The Steve Hoffman forum looks to have been hacked

[Tony L]

Currently offline and I received an email notification earlier, allegedly from Steve via the forum mail system:

“This website has been hacked, make sure to get better passwords, maybe some 2fa”

As such if you are a member there using a password you use for anything else important I’d suggest changing it right now!

Always scary when this sort of thing happens, I feel sorry for whoever is the forum admin who has to put it right, but hopefully they can get up and running again soon.

 

[I.D.C.]

I go on my teams forum everything on it was changed to chinese writing its happened twice now.

 

[chartz]

Damn. I can’t even remember whether I have an account there...

 

[Stuart Frazer]

Yes, I got the same email. The Steve Hoffman forums sites are still down.

Hopefully, there is not too much damage done and it can be repaired and be back up and running soon. Are the hackers hoping to get a ransom or such? Steve Hoffman Forums are hardly the Bank of England, Wall Street or the FTSE etc.

 

[mikemusic]

Thanks Tony
That is a *lot* of work to put right

 

[Amber Audio]

Are the hackers hoping to get a ransom or such? Steve Hoffman Forums are hardly the Bank of England, Wall Street or the FTSE etc.

Sometimes the hack is just to show off that you can...Or to point out a vulnerability, a proper white hat would notify the Admin privately and not show off.

Although these days hacks are usually financially motivated, ‘tis the way of things now

 

[SteveS1]

If you haven't used a password that you have for anything important I wouldn't worry. Not really sure why someone would target that other than to prove they can.

 

[Barrymagrec]

I go on my teams forum everything on it was changed to chinese writing its happened twice now.

Could be the way forward for when cable threads go off the rails.

 

[Stunsworth]

The forum was up for a while this morning. I tried changing my password but got a server error message.

 

[Tony L]

That is a *lot* of work to put right

It depends entirely on what happened, e.g. was it a breach of Xenforo or the (I assume Linux) server? Hopefully it is as simple as applying a server patch, changing some passwords and restoring the whole thing from a backup. As I understand it user Xenforo passwords are encrypted in the MySQL database, I certainly know I can’t access them as site admin. Also bare in mind Steve isn’t an IT guy so he may well be playing it safe with the email announcement whist other try and figure out what exactly has happened (which is actually the hard part). I wish them luck whatever it is. I have to admit this sort of thing is way over my current expertise level, if this site got the same I’d just pay someone to sort it out as I’d not be confident in my own ability to make things fully secure. It is a key reason I pay for a managed server. All I do is the XenForo side, the rest I just buy as a service.

 

[Paraheadache]

There's what appears to be a tweet from Steve which came up on Google saying the forum hasn't been hacked but a moderators account was and he did not send an email.

 

[Stunsworth]

There's what appears to be a tweet from Steve which came up on Google saying the forum hasn't been hacked but a moderators account was and he did not send an email.

The email was a result of a personal message on the forum from Steve. A PM automatically triggers an email. Fingers crossed he gets things sorted out.

 

[Tony L]

There's what appears to be a tweet from Steve which came up on Google saying the forum hasn't been hacked but a moderators account was and he did not send an email.

...

The email was a result of a personal message on the forum from Steve. A PM automatically triggers an email. Fingers crossed he gets things sorted out.

I’m pretty sure you need full XenForo admin control panel access to send a bulk email to the whole userbase, i.e. you can’t do it from a moderator account (at least I don’t think you can!).

 

[hifinutt]

very sad , we lost the cyrusunofficial forum to hackers , totally shut down now with loss of much valuable info

 

[Jonathan]

why would users need to change their passwords if an admin level hack? most likely an SQL level hack so they might not even have access to user passwords. im not sure i might care even IF someone had my password for that forum ... whats the worst that could happen? assuming its a pw unique to that forum, say?

 

[Amber Audio]

whats the worst that could happen? assuming its a pw unique to that forum, say?

That’s the issue - many folk use stupid simple passwords and the same one or two everywhere...Bit of social engineering and some clever phone calls/emails and you’re onto ID theft.

 

[Stunsworth]

It’s back now.

 

[RickyC6]

I’m banned from it so...

 

[Marchbanks]

I’m banned from it so...

Did you fail the 1,000 everyday matrix numbers memory test?

 

[Mike Reed]

I go on my team's forum; everything on it was changed to Chinese writing; it's happened twice now.

That's the trouble with Chinese. Finish one and you immediately feel like another.