IMPORTANT! M.A.I.L. Has Been Hacked
View previous topic | View next topic >
Post new topic This topic is locked: you cannot edit posts or make replies.
M.A.I.L. Forum Index -> M.A.I.L. Help
   
Author Message

Joined: August 30, 2008
Posts: 3119
Submissions: 20
Location: Burlington, ON, Canada

IMPORTANT! M.A.I.L. Has Been Hacked
Reply with quote
Posted on Fri Jun 24, 2011 12:42 am || Last edited by Daemon_Lotos on Sat Apr 14, 2012 12:30 am; edited 3 times in total
Link to Post: Link to Post

Hey Folks,

Apologies for the abruptness of this, but I'm currently sweating a little bit...
It's taken me two days to notice that this has happened, but now that I have I'm moving as fast as I can.

MAIL has recently been the target of an SQL Injection Attack. (Not unlike what just happened to Sony, and about three billion other websites...)
To put it in laymans terms, MAIL had a script designed to protect against such attacks, it proved to not be up to the task.
The problem has been isolated and fixed, but that doesn't change the current situation.

What was stolen?: Email Addresses and (Encrypted) Password pairs.

What does this mean?: Someone, somewhere (In China... I've traced the IP Address that performed the attack) has a text copy of your email address, and the password associated with it.

"But my password was encrypted!"
Yes, yes it was. However due to the age of the site, and parts of the core technology it is still built around, these passwords were stored using a fairly simple (by todays standards) encryption algorithm... There's a possibility that eventually the person who stole these passwords will be able to brute-force decrypt them.

What should you do?
You should immediately change your password on MAIL, and also on any other sites you may share that password with. Be sure to think of everywhere you may have used it:
Email Accounts, Bank Accounts, PayPal, eBay, Other Forums, MSN, ICQ, etc.

Please direct any comments/concerns to this thread.

Please do not use this thread for fear-mongering, or other sensationalist activities.

I will be watching this thread very closely, but sometimes sleep... So please be patient when waiting for a reply to your questions.

Thank you for your understanding.



Joined: January 21, 2004
Posts: 1061
Submissions: 75

Reply with quote
Posted on Fri Jun 24, 2011 1:32 am
Link to Post: Link to Post

Thanks for your diligence in this, DL. It's enough work keeping this boat afloat, and I know you take this stuff seriously.

-phong



-- CGMaille tutorials now hosted here at MAIL! --

Joined: April 18, 2011
Posts: 63
Submissions: 15
Location: Quitman, Texas

Reply with quote
Posted on Fri Jun 24, 2011 2:08 am
Link to Post: Link to Post

Thanks for the heads up. Goodness knows we all appreciate your work on fixing this.

Joined: September 15, 2005
Posts: 136
Submissions: 0

Reply with quote
Posted on Fri Jun 24, 2011 2:14 am
Link to Post: Link to Post

Thank you for letting us know, any chance the passwords are salted? Or is the tech really old?

The only other questions that comes to mind, is there an offline backup of the site somewhere? There's nothing to be gained by hacking the site, unless all they wanted was an email list... I only hope they don't start destroying data..

Oddly enough this happened to another site I used just a few days ago.

Joined: August 30, 2008
Posts: 3119
Submissions: 20
Location: Burlington, ON, Canada

Reply with quote
Posted on Fri Jun 24, 2011 2:35 am
Link to Post: Link to Post

Zncon wrote:
Thank you for letting us know, any chance the passwords are salted? Or is the tech really old?

The only other questions that comes to mind, is there an offline backup of the site somewhere? There's nothing to be gained by hacking the site, unless all they wanted was an email list... I only hope they don't start destroying data..

Oddly enough this happened to another site I used just a few days ago.


To sum up:
- I won't discuss the back-end from a security standpoint publically, sorry.
- I keep a weekly Database backup on Rewriteable Media
- There's no chance of them going after anything, I wrote a custom Query Checker to target the exact style of attack they chose to use.

This has been happening around the web recently... Sony, DSLReports, and more sites that I'm sure said nothing publically...

The generic response in the forums by wannabe coders is "LOL OMFG WTFBBQ Use mysql_real_escape_string"... Which is the first thing anyone who evers uses DB Access learns... Or should, at least...

In short, good coding practice needs to be observed, and everything should be checked, passing variables to a "dumb" php function that just scrapes quotes isn't even half the battle.

I suspect that the majority of these sites were compromised using the exact same attack I found used here... One that slips past scripts designed to check for these EXACT attacks. One that only by knowing how it was executed was I even able to find reference to.

It makes my soul go cold to think about how many other sites this attack may be affecting, and their webmasters choose to stay silent...

...

I'm way off topic.



Joined: November 24, 2010
Posts: 21
Submissions: 18
Location: kent ny

Reply with quote
Posted on Fri Jun 24, 2011 3:35 am
Link to Post: Link to Post

hmmm makes me wonder why they would go through the effort of hacking m.a.i.l. no offense but its a pretty tiny forum, you would think thier efforts would be better spent on a larger forum.

Joined: August 30, 2008
Posts: 3119
Submissions: 20
Location: Burlington, ON, Canada

Reply with quote
Posted on Fri Jun 24, 2011 3:40 am
Link to Post: Link to Post

mailleseraph wrote:
hmmm makes me wonder why they would go through the effort of hacking m.a.i.l. no offense but its a pretty tiny forum, you would think thier efforts would be better spent on a larger forum.


I was wondering that myself.
You must remember, though, that the MAIL DB is fairly large (15k+ users)... Just a small minority of active users.



Joined: November 16, 2009
Posts: 162
Submissions: 3
Location: Finland

Reply with quote
Posted on Fri Jun 24, 2011 8:39 am
Link to Post: Link to Post

Quote:

It makes my soul go cold to think about how many other sites this attack may be affecting, and their webmasters choose to stay silent...


I know at least one site that has done that... A business affiliated forum. Extremely distressing to the users, so thank you DL for the heads up.


Only one word can make me angry, and trust me dear, you can't pronounce it.

Joined: February 27, 2011
Posts: 5
Submissions: 0
Location: Cranebrook, NSW, Australia

Email Not Received
Reply with quote
Posted on Fri Jun 24, 2011 8:49 am
Link to Post: Link to Post

So if I haven't received an email, does that mean I haven't been affected? (I know, I need to change my password regardless). Got word of this through Facebook.

Joined: August 29, 2007
Posts: 544
Submissions: 1

Reply with quote
Posted on Fri Jun 24, 2011 10:50 am
Link to Post: Link to Post

Thanks for telling us DL, good luck getting the site locked down again

Joined: July 08, 2010
Posts: 71
Submissions: 6
Location: Greenville, SC

Reply with quote
Posted on Fri Jun 24, 2011 11:34 am
Link to Post: Link to Post

Hey hey hey, DL, you need to handle this up to Sony's standards. First you need to wait a week or two to tell us or do anything at all, really. Then you need to take then entire website down for a month. When you bring it back online, do so with the ability to change the color of text and everyone will love you more than ever.

Seriously though, thanks for letting us all know so we can handle what need be handed from our ends.


Maille Code V2.0 T4.3 R4.1 Eo.p Fe8.2 MCu.e Wim Ca G1.02 I3.5-6.8 N3.3 Pjad Djd Xg5 S10

Joined: August 30, 2008
Posts: 3119
Submissions: 20
Location: Burlington, ON, Canada

Re: Email Not Received
Reply with quote
Posted on Fri Jun 24, 2011 4:06 pm
Link to Post: Link to Post

NexusMaille wrote:
So if I haven't received an email, does that mean I haven't been affected? (I know, I need to change my password regardless). Got word of this through Facebook.


Sadly, everyone is affected.
I used phpBB's "Email All" feature... Which seems to have only sort-of worked... With some people receiving, and some not (myself included).

I am in the middle of writing a custom script to redo the email, so apologies to those of you who will receive two.

I just got two emails today regarding other sites I need to change my info at, however... This attack is spreading like wildfire...
Travelodge.co.uk and Bioware/EA Forums... Oi



Joined: August 30, 2008
Posts: 3119
Submissions: 20
Location: Burlington, ON, Canada

Reply with quote
Posted on Fri Jun 24, 2011 4:08 pm
Link to Post: Link to Post

eld fagel wrote:
Thanks for telling us DL, good luck getting the site locked down again


Oh, don't worry about that.
The code was changed, and the hole patched before I said the first word about it on the forums.



Joined: July 23, 2006
Posts: 2278
Submissions: 97
Location: Standish, Michigan, USA

Reply with quote
Posted on Fri Jun 24, 2011 4:19 pm
Link to Post: Link to Post

Thanks for catching this, Lotos! Passwords all changed, fortunately I didn't use my old password on a whole pile of other sites, but only a couple. They're all different from each other now.


Insistence is futile.

We are the Quartz, lower your shovels and surrender your rocks. We will add your gemological and mineralogical distinctiveness to our own. You will adapt to service us. Resistance is rutile.

Handmaden Designs LLC
Facebook
Twitter
Pinterest
Handmade Artists Shop
Author Website

Joined: June 6, 2011
Posts: 7
Submissions: 0
Location: gresham, oregon

Reply with quote
Posted on Fri Jun 24, 2011 6:24 pm
Link to Post: Link to Post

I'd like to chime in with the "thanks for letting us know!" that's crazy stuff, I hadn't heard anything about it from anyone else, which is scary if it's happening all over the web...I had just been thinking of changing my password-like an idiot I use the same one everywhere and haven't changed it in quite some time...

thanks for all your hard work!


"Whoever knocks persistently,
ends by entering."

Post new topic This topic is locked: you cannot edit posts or make replies.
Jump to:  
Page 1 of 4. Goto page 1, 2, 3, 4  Next
All times are GMT. The time now is Wed Dec 11, 2019 7:50 am
M.A.I.L. Forum Index -> M.A.I.L. Help
Display posts from previous: