Did HWBot just get hacked??!!

[davidm71_2]

Hi,

Got Lifelock identity theft protection and they emailed me that my personal information may have been compromised on HWBot. 

So changed my password. Would recommend everyone do the same.

 

Thanks

[Leeghoofd]

Maybe Norton got compromised ? Already had to delete several accounts on request of this  

[_mat_]

It would be the recommended way to instantly start with forensics on the server and get behind this issue. If HWBOT was indeed hacked, it's not only HWBOT's security that suffers, but also our own. Our mail addresses might be out floating around in the open, passwords might be compromised.

To kill this off without any research by stating that Norton got compromised is really not the right way to respond to this.

[Mythical tech]

22 minutes ago, _mat_ said:

It would be the recommended way to instantly start with forensics on the server and get behind this issue. If HWBOT was indeed hacked, it's not only HWBOT's security that suffers, but also our own. Our mail addresses might be out floating around in the open, passwords might be compromised.

To kill this off without any research by stating that Norton got compromised is really not the right way to respond to this.

This. Also going forwards there are free IDS systems that are fairly easy to set up. 

[Noxinite]

@richba5tard

Edit: also in response to the OP, not much point changing your password if it was indeed hacked and they still have access...

Edited September 27, 2019 by Noxinite

[bigblock990]

20 minutes ago, Noxinite said:

@richba5tard

Edit: also in response to the OP, not much point changing your password if it was indeed hacked and they still have access...

LOL at this. He hasn't logged on since September 11, and last post was June 28

[Mythical tech]

6 minutes ago, bigblock990 said:

LOL at this. He hasn't logged on since September 11, and last post was June 28

Does hwbot have any other server admins? 

[bigblock990]

8 minutes ago, Mythical tech said:

Does hwbot have any other server admins? 

Maybe this guy? @Devroush    But same situation, hasn't been online since august

 

Edited September 27, 2019 by bigblock990

[Splave]

maybe he will forget to rebuy the domain and someone that gives a shit can take it over

[Guest]

Unplug the internet. Then were all safe 

[_mat_]

13 minutes ago, Splave said:

maybe he will forget to rebuy the domain and someone that gives a shit can take it over

Domains are renewed automatically each year. If the debt can not be paid, the domain provider can give it back to tld provider. Happens mostly on bankruptcy cases.

Even then the domain will be flagged as deleted and enter a redemption phase of 30 days, where it can be bought back by the previous owner at any time (with extra fees).

An impeachment of Trump will be more likely.

[Mythical tech]

@Splave wants to run the new hwbot site. 

Edited September 27, 2019 by Mythical tech

[richba5tard]

I've been contacted by a member that there was a norton lifelock alert for community.hwbot.org (not hwbot.org main site) this summer. If real (and I don't see why there would be false positives?), it means there was a vulnerability of Invision PowerBoard that got exploited. It's running an up-to-date version but it's not as if I check daily for new updates to install.

Community forums run on a separate server and a separate database. The server itself is only accessible using a private key, not with a username/password. I don't see any suspicious activity/traces on the community server, which is running a linux OS with 0 pending security patches. The database is not accessible from the outside world, only from within our Amazon VPC. We do take security seriously.

If invisionpb got hacked before they were able to send out a patch to customers, it sucks but little we could have done about it. We must assume that everyone using a community account should change their password ASAP. I'll make a news announcement.

If anyone can find more info about the community.hwbot.org data leak that'd be great. I have not found anything about this anywhere.

[richba5tard]

Mails are being sent out to inform all users. All passwords are encrypted and salted, but given enough cpu time I guess some/most can be decrypted. Please change your password here and every other place you used the same combination!

[MrGenius]

Smells like a pile of bullshit to me. I mean...is that all I have to do? Make a thread saying so and so told me HWBOT maybe got hacked...and everybody pushes the PANIC button. I'll remember for later...

Edited September 27, 2019 by MrGenius

[_mat_]

Thank you for the clarification, Frederik.

MrGenius, you should consider not posting here when drunk.

[Mythical tech]

especially

48 minutes ago, MrGenius said:

Smells like a pile of bullshit to me. I mean...is that all I have to do? Make a thread saying so and so told me HWBOT maybe got hacked...and everybody pushes the PANIC button. I'll remember for later...

Any possible security event should be treated as if it has or had happened especially if it is the information of others.

 

@richba5tard is the server hosted on a box owned by hwbot or is it cloud hosed?

[MrGenius]

LMAO!!! Well...like any sane person these days...I have 2 step verification on EVERYTHING that matters. Hackers can go ahead and have my email address and all my passwords if they want. I seriously DO NOT GIVE A FLYING FUCK!!! What are they gonna do? Send me more spam email? Steal my HWBOT account? OH NOES!!! What will I do then?! ?

Edited September 27, 2019 by MrGenius

[Tzk]

It might not be an issue for you, but sometimes users reuse passwords on several sites.Now assume that someone used the email+pw of his HwBot account for any crucial or sensitive account like onlinebanking, onlineshops or even paypal. That's why users must be informed when there *might* be a hack, just as a precaution.

I also assume that the admins reached back to the reporting user and asked for further data/proof or whatever.

Edited September 28, 2019 by Tzk