Lemon Amiga forum hacked!

[solarmon]

Hi,

Sorry if this is the wrong place.

It seems the Lemon Amiga forum have been hacked and compromised.

The admins and moderators might want to be extra vigilant and review the security of this forum too.

[lilalurl]

I lock the thread for the time being, given that I don't have any more details about this.
It might be informative though.

If Predseda (or someone else from Lemon) has any information about that, please PM me and we will see if there is need for the thread to be open to discussion or not. Of course, any assistance needed we will be happy to provide.


Edit: Thread open. I have received details about a sort of spam attack going on on their forums, so I guess some people might want to discuss it. No speculation or other stuff like that please, let's keep the thread as informative as possible. And thanks solarmon for the starting the thread.

[solarmon]

From the Lemon Amiga Facebook page:
-----
Sad news. The Lemon Amiga forum has been hacked. The hacker can assume any login, even hijacking existing and regular users accounts. There isnt much we can do about this, as the hacker knowns how to access our passwords and bypass things such as locked threads and quarantine systems. The site will most likely go down at some point, due to this, so please be aware this could be the end of our beloved site.
Also please do not visit any of the links provided by him, as I would not trust a hack of Doom made by a hacker who thinks its ok to flood forums with 1400 posts a day. If you know of any hackers, please remove their genitals for me, and string them up around their neck.
In the meantime, hacking is not cool or clever, and is pure evil, so please dont do it. btw, Happy Birthday Simon Humphrey. ?
------

[malko]

Do we have to change the lemon user account passwords ? Or is it useless for the moment ?

[DamienD]

Not good news

Who bothers to hack an Amiga website / forum; which are very niche???

LAME!!!

...was this "mcm" a real LemonAmiga user; or an account that was hacked / used to spam the forum?

[-Acid-]

There has been 4 or 5 accounts hacked in the last week that i have seen, the first couple actually made posts that were usually negative towards users who had asked questions but now it is just spam. Most of them are accounts with 1 post that were made over 10 years ago so obviously dormant users that used piss poor passwords being brute forced by the looks of it.

[matburton]

Quote:

Originally Posted by solarmon

From the Lemon Amiga Facebook page:
the hacker knowns how to access our passwords

Owch! Does this mean that the passwords weren't stored as hashes?

Should they be warning people that if they used the same password or similar passwords on other sites they need to change them pronto?

[LongLifeA1200]

Quote:

Originally Posted by DamienD

...was this "mcm" a real LemonAmiga user; or an account that was hacked / used to spam the forum?

That account too was hacked into. Most of the hacked accounts (around 60 of them) are from 2005 and haven't logged on in half a decade or more.

As '-Acid-' pointed out, initially it was just troll bait, some of which I fell for. Later it became about marketing.

Quote:

Originally Posted by matburton

Should they be warning people that if they used the same password or similar passwords on other sites they need to change them pronto?

That has been a discussion on the forum over the past year. As to whether or not members took the advice to have unique passwords is uncertain. Current advice is to have a password you wouldn't find in a dictionary.

The old dormant accounts are unlikely to be updated and are the ones most likely to have a very basic password.

I have attached a list of accounts I know to have been hacked (hacker used them all to up-vote the game 'Doom' to the top spot on the website).

[RichL]

Bastards! Good luck hope you can save the forum.

[chip]

What actually hackers want to demonstrate with these kind of actions ?

[manossg]

What lamers.

[AMike]

Quote:

Originally Posted by LongLifeA1200

I have attached a list of accounts I know to have been hacked (hacker used them all to up-vote the game 'Doom' to the top spot on the website).

Thanks for the info - I know one person on the list - it's a still active user. All to best - hope you can fix the breach.

[SunSpire]

Not sure if related or just pure coincidence, but the libretro / Retroarch servers have also been hacked these days

[gimbal]

Quote:

Originally Posted by chip

What actually hackers want to demonstrate with these kind of actions ?

Nothing, some people just want to watch the world burn.

[chip]

Perhaps you are right gimbal

I strongly believe there's always a motivation behind our actions

But in this case i seriously miss the logic

[modrobert]

Quote:

Powered by phpBB © 2001, 2005 phpBB Group

Perhaps time for a forum upgrade? If customized and not possible to upgrade it needs to be manually patched against SQL injection.

[hexaae]

Quote:

Originally Posted by DamienD

Not good news

Who bothers to hack an Amiga website / forum; which are very niche???

They probably hope to find users with the same pass used on Lemon for his/her Google account and more... even though we know today Google, PayPal, Microsoft, Banking... all have 2 steps verification!

[Jope]

https://www.lemonamiga.com/forum/vie...=155860#155860

The server is not hacked apparently.

[mcgeezer]

When you tun a content management system that is 15 years out of date you’re gonna run into trouble like this. Also, nobody should br able to brute force accounts as they should have something like apache modsecurity in place.

Weak passwords or not, something like recapcha would solve the problem.

Ultimately though the forum needs a controlled restore and upgrade.

[DamienD]

What would you know Graeme; do you work in IT Security or something as a profession?

<joking of course, I know you do>