Just got email. Not at computer at moment so would appreciate if someone else could fill in the details here ASAP. Many thanks.
-
-
That's it! I'm pulling out my ethernet cable. See you all at the apocalypse. -
Can we have a subforum about hacking?Comment
-
From the email
Not a member over there so this is one hack I don't have to deal with. Just as well really as two in one week and I'd be having a nervous breakdown.Hi everyone.
It really sucks to be sending this email, but this week the RPS forums were hacked. The hackers found a way into the server on the 14th Jan, and had access for five days. That hole is now closed, and they're gone.
However, it's not entirely clear what they did when they were there. There is no evidence that they managed to get at user details, which are well hidden, but simultaneously there's no absolute evidence that they didn't. So at this point we have to assume the worst.
If they got to those files, they will have got people's emails, usernames, and encrypted passwords. Those passwords were encrypted in such a way that our tech bods believe it will take them at least a month to crack. But it means that we *strongly* recommend that you not only change your password on the RPS forums/commenting registration, but if you use that password elsewhere, make sure you change it there too. In fact, we utterly strongly recommend that you never use the same password in two different places, for this very reason.
We're tremendously sorry. We learned about the attack yesterday afternoon, and the tech people at Positive closed it off immediately, and have been sorting it out since, working out what they could have found. We learned the information reported above half an hour ago, and have told you as quickly as we can.
Please head to
http://www.rockpapershotgun.com/foru...o=editpassword
And to
and select "Lost your password" and follow the instructions to set a new one.
to change your password as soon as possible.
And please accept our emphatic apologies that this has happened. We are doing our best to ensure this doesn't happen again.
RPS HivemindComment
-
Oh FFS.Comment
-
We need a thread Who Hasn't Been Hacked Yet? There comes a point where that list will be the shorter of the twoOriginally posted by toythatkills View Post
Let's hope our little haven here remains safe.....
Comment
-
At least this time I didn't have an account at all. But yeah this is not even funny now.Comment
-
I've got a few server apps in place to prevent direct hacking and the forum software stays pretty up to date with a few tweaks of my own, and I can't see any obvious permisson holes. If any of you (Marty?) know what you are doing, and want to poke around then let me know.Comment
-
Quiet Charles, if any of the script kiddies read that, they'll see it as a challenge!!Originally posted by charlesr View PostComment
-
I've already had a quick poke around and there was nothing blindingly obvious. I've been going through all the sites I use to see if any were as bad, but I'm no expert, it simply didn't take an expert to get in to VG+.Originally posted by charlesr View Post
Keeping up to date with the latest patches should help stave off any known vulns. There are hack kits you can download that will auto test, might be worth trying one of those.Last edited by MartyG; 21-01-2012, 08:30.Comment
-
Yeah it did seem VG+ was no challenge, it was like the door to the same was made out of paper mache.Comment
Comment