Hi everyone,
I wanted to apologise for the awful forum performance over the last few days.
A combination of a Trojan hack on the server and issues with the backup / re-install has meant that the forum was slow, unpredictable and plain frustrating.
I think most of the issues have now been resolved, but do let me know if you notice anything weird still.
In the meantime, I hope we can continue some of the interesting discussions started recently, and add new ones to keep us informed, entertained and a strong community of dancers.
Franck.
Franck.
There's an A.P.P. for that!
I am finding it both slow and predictable to log on and also access unread posts
I was trying to say that it all seems fine to me... but posting this comment has not been trouble-free.
To expand on the previous post - it seems fairly fast most of the time, with occasional serious slow-downs (they could be from my end though)
When posting the last post, however, I clicked on 'Post Quick Reply', and got an unexpected dialog asking me if I wanted to leave the page, warning of unsaved data. I opted to stay put, then tried again with the same result. Opted to leave the page, and it appeared to do the post, but the post came up blank. I had to edit the post to put something into it. About to find out if this one has the same problem.
[EDIT] Yep - very similar problem (it also tried to post the thing twice) - and it's taken it over five minutes to get to the point I can edit the post.
Last edited by straycat; 14th-February-2012 at 05:51 PM.
+1 to what Straycat said
Hold up - trojan? I've had to supply my login details in the past couple of days, so it would be appreciated if you could elaborate on what sort of trojan you've been dealing with?
But you've surely not been using the same password on here as you do anywhere else?
(hint - the answer should be 'no')
Seriously though - I'd be astonished if the forum software didn't implement their password security properly, so you shouldn't have to worry. Although you might want to change that password on any systems that matter.
AS you can see its definately not working for me
I don't believe any password was compromised. The server reported a potential trojan attack, and I dealt with it immediately, asking the server tech people to re-install the server software to be sure security wasn't compromised.
As Straycat pointed out, vbulletin is a very secure piece of software and all passwords are properly encrypted. So even if the server had been maliciously compromised, it would have no effect on your security. If anything, I believe hackers were trying to get control of the server to use it as a spam engine or something similar.
It is also good advice to use different passwords for different websites, especially trivial login details such as discussion fora.
Franck.
There's an A.P.P. for that!
Hmm. By properly encrypted you mean hashed using MD5, twice, after being salted with a three character string. So if someone has acquired the password file, a rainbow table is a viable attack. If they've acquired the config file containing the salt then a rainbow table is a very quick viable attack.
In simple terms, change your password on any sites that have the same username/password combo as this one. As Franck and Straycat have suggested, re-using passwords is inherently insecure.
I would be surprised though if anything were compromised - passwords tend to be leaked to people specifically targeting a site, and I don't think Ceroc's competitors are that desparate
Last edited by cederic; 15th-February-2012 at 12:35 AM.
(this post a victim of ongoing forum issues)
Well, yes, properly encrypted for the security level expected of a dance forum
The server failure was more due to my attempts at protecting the server than from the hack itself. The IP address showed that somewhere in Jordan, someone was fishing for servers to hack, presumably to use for spam or for bragging rights.
In any event the server passwords were immediately changed and the server software was re-installed.
Franck.
There's an A.P.P. for that!
I think I have fixed the posting issue, so let me know if you're still experiencing glitches when replying to threads or browsing the forum...
Franck.
There's an A.P.P. for that!
Trying to post from Forum Runner on my iPad now.
Great way to keep up with the forum if you have an iPhone, iPad, android device, etc.
Franck.
There's an A.P.P. for that!
See what you mean - I've just been doing a bit of searching, and I'm a little surprised that vBulletin doesn't have better password hashing. Although I presume the salt is randomly generated on a per-password basis (am I wrong about this? It would seem pointless to do it any other way)
[EDIT] A little more searching suggests that it uses longer salts, and that they are properly generated (different for each password) although that's likely a config option.[/EDIT]
There are currently 1 users browsing this thread. (0 members and 1 guests)
Bookmarks