Author |
Message |
blue hell
Site Admin
Joined: Apr 03, 2004 Posts: 24079 Location: The Netherlands, Enschede
Audio files: 278
G2 patch files: 320
|
Posted: Wed Oct 09, 2013 1:57 pm Post subject:
Please update your forum password(s) |
|
|
Recently we noticed some activities in the site's log files indicating that account details may have been obtained through a software vulnerability in one of the forum tools.
Although passwords are stored in an encrypted form it is technically possible that they may be misused anyway.
Also it seems highly likely that email addresses and user names have been read from the forum database and from the shop database.
We would recommend that all users update their account password(s) for electro-music.com, and when that same password is used for other sites as well it would be a good idea to change it there as well.
We are very sorry for the inconvenience caused by this.
The particular vulnerability that was discovered has been fixed now. We are monitoring the forum traffic for suspect patterns, and so far have not seen any new alarming traffic. |
|
Back to top
|
|
|
varice
Joined: Dec 29, 2004 Posts: 961 Location: Northeastern shore of Toledo Bend
Audio files: 29
G2 patch files: 54
|
Posted: Wed Oct 09, 2013 4:05 pm Post subject:
|
|
|
Thanks for the warning, Jan.
Regarding account security, it really is a good idea to change passwords occasionally. I haven’t changed mine since I joined. But now I will.
I have noticed that recently I have been getting some phishing and outright fraudulent spam emails to my address on record here, much more now than in the past. But, I have no idea if it is related to this possible breach of the electro-music.com account information. I wonder if other forum members have noticed any recent increase in dangerous spam to their email inbox. If so, that may confirm that member email addresses have been compromised. _________________ varice |
|
Back to top
|
|
|
analog_backlash
Joined: Sep 04, 2012 Posts: 393 Location: Aldershot, UK
Audio files: 21
|
Posted: Wed Oct 09, 2013 4:10 pm Post subject:
|
|
|
Thanks Jan.
I have just changed mine. No strange e-mails at the moment, but I'll let you know if anything dodgy turns up.
Gary |
|
Back to top
|
|
|
blue hell
Site Admin
Joined: Apr 03, 2004 Posts: 24079 Location: The Netherlands, Enschede
Audio files: 278
G2 patch files: 320
|
Posted: Wed Oct 09, 2013 4:33 pm Post subject:
|
|
|
varice wrote: | I have noticed that recently I have been getting some phishing and outright fraudulent spam emails to my address on record here, much more now than in the past. But, I have no idea if it is related to this possible breach of the electro-music.com account information. I wonder if other forum members have noticed any recent increase in dangerous spam to their email inbox. If so, that may confirm that member email addresses have been compromised. |
I had noticed an increase too in the last couple of months, but as i have no special email address for the forum I could not relate it to that. It seems very plausible though ... the exploit had been invented in 2011, the first event I could see was on Sept 11 this year, but that is about where our log history ends.
I think the weak spot was at one place only, and I fixed that - still investigating for other places, and also some general precautions are being worked on. I started monitoring the logs for suspect patterns as well, to be able to act quickly when it happens again at some other place.
The technique used goes by the name of "DOUBLE QUERY INJECTIONS" - when you google that and go to sites maybe make sure you have your defense shields up, one tends to get on vague sites when searching for vulnerability explanations / exploits.
In general, it is based on the error reporting of mySQL, and on bad PHP code that does not properly sanitize web request URLs. The bad sanitizing allows for SQL injection. The SQL presented is designed to generate an SQL error and then the error message then tells more than it should - it's pretty clever actually _________________ Jan
also .. could someone please turn down the thermostat a bit.
|
|
Back to top
|
|
|
varice
Joined: Dec 29, 2004 Posts: 961 Location: Northeastern shore of Toledo Bend
Audio files: 29
G2 patch files: 54
|
Posted: Wed Oct 09, 2013 5:23 pm Post subject:
|
|
|
Blue Hell wrote: | ...the first event I could see was on Sept 11 this year... |
Well, I think that is about the same time that I noticed the increase in malicious spam. _________________ varice |
|
Back to top
|
|
|
|