Go Back   Android Forums > Android Forums Community > Site Updates & Announcements

Like Tree101Likes

test: Reply
 
LinkBack Thread Tools
Old July 10th, 2012, 10:11 PM   #51 (permalink)
Senior Member
 
Stinky Stinky's Avatar
 
Join Date: Aug 2010
Location: In a Dumpster! :D
Posts: 3,793
 
Device(s): Huawei Ascend Y300 :D
Carrier: Not Provided

Thanks: 5,112
Thanked 1,406 Times in 1,053 Posts
Default

I know who the culprit is!!!



Gasp!

The "Butler" done it!

Sharondippity likes this.

Advertisements
__________________
Out walking me Roach Coach ek se!

Brb in 1 000 years
Stinky Stinky is offline  
Reply With Quote
sponsored links
Old July 10th, 2012, 10:16 PM   #52 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,185
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 689
Thanked 16,201 Times in 3,126 Posts
phases78@gmail.com
Default

Thanks for the notice change Vic, much better.
__________________
Every forum should have a Phases.
Phases is offline  
Reply With Quote
The Following 5 Users Say Thank You to Phases For This Useful Post:
baldmosher (July 11th, 2012), colchiro (July 11th, 2012), trophynuts (July 11th, 2012), TVictory (July 10th, 2012), Unforgiven (July 10th, 2012)
Old July 10th, 2012, 10:21 PM   #53 (permalink)
Member
 
hvrc's Avatar
 
Join Date: Feb 2012
Location: nor*cal
Gender: Male
Posts: 472
 
Device(s): samsung SPH-L710 lge MS-910 htc PC36100 hauwei M860 hauwei M835
Carrier: Not Provided

Thanks: 390
Thanked 90 Times in 75 Posts
jasongraypowers@gmail.com
Default

thanks guys for the notice, as well as the prompt action to the situation. and just thanks to everyone else to who has made this a very helpful, and informative forum.
__________________
SPH-L710
hvrc is offline  
Reply With Quote
The Following User Says Thank You to hvrc For This Useful Post:
ocnbrze (July 11th, 2012)
Old July 10th, 2012, 10:21 PM   #54 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 24,833
 
Device(s): Moto X Developer Edition, Nexus 7 (2012 & 2013), Note II, S3
Carrier: Not Provided

Thanks: 15,489
Thanked 16,816 Times in 9,245 Posts
Default

Far more obvious, good job Tvic, now get some sleep, you probably haven't had any in the last few days.
__________________

Join the fun and make some friends, register for free here.
If someone helped, hit Thanks, if you see rude or abusive posts, spam, or threads that need staff attention, hit Report.
Site Rules / Android Forums FAQ
*** Do you want to talk guns? ***

Unforgiven is offline  
Reply With Quote
Old July 10th, 2012, 10:22 PM   #55 (permalink)
Senior Member
 
trophynuts's Avatar
 
Join Date: Jul 2010
Location: SouthEastern US
Posts: 5,598
 
Device(s): Iphone 5 Moto G LTE
Carrier: Verizon

Thanks: 1,843
Thanked 1,882 Times in 1,205 Posts
Default

+1 to the updated Banner.
trophynuts is offline  
Reply With Quote
Old July 10th, 2012, 10:30 PM   #56 (permalink)
Member
 
Join Date: Jan 2011
Posts: 247
 
Device(s): LG G2, LG Esteem,Galaxy Indulge sch-r910,LG Optimus M MS690
Carrier: Not Provided

Thanks: 82
Thanked 21 Times in 16 Posts
Default

Quote:
Originally Posted by TVictory View Post
They should be back now, let me know.
They are back.. Thanks
__________________
**************************
This is not my first rodeo. Ha-Ha
**************************
BRIAN5337 is online now  
Reply With Quote
Old July 10th, 2012, 10:37 PM   #57 (permalink)
Member
 
TattooedDroid's Avatar
 
Join Date: Sep 2011
Location: Jacksonville, FL
Posts: 319
 
Device(s): Samsung Galaxy Indulge Basix Rom LG Esteem (current) Rooted, #2, LD Speed!
Carrier: Not Provided

Thanks: 123
Thanked 45 Times in 35 Posts
Default

Well that escalated quickly.. lol
Great job mods and thanks to all that are on the digital frontline for us.
__________________

Colt 45 and 2 Zig-Zags, Baby that's all we need...
TattooedDroid is offline  
Reply With Quote
Old July 10th, 2012, 10:46 PM   #58 (permalink)
Senior Member
 
Join Date: Jul 2010
Posts: 1,568
 
Device(s):
Carrier: Not Provided

Thanks: 261
Thanked 128 Times in 111 Posts
Default

I love it when you talk "technical".
OutofDate1980 is offline  
Reply With Quote
Old July 10th, 2012, 10:52 PM   #59 (permalink)
Senior Member
 
Rarewolf's Avatar
 
Join Date: Jan 2012
Location: CaliFornia, Azusa
Posts: 1,110
 
Device(s): Samsung Galaxy Prevail Sisters Samsung Ultra Samsung Galaxy S Captivate
Carrier: Not Provided

Thanks: 196
Thanked 140 Times in 105 Posts
Send a message via Yahoo to Rarewolf
Default

Its gonna be a long night. XD
I shall change my passwords as soon. As possible. Thank you AF. For letting us know what was going on.

Now, to panic in an ordinarily fashion.
__________________
And Now im Proud Of Cyber Green
themes For CTMod
Rarewolf is offline  
Reply With Quote
Old July 10th, 2012, 11:01 PM   #60 (permalink)
Member
 
Join Date: Dec 2009
Posts: 442
 
Device(s): Galaxy Nexus, Motorola Droid
Carrier: Not Provided

Thanks: 36
Thanked 67 Times in 42 Posts
Default

Guess I should be glad I used a throwaway email when I registered long ago. (well, one I use for signups but don't mind trashing should the need arise, so semi-disposable.)
snapcase is offline  
Reply With Quote
sponsored links
Old July 10th, 2012, 11:43 PM   #61 (permalink)
AF Contributor
 
nfs13epic's Avatar
 
Join Date: Aug 2011
Posts: 253
 
Device(s): Samsung intercept(Dead) Lg Optimus V (Backside Rom) EVO V 4G (S-off, Midnight rom) HTC One (Tmobi
Carrier: Tmobile and Virgin Mobile

Thanks: 0
Thanked 15 Times in 15 Posts
Send a message via Skype™ to nfs13epic
Default

Ehh Now Im going to have to change some of my passwords on a few sites, going to start using random generated passwords (Generated by me ) for every site now.
nfs13epic is offline  
Reply With Quote
Old July 10th, 2012, 11:47 PM   #62 (permalink)
New Member
 
Join Date: Jul 2012
Posts: 4
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you for letting the users know. I would start digging throug the logs. It might take quite some time but would make it worth-while seeing the hackers charged with criminal online activities in the long run! Don't spare your efforts as it could pay off later. Thank you one more time for letting us know and good luck!
Klaipedaville is offline  
Last edited by Klaipedaville; July 10th, 2012 at 11:49 PM.
Reply With Quote
Old July 11th, 2012, 12:04 AM   #63 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: So-Cal
Gender: Male
Posts: 7,208
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,898
Thanked 3,216 Times in 2,122 Posts
Default

Quote:
Originally Posted by EarlyMon View Post
Sometimes that's an error generated by our app trying to log in or other web confusion.

To see if it's that or something worse, please google: my ip

And compare to that found in that sort of email.

To Phases and the Neverstill Team - thanks for being never still on our protection!
Quote:
Originally Posted by Xyro View Post
Further to EM's post, keep in mind that you will have a separate IP when connecting over your mobile data connection, so make sure to check that one too.

So far we have not seen any of the login error emails that cannot be explained by our own devices logging in witht he wrong password. We're more than happy to help people check their IP, however.



Wetbiker, I've edited out that IP from your post. It would appear that you are on a dyanmic IP and the one you posted is from the range of IPs your internet provider usually provides you. So nothing to worry about there.




EDIT: Sorry for the false report fellas. Looks like the it may have came from my phone. Looks like that 9 page report I was writing for school when all this happened must have fried my brain.

Evidently the last email I received after disconnecting Tapatalk was delayed and WAS from the Tapatalk app. Thanks for removing the IP address. I do appreciate it.
__________________
Is there a reason you're not rooted yet??
Do the right thing and hit THANKS!
wetbiker7 is online now  
Last edited by wetbiker7; July 11th, 2012 at 01:31 AM.
Reply With Quote
The Following 2 Users Say Thank You to wetbiker7 For This Useful Post:
EarlyMon (July 11th, 2012), Xyro (July 11th, 2012)
Old July 11th, 2012, 12:23 AM   #64 (permalink)
Member
 
isaemm's Avatar
 
Join Date: Jun 2010
Location: NorCal
Gender: Male
Posts: 329
 
Device(s): EVO 4G, EVO 3D, One S, Samsung Galaxy Tab 2, MTK6585
Carrier: Big Magenta

Thanks: 46
Thanked 41 Times in 37 Posts
Default

Quote:
Originally Posted by wetbiker7 View Post
Sorry it took so long to reply to this post. I checked the IP before I posted it. It wasn't mine, It came from L.A., Ca. . Thanks for the heads up though.

Is your phone from the LA area? I live in a town in northern CA but when I got my phone I lived in another town in northern CA previously. I googled the ip address in the email and it was showing the ip address was from my previous town. But then I realized it was my phone and when I changed my password on the Phandroid app I stopped getting the login failed email.
wetbiker7 likes this.
__________________
Man who go to bed with itchy butt, wake up with smelly finger.
isaemm is offline  
Reply With Quote
The Following User Says Thank You to isaemm For This Useful Post:
wetbiker7 (July 11th, 2012)
Old July 11th, 2012, 12:30 AM   #65 (permalink)
Member
 
91Firebirder's Avatar
 
Join Date: May 2010
Location: Metro Atlanta
Gender: Male
Posts: 198
 
Device(s): HTC Droid Incredible, Samsung Galaxy S3, LG G3
Carrier: Verizon

Thanks: 15
Thanked 30 Times in 11 Posts
Default

Thank you for the heads up. It's not something a website wants to admit but the respect of your users is obvious by telling everyone that to take and wait-and-see approach to hide the embarrassment. (Not that you guys did anything wrong just that fact it happened to you.)
91Firebirder is offline  
Reply With Quote
Old July 11th, 2012, 01:39 AM   #66 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: So-Cal
Gender: Male
Posts: 7,208
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,898
Thanked 3,216 Times in 2,122 Posts
Default

Quote:
Originally Posted by isaemm View Post
Is your phone from the LA area? I live in a town in northern CA but when I got my phone I lived in another town in northern CA previously. I googled the ip address in the email and it was showing the ip address was from my previous town. But then I realized it was my phone and when I changed my password on the Phandroid app I stopped getting the login failed email.

I went ahead and checked again and it seems that the last email I received was because of the Tapatalk app even though I had wiped the data. The email was delayed evidently. Sooooo my dumbass posted a false report. I'm sitting here shaking my head right now because it didn't even cross my mind to check my phones IP address since I had cleared the data from Tapatalk.

Thanks for pointing that out.

I need a break! This school work is frying my brain. lol


SORRY FOR THE FALSE ALARM, PEOPLE.
wetbiker7 is online now  
Reply With Quote
Old July 11th, 2012, 01:44 AM   #67 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 46,334
 
Device(s): M8, LTEvo, 3vo, and Shift - Evo retired
Carrier: Sprint

Thanks: 42,716
Thanked 57,154 Times in 22,965 Posts
Default

No worries wetbiker7, better safe than sorry.

Best luck in school!
wetbiker7 likes this.
__________________
|

Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.

Links: Site Rules / Guidelines -and- Zero Tolerance Policy (All Members Read)


For right-on help, the Thanks button is on the right of the post.
For anything out in left field, the /!\ report button is to the left.

Remember, it's our forums and we're all in this together - so let's keep it cool!

Shoot the breeze at the best new gun forum!
EarlyMon is offline  
Reply With Quote
The Following User Says Thank You to EarlyMon For This Useful Post:
wetbiker7 (July 11th, 2012)
Old July 11th, 2012, 02:17 AM   #68 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: So-Cal
Gender: Male
Posts: 7,208
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,898
Thanked 3,216 Times in 2,122 Posts
Default

Quote:
Originally Posted by EarlyMon View Post
No worries wetbiker7, better safe than sorry.

Best luck in school!
Thanks Early, I appreciate it.
wetbiker7 is online now  
Reply With Quote
Old July 11th, 2012, 02:37 AM   #69 (permalink)
I'm Not Real, Doris!
 
Mexjoker's Avatar
 
Join Date: Aug 2011
Location: Atlanta, Georgia
Gender: Male
Posts: 3,078
 
Device(s): LG Esteem(#2 v2.8.1)
Carrier: MetroPCS

Thanks: 593
Thanked 1,009 Times in 683 Posts
Default

I love this site and how fast it response ^_^
Thanks to all the mods and administors on solving this issue!
Mexjoker is offline  
Reply With Quote
The Following User Says Thank You to Mexjoker For This Useful Post:
ocnbrze (July 11th, 2012)
Old July 11th, 2012, 04:35 AM   #70 (permalink)
Member
 
Join Date: May 2010
Location: Bradford UK
Posts: 347
 
Device(s): LeeDrOiD 3D V5.4[KERNEL] V5.4
Carrier: Not Provided

Thanks: 22
Thanked 16 Times in 15 Posts
Default

hmmm dunno why people are posting thx tbh email account I use here is almost junk free or it was, how the hell did that happen..... and how can you guarantee it won't happen again...?

Int

EDIT: take it our usernames and IP address's and profiles were compromised too?? PM's maybe too ?
Intruder is offline  
Last edited by Intruder; July 11th, 2012 at 04:45 AM. Reason: more info
Reply With Quote
sponsored links
Old July 11th, 2012, 04:52 AM   #71 (permalink)
Member
 
Join Date: May 2010
Location: Bradford UK
Posts: 347
 
Device(s): LeeDrOiD 3D V5.4[KERNEL] V5.4
Carrier: Not Provided

Thanks: 22
Thanked 16 Times in 15 Posts
Default

Seriously considering getting the owner to delete me from the SQL DB as I'm a member of a few forums "a couple I could understand hackers having a pop at" and its the first time this has ever happen to be since the BBS days pre-forums....

Int
Intruder is offline  
Reply With Quote
Old July 11th, 2012, 06:00 AM   #72 (permalink)
Junior Member
 
Join Date: Jun 2010
Posts: 26
 
Device(s):
Carrier: Not Provided

Thanks: 26
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by colchiro View Post
Am I the only one upset at having to (again) change all my forum and email passwords? We hear about hacking attempts all the time. The time to harden the servers was when you heard of other servers being compromised.... waaay before last week.

I'm seriously hoping this was a wake-up call and you'll be more pro-active going forward.

Congrats for keeping the server up and checking for malware, but IMO, there's room for improvement.
Tell that to the FBI, they're currently trying to imprison a British Citizen for the crime of finding out if he could hack into their servers by actually doing it. If they're fallible, then there's no hope for anyone.

Responsibility for security ALWAYS lies with the user AND the provider.

Personally I was forced to set up a more clever password system after my "usual" password got hacked on eBay (no real harm done) and I still used that password for all web forums up until yesterday (since there's little real damage anyone can do by posting as me). Thankfully, I have LastPass, so I have a handy list of which forums I haven't changed the password yet. There's no way I could remember hundreds of passwords,so a system is the only possibility.

In my case I use passW0rd%X where X is the first letter of the site I'm on. It's hardly uncrackable, unlike my Wifi password which is a 52-character string, but it'll stop casual hackers.
baldmosher is offline  
Last edited by baldmosher; July 11th, 2012 at 06:05 AM.
Reply With Quote
The Following User Says Thank You to baldmosher For This Useful Post:
Crashumbc (July 12th, 2012)
Old July 11th, 2012, 06:13 AM   #73 (permalink)
New Member
 
Join Date: Jul 2012
Posts: 5
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Still won't change my password
Commodent is offline  
Reply With Quote
Old July 11th, 2012, 06:41 AM   #74 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,185
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 689
Thanked 16,201 Times in 3,126 Posts
phases78@gmail.com
Default

Quote:
Originally Posted by Intruder View Post
Seriously considering getting the owner to delete me from the SQL DB as I'm a member of a few forums "a couple I could understand hackers having a pop at" and its the first time this has ever happen to be since the BBS days pre-forums....

Int
I assure you this most certainly isn't the first time this has happened since the BBS days, it happens all the time. Most places never tell the users about intrusions.

In fact, I'd bet most mid-moderately successful sites don't even know it happens to them. The hackers/spiders don't leave thank you notes behind (most the time :P). You have to have some pretty keen eyes and/or software to spot the clues sometimes.

Deleting your account won't make any difference at this point. Even so, no one can do anything (at least here) with a regular user account that can't be reversed. However, if you would like your account deleted, let me know.
Crashumbc likes this.
Phases is offline  
Last edited by Phases; July 11th, 2012 at 06:50 AM.
Reply With Quote
The Following User Says Thank You to Phases For This Useful Post:
Crashumbc (July 12th, 2012)
Old July 11th, 2012, 07:14 AM   #75 (permalink)
Senior Member
 
LBPHeretic's Avatar
 
Join Date: May 2010
Location: Wilmington, Delaware
Posts: 2,368
 
Device(s): Sprint HTC Hero (OEM Android 2.1) [Rooted] B&N Nook Color
Carrier: Not Provided

Thanks: 46
Thanked 507 Times in 407 Posts
Default

A very well written and transparent post, Phases. Thanks go out to you and the rest of the team for your diligence on this issue.

The rapid response and quick updates on the status are much appreciated. Thanks again.
__________________
Nokia 638 > Motorola Talkabout > Motorola V60t > Motorola V60i > Motorola V505 > Samsung Epix > HTC Hero & Barnes & Noble Nook Color

Tweet with me about Android on Twitter. (Please follow to see my tweets.)
LBPHeretic is offline  
Reply With Quote
Old July 11th, 2012, 07:26 AM   #76 (permalink)
Senior Member
 
A.Nonymous's Avatar
 
Join Date: Jun 2010
Posts: 7,061
 
Device(s): Motorola Razr M, Galaxy Tab 10.1 I/O edition
Carrier: Not Provided

Thanks: 66
Thanked 971 Times in 704 Posts
Default

Quote:
Originally Posted by isaemm View Post
I have been getting this same message all day since I changed my password and finally realized its my Phandroid that is trying to login with my old password. I updated my password on the app on my phone and it is all fixed now.
Beat me too it. It took me several hours and many, many emails from AF as I tried to figure out who was trying to hack my account from MY IP address.

Just curious. Are the passwords stored just hashed or salted as well?
A.Nonymous is offline  
Reply With Quote
Old July 11th, 2012, 07:37 AM   #77 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,185
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 689
Thanked 16,201 Times in 3,126 Posts
phases78@gmail.com
Default

salted
Unforgiven likes this.
Phases is offline  
Reply With Quote
The Following 4 Users Say Thank You to Phases For This Useful Post:
gorillabait (July 11th, 2012), Kn1nJa (July 12th, 2012), WPWoodJr (July 11th, 2012), Xyro (July 11th, 2012)
Old July 11th, 2012, 07:47 AM   #78 (permalink)
Member
 
Join Date: May 2010
Location: Bradford UK
Posts: 347
 
Device(s): LeeDrOiD 3D V5.4[KERNEL] V5.4
Carrier: Not Provided

Thanks: 22
Thanked 16 Times in 15 Posts
Default

Quote:
Originally Posted by Phases View Post
I assure you this most certainly isn't the first time this has happened since the BBS days, it happens all the time. Most places never tell the users about intrusions.

In fact, I'd bet most mid-moderately successful sites don't even know it happens to them. The hackers/spiders don't leave thank you notes behind (most the time :P). You have to have some pretty keen eyes and/or software to spot the clues sometimes.

Deleting your account won't make any difference at this point. Even so, no one can do anything (at least here) with a regular user account that can't be reversed. However, if you would like your account deleted, let me know.
Why not read what I posted you reply is meaningless I said " It's the FIRST time it's happened to ME since the BBS days!"
I am fully aware this happens on other websites and forums, but none of the forums I use because security is priority number 1 As I see it not poxy banners and crap most of us will block anyway, it's either admin or the hosting company to blame, if it's the later why trust em again??
I mean come on Vbull is as good as it gets......
Also deleting my account via the DB would work if this was to happen again, as when we you leave a forum the account still lays there not deleted from the tables....
Int
Intruder is offline  
Last edited by Intruder; July 11th, 2012 at 08:30 AM.
Reply With Quote
Old July 11th, 2012, 08:05 AM   #79 (permalink)
Member
 
Join Date: Apr 2010
Location: Cibolo, TX
Gender: Male
Posts: 152
 
Device(s): HTC One M8(Waiting for Samsung Galaxy S5 Prime), Samsung Galaxy Note 10.1, Samsung Galaxy Tab 7
Carrier: Verizon

Thanks: 55
Thanked 4 Times in 4 Posts
michael.singleton1
Default

Great work!!!
__________________
-Signature block-
The Absolute is offline  
Reply With Quote
Old July 11th, 2012, 08:15 AM   #80 (permalink)
Senior Member
 
Join Date: Jun 2010
Location: Montreal, QC
Posts: 513
 
Device(s): Google Nexus 4, LG shine plus SOLD: Samsung Galaxy S2 international
Carrier: Not Provided

Thanks: 53
Thanked 60 Times in 49 Posts
Default

Yay... I feel safe now. :|
karendar is offline  
Reply With Quote
sponsored links
Old July 11th, 2012, 08:32 AM   #81 (permalink)
Senior Member
 
A.Nonymous's Avatar
 
Join Date: Jun 2010
Posts: 7,061
 
Device(s): Motorola Razr M, Galaxy Tab 10.1 I/O edition
Carrier: Not Provided

Thanks: 66
Thanked 971 Times in 704 Posts
Default

Quote:
Originally Posted by Phases View Post
salted
Thanks. I feel much better now about not changing my password on every single site.
A.Nonymous is offline  
Reply With Quote
Old July 11th, 2012, 08:36 AM   #82 (permalink)
Member
 
Join Date: May 2010
Location: Bradford UK
Posts: 347
 
Device(s): LeeDrOiD 3D V5.4[KERNEL] V5.4
Carrier: Not Provided

Thanks: 22
Thanked 16 Times in 15 Posts
Default

Quote:
Originally Posted by karendar View Post
Yay... I feel safe now. :|
Glad someone does and what your basing that on god only knows.....


Int
Intruder is offline  
Reply With Quote
Old July 11th, 2012, 08:55 AM   #83 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,185
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 689
Thanked 16,201 Times in 3,126 Posts
phases78@gmail.com
Money

Quote:
Originally Posted by Intruder View Post
Why not read what I posted you reply is meaningless I said " It's the FIRST time it's happened to ME since the BBS days!"
I am fully aware this happens on other websites and forums, but none of the forums I use because security is priority number 1 As I see it not poxy banners and crap most of us will block anyway, it's either admin or the hosting company to blame, if it's the later why trust em again??
I mean come on Vbull is as good as it gets......
Also deleting my account via the DB would work if this was to happen again, as when we you leave a forum the account still lays there not deleted from the tables....
Int
I know what you wrote - I am implying that of all the forums you apparently frequent over all these years, I'm more than willing to bet more than one of them has had a breach whether or not you or they know.

I understand how databases work and when people leave.

I also understand you're upset. Our guys found the holes, and patched them. It wasn't through vBulletin. This was unfortunately, but it happened. I think it's more common than you think. That's not to minimize the situation at all - just being realistic.

We could have done like some and NOT detected it at all, or turned the other cheek and chose not to let anyone know on the chance that nothing will come of it from here. Or waited till trouble arouse and "then" found the evidence.

We've done the best we could. I'm sorry you're unforgiving. I will be happy to remove your account if you wish. But please don't litter the thread with rash or nonconstructive replies, especially to other users who aren't addressing you at all.

Thanks for understanding.
Crashumbc likes this.
Phases is offline  
Reply With Quote
The Following 9 Users Say Thank You to Phases For This Useful Post:
agentc13 (July 11th, 2012), Crashumbc (July 12th, 2012), EarlyMon (July 11th, 2012), Lordvincent 90 (July 11th, 2012), Mexjoker (July 11th, 2012), OfTheDamned (July 11th, 2012), Rxpert83 (July 11th, 2012), xhepera (July 14th, 2012), Xyro (July 11th, 2012)
Old July 11th, 2012, 09:11 AM   #84 (permalink)
Member
 
Join Date: May 2010
Location: Bradford UK
Posts: 347
 
Device(s): LeeDrOiD 3D V5.4[KERNEL] V5.4
Carrier: Not Provided

Thanks: 22
Thanked 16 Times in 15 Posts
Default

Quote:
Originally Posted by Phases View Post
I know what you wrote - I am implying that of all the forums you apparently frequent over all these years, I'm more than willing to bet more than one of them has had a breach whether or not you or they know.

I understand how databases work and when people leave.

I also understand you're upset. Our guys found the holes, and patched them. It wasn't through vBulletin. This was unfortunately, but it happened. I think it's more common than you think. That's not to minimize the situation at all - just being realistic.

We could have done like some and NOT detected it at all, or turned the other cheek and chose not to let anyone know on the chance that nothing will come of it from here. Or waited till trouble arouse and "then" found the evidence.

We've done the best we could. I'm sorry you're unforgiving. I will be happy to remove your account if you wish. But please don't litter the thread with rash or nonconstructive replies, especially to other users who aren't addressing you at all.

Thanks for understanding.
I am not "unforgiving" as you put it, just after a little reassurance that plans are inplace to minimize this happening again...
btw 3 of the said forums I am / was either or a mod or admin so fairly sure I would have known...
Intruder is offline  
Reply With Quote
Old July 11th, 2012, 09:26 AM   #85 (permalink)
New Member
 
Cythes's Avatar
 
Join Date: Jul 2012
Location: Some where in time / space.
Posts: 12
 
Device(s): Qualcomm Snapdragon MDP, Cricket ZTE Score.
Carrier: Not Provided

Thanks: 1
Thanked 0 Times in 0 Posts
Default

I just changed my password on here Nothing in GMAIL yet but I will be changing it on there as well just for safe measure. Thanks for the heads up!
Cythes is offline  
Reply With Quote
Old July 11th, 2012, 10:51 AM   #86 (permalink)
Junior Member
 
Join Date: Aug 2011
Location: is everything!
Posts: 97
 
Device(s): Samsung Galaxy Ring w/Root
Carrier: I'm not a carrier!

Thanks: 36
Thanked 11 Times in 10 Posts
Default

I appreciate the heads up and the honesty from the staff about the breach.

I must ask...

Did the sever/developer team happen to get any information about the hackers, such as their IP address(s)?

Hey, you never know. Maybe they were stupid enough not to spoof their IP and "someone" could give 'em a little payback...
TheRealKTFO is offline  
Reply With Quote
Old July 11th, 2012, 12:25 PM   #87 (permalink)
Junior Member
 
Join Date: Nov 2009
Posts: 50
 
Device(s): Droid X, Bionic, RAZR Maxx
Carrier: Not Provided

Thanks: 7
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by Unforgiven View Post
Generally username aren't but the passwords are. I think (if they were able to grab the DB) they may be able to gain access using the encrypted password to other site where you used the same one. It is very tricky as they would need to know your username as well as well as gain file access to that site. They shouldn't be able to decrypt the password either as that is damn near impossible assuming the site software uses a reasonable encryption methodology and the key isn't ridiculously simple.
With a good password dictionary they should be able to break the password in seconds, like happened on LinkedIn. Any site where you used the same username/password is at risk. I was surprised that this wasn't mentioned in the OP's post. If the password is broken, they would not need "file level access" to access your stuff on another site.
WPWoodJr is offline  
Reply With Quote
Old July 11th, 2012, 12:30 PM   #88 (permalink)
Junior Member
 
Join Date: Nov 2009
Posts: 50
 
Device(s): Droid X, Bionic, RAZR Maxx
Carrier: Not Provided

Thanks: 7
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by TVictory View Post
They are one way hashed. They are not clear text passwords, like the only way i could see what a users password was is if i got there one way hashed password and then tried every combination of characters i could think of run it through the same hasing algorithm and if the two match then i know your password. Its actually quite secure if you can throttle how fast you can try combinations of characters like we do with only allowing 5 attempts and then waiting 15 minutes, but if they have just the hash they can try many combinations very fast with a program. If you password is very random then it probably won't be found.

For instance lets say you had a password of just lower case letters and it was 8 letters long. that would be 23^8 == 78310985281 different possible passwords, that in the hackers "worse case" have to be tried and hashed, not impossible, but not trivial either. If you had upper case letters as well as lower case then 46^8 == 20047612231936 so even harder. This assumes that your password is just random letters, if you have some word or combination of words you can find in the dictionary, or a birthday, or something else common, then they could try these first and make the attack easier.
Do you salt the password to prevent dictionary attacks?
WPWoodJr is offline  
Reply With Quote
Old July 11th, 2012, 12:30 PM   #89 (permalink)
 
Join Date: Feb 2012
Posts: 1,254
 
Device(s): Samsung Admire - Stock++
Carrier: Not Provided

Thanks: 160
Thanked 124 Times in 107 Posts
Default

Yass at the new borders around the notice, otherwise i would'nt of noticed at all.
SamsungAdmire is offline  
Reply With Quote
Old July 11th, 2012, 12:31 PM   #90 (permalink)
Junior Member
 
Join Date: Jun 2010
Location: SoCal
Posts: 51
 
Device(s):
Carrier: Not Provided

Thanks: 3
Thanked 3 Times in 3 Posts
Default

I wanted to say thanks for updating the banner up top. I saw it yesterday, but honestly thought it was some sort of lame ad for me to be a sucker and click on. Today, knowing that it says all those things, made me actually take it seriously and click on it.
kelela92 is offline  
Reply With Quote
sponsored links
Old July 11th, 2012, 12:51 PM   #91 (permalink)
Senior Member
 
LBPHeretic's Avatar
 
Join Date: May 2010
Location: Wilmington, Delaware
Posts: 2,368
 
Device(s): Sprint HTC Hero (OEM Android 2.1) [Rooted] B&N Nook Color
Carrier: Not Provided

Thanks: 46
Thanked 507 Times in 407 Posts
Default

Quote:
Originally Posted by WPWoodJr View Post
Do you salt the password to prevent dictionary attacks?
Phases already mentioned above that they were hashed and salted. That is about the best one can do.

Android Forums has been proactive in warning people and completely transparent about the situation. I get that some people are irked over this, but given the circumstances, things were handled expediently and professionally.
Crashumbc and TVictory like this.
LBPHeretic is offline  
Reply With Quote
The Following 4 Users Say Thank You to LBPHeretic For This Useful Post:
agentc13 (July 11th, 2012), Crashumbc (July 12th, 2012), jmar (July 12th, 2012), TVictory (July 11th, 2012)
Old July 11th, 2012, 01:21 PM   #92 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by kelela92 View Post
I wanted to say thanks for updating the banner up top. I saw it yesterday, but honestly thought it was some sort of lame ad for me to be a sucker and click on. Today, knowing that it says all those things, made me actually take it seriously and click on it.

I think thats one vote (the first vote) for TVictory as lead designer!
TVictory is offline  
Reply With Quote
The Following User Says Thank You to TVictory For This Useful Post:
Xyro (July 11th, 2012)
Old July 11th, 2012, 01:27 PM   #93 (permalink)
Premium Member
 
AMTrombley0924's Avatar
 
Join Date: Jun 2010
Location: California
Posts: 478
 
Device(s): Motorola Droid 4,HTC Droid Incredible 2 (Ret.), Motorola Droid (Ret.)
Carrier: Not Provided

Thanks: 121
Thanked 57 Times in 44 Posts
Default

Just want to make sure that the staff knows that we honestly do appreciate your hard work. I'm sure you can tell by the hundreds of "thank you's" already, but I just wanted to get mine in too.
__________________
AMTrombley0924



If I helped you in any way, don't be afraid to hit "Thanks"
AMTrombley0924 is offline  
Reply With Quote
Old July 11th, 2012, 01:46 PM   #94 (permalink)
Senior Member
 
Join Date: Jun 2010
Location: Montreal, QC
Posts: 513
 
Device(s): Google Nexus 4, LG shine plus SOLD: Samsung Galaxy S2 international
Carrier: Not Provided

Thanks: 53
Thanked 60 Times in 49 Posts
Default

Quote:
Originally Posted by Intruder View Post
Glad someone does and what your basing that on god only knows.....


Int
It was somewhat of a sarcastic response, as I never feel safe when someone has a possibility of compromising my account information. But at least I can feel good about the fact I secure my password where it matters and do not repeat passwords unless I don't care as much about my access. And a forum access isn't something that I really care deeply about.
karendar is offline  
Reply With Quote
Old July 11th, 2012, 02:13 PM   #95 (permalink)
Member
 
silverfang77's Avatar
 
Join Date: Nov 2010
Posts: 119
 
Device(s): Motorola Droid 4, Motorola Droid 2
Carrier: Not Provided

Thanks: 2
Thanked 5 Times in 5 Posts
Default

Thank you for the headsup. Better safe than sorry.
__________________
Galaxy S4 with Jelly Bean 4.2.2
silverfang77 is offline  
Reply With Quote
Old July 11th, 2012, 02:24 PM   #96 (permalink)
Senior Member
 
Stinky Stinky's Avatar
 
Join Date: Aug 2010
Location: In a Dumpster! :D
Posts: 3,793
 
Device(s): Huawei Ascend Y300 :D
Carrier: Not Provided

Thanks: 5,112
Thanked 1,406 Times in 1,053 Posts
Angel

I just wanted to say thanks to Phases and all the gang for being honest about this hey...

I think that is really noble actually you hear me guys!

I am proud of all you losers!

I think you guys are just great and don't stress, I didn't have any important info about me that I will lose sleep over at night.

Except my secret hidden thread of me with Naked sexy female Roaches!

I like a the ladies...






Stinky Stinky is offline  
Reply With Quote
Old July 11th, 2012, 02:25 PM   #97 (permalink)
Senior Member
 
Stinky Stinky's Avatar
 
Join Date: Aug 2010
Location: In a Dumpster! :D
Posts: 3,793
 
Device(s): Huawei Ascend Y300 :D
Carrier: Not Provided

Thanks: 5,112
Thanked 1,406 Times in 1,053 Posts
Angel

Quote:
Originally Posted by TVictory View Post
I think thats one vote (the first vote) for TVictory as lead designer!

NO

Don't vote for this bum!

Vote for me and I will promise free guides on:

"How to Troll Like A Champion!"

And that I swear on my mothers grave!

TVictory likes this.
Stinky Stinky is offline  
Reply With Quote
Old July 11th, 2012, 03:13 PM   #98 (permalink)
!on
Senior Member
 
!on's Avatar
 
Join Date: Aug 2011
Location: UK
Gender: Male
Posts: 820
 
Device(s): moto defy, ipod classic
Carrier: 3

Thanks: 39
Thanked 120 Times in 98 Posts
Default

Quote:
Originally Posted by baldmosher View Post
Tell that to the FBI, they're currently trying to imprison a British Citizen for the crime of finding out if he could hack into their servers by actually doing it. If they're fallible, then there's no hope for anyone.

Responsibility for security ALWAYS lies with the user AND the provider.

Personally I was forced to set up a more clever password system after my "usual" password got hacked on eBay (no real harm done) and I still used that password for all web forums up until yesterday (since there's little real damage anyone can do by posting as me). Thankfully, I have LastPass, so I have a handy list of which forums I haven't changed the password yet. There's no way I could remember hundreds of passwords,so a system is the only possibility.

In my case I use passW0rd%X where X is the first letter of the site I'm on. It's hardly uncrackable, unlike my Wifi password which is a 52-character string, but it'll stop casual hackers.
Thanks to wikileaks fiasco & other things I took my account off paypal. Removed details from amazon & itunes. I think the internet is not such a safe place to keep money! Banking has extra security fields to fill (memorable info). You're right about the users responsibility. It's best not to keep a two grand mountain bike in a garden shed!

Also I check old hotmail accounts' junk mail for suspicious behaviour. Old msn contacts have cropped up (been hacked) trying to sell me stuff. Obviously not them, so when you see something like that it means change your passwords.
!on is offline  
Reply With Quote
Old July 11th, 2012, 04:09 PM   #99 (permalink)
Senior Member
 
Familyguy1's Avatar
 
Join Date: May 2010
Location: Gallatin, TN
Posts: 580
 
Device(s): HTC Droid Eris-rooted with GSB v2.2. || HTC-Thunderbolt-Stock
Carrier: Not Provided

Thanks: 3
Thanked 21 Times in 20 Posts
Default

Quote:
Originally Posted by EarlyMon View Post
Sometimes that's an error generated by our app trying to log in or other web confusion.

To see if it's that or something worse, please google: my ip

And compare to that found in that sort of email.

To Phases and the Neverstill Team - thanks for being never still on our protection!
Thats quite interesting considering about a week ago I contacted you about the same thing...hmm.

Glad it is resolved though, thanks guys!
Familyguy1 is offline  
Reply With Quote
Old July 11th, 2012, 04:46 PM   #100 (permalink)
New Member
 
Join Date: Jul 2012
Posts: 10
 
Device(s):
Carrier: Not Provided

Thanks: 7
Thanked 0 Times in 0 Posts
Default

Just for notifying everyone that there is a potential hazard is a lot to be thankful for, as it is a lot more information than some websites would divulge.
Glas67 is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Forums Community > Site Updates & Announcements
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 12:01 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.