does what you would do mechanically. First set up an account and then decide by looking at a forum page which user you want to send a PM to.



    That is one of the main problems with off the shelf generic forum software - the issue for a bot is how to decipher amongst all of the text on a page which bits are the usernames - you can do it by eye but how does a bot do it?



    Well its actually we make it very easy for the person writing the web-bot

    example....


    Here is my username as you would see it on the website Jonnie45

    but here is an example of how it might look if you took a look at what we call the source code for the page which your browser turns into something you can read....


    < a class="username">Jonnie45</a>


    That class bit is the key - it is set to "username" in my example but the whole point is that if you scanned a forum page for the word "username" you would find the location of all the user names on that page.


    The solution would be if all generic forum software had a configuration stage for the site administrators so that "username" could be changed to something else - for instance "boardsieuser"


    That would mean that the people who wrote the bot would have to take a look at every forum they wanted to attack and get someone to actually take a look at the source code for the page and find out "ok on this site we need to search for "username" but on this site over here we need to search for "nameofuser" and on this website over here they have been smarter and called it "yellowelephant"


    Unfortunately most forum software "off the shelf" does not include the ability to change these things.



    Instead of having to go to all the trouble of visiting each site and getting a human being to find out that for a particular site they need to search for "yellowelephant" they just need to look at one example website that uses that particular forum software, find out what the magic token is and then their bot will be able to attack any forum that uses the same software.


    Of course as the owners of this site have pointed out they have flood control but really most attacks are very low grade, successful penetration of database stored information is rarer than this kind of attack which on the face of it looks very simple.



    The bot in this case probably did not do anything that a legit site user could not do mechanically - it just does it a lot faster.

    Hmmm, looks like we found the culprit.


  • Closed Accounts Posts: 12 jonnie45


    Is there a captcha of any kind when signing up for a new account?

    I did a partial sign-up to check but did not complete the process since I do not want a second account - I saw no captcha in the first stages of sign-up?

    Captchas are not 100% but they do ward off the simple minded bots.

    Also reasonably effective are the type of Q and A that requires local knowledge.

    Clever bots will easily defeat captchas and someone targetting a specific site will deal very effectively with Q and A based on local knowledge but most attacks on small sites are not site specific and most bots are dumb . the bot has not been coded to deal with that particular website. No good if you are the size of Google because hackers will sit down and write specific code to attack Google but a forum for folks in Ireland? I would expect that a signup that simply asks what is the name of the river that flows through Dublin and asking folks to type in the letters not select from alternatives would defeat most non-Irish hackers - a lot of the most effective security is simple stuff - it will not stop the sophisticated attacks but most attacks are not sophisticated.

    A quick search online for dirtysara33 showed this same attack on another website called librarything


  • Closed Accounts Posts: 12 jonnie45


    Hmmm, looks like we found the culprit.


    Very funny :D its real basic stuff that most people working in the right technical area would know - if you want to line up suspects based on who would know how to do it then you would have a very, very long line of suspects.



    Anyone who write spiders for search engines would be able to do the same.



    Good spiders are used by Google billions of times a day.
    Bad spiders are used by the folks who attacked this site.


    Someone who understood the one would understand the other - different sides of the same coin.


  • Closed Accounts Posts: 12 jonnie45


    Absoluvely wrote: »
    @jonnie45 the members list is available here https://www.boards.ie/vbulletin/memberlist.php

    :pac:


    Wow - well that will save the spider a bit of time - I didn't realise it had been made that easy for them.


    Its probably not that much of gift though - it only concentrates what is freely available just by trawling the forum pages.


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 74,773 Admin ✭✭✭✭✭Beasty


    No-one needs usernames - they are issued sequentially, and all the bot had to do was send individually to any random number below around 910,000

    It looks though as if they worked backwards as most accounts affected were sign-ups in the past 10 months or so (not all though, and maybe they pulled together batches of sequential numbers)

    We are still getting the odd sign-up which are being nuked on sight (we are getting many more "regular" sign ups though.


  • Registered Users Posts: 735 ✭✭✭Treviso


    And there was me thinking myself and Sara had something special going on.........


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 74,773 Admin ✭✭✭✭✭Beasty


    Treviso wrote: »
    And there was me thinking myself and Sara had something special going on.........

    She's got your number (779133);)


  • Registered Users Posts: 8,810 ✭✭✭Hector Savage


    Treviso wrote: »
    And there was me thinking myself and Sara had something special going on.........

    :D !!
    Hoi hands off!!


  • Registered Users Posts: 4,058 ✭✭✭smuggler.ie


    Damn you Sara, you dirty b1tch!


    Wonder what security measures will be taken to prevent this from happening again.... no private messages for under 100 post or no more than 5 private per day?


  • Advertisement
  • Registered Users Posts: 6,001 ✭✭✭handlemaster


    Calm down its only the Russians


This discussion has been closed.
Advertisement