Results 1 to 8 of 8

Thread: FAO ALL MEMBERS: accounts safety issue reminder

  1. #1
    BanHammer™⚒️ Manu's Avatar
    Join Date
    Feb 2012
    Location
    Behind you
    Posts
    9,519

    FAO ALL MEMBERS: accounts safety issue reminder



    Hi all.

    Today it has been brought to my attention that a few members in here have had their email addresses harvested and their Soundcloud accounts were breached. I can confirm DjForums was not breached in any way, shape or form to acquire those mail addresses, but some guy clearly went fishing by simply surfing online.

    Here goes the daft reminder, but some people in here really need a heads up regarding internet basic safety.

    When you put your email address online somewhere for any reason, you've taken a risk (exposition to spam or phishing etc). This risk is multiplied by how weak is your password. Sounds stupid enough, but here goes. Some of them have been hacked, and the reason why they have been hacked, is because they used extremely stupid passwords.

    I am not going to name any names or put up the (as far as I know, another 419 Nigerian) hacker list I found, but this matter has been looked at and kept behind the scenes for privacy reasons, and not exposing the concerned parties details through that hacker list.

    So no names, but someone in here was supremely stupid. His soundcloud account was linked to his main email account, and the password used was:

    pa55w0rd


    Another one had his girlfriend's name as the password.

    Another one had his DjForums user name set as password.

    So please people, now that you have read this, and you have a stupid password linked to your Soundcloud, Mixcloud, Youtube or whatever else, change it immediately. Use a combination of letters, numbers, capitals and symbols that CANNOT be traced to anything else, IE your girlfriend/dog/cat/goldfish's name can be found on your facebook, or other social media.

    As a bonus story, I have been once shown how to get into the British Airways website backdoor, the admin password was "admin"

    Cheerio


    Last edited by Manu; 02-19-2024 at 08:32 AM.

  2. #2
    Quote Originally Posted by Manu View Post
    3 hours to crack "picture1".

    So I can see where human guessing could be faster in some cases than a program. Which is what we usually see in movies and TV shows.

    One example would be "P@$$w0rd".
    But the number of US Supreme Court judges was always 6.
    Then it was 5, then 6, then 7, then 9, then 10, then 7, and then 9.

  3. #3
    BanHammer™⚒️ Manu's Avatar
    Join Date
    Feb 2012
    Location
    Behind you
    Posts
    9,519
    That's just a picture, not a reference per sé


  4. #4
    I saw a good one recently but I forget what show it was.
    They blew baby powder on a number code lock like on an apartment door or a portable safe. It revealed 3 numbers and somehow they knew they only had 4 chances to get it right.
    First, they tried his birthday.
    Then his wedding anniversary.
    Then his child's birthday.

    And they finally unlocked it with the date he graduated college.

    Had he picked the last 4 of his Social Security number they would have been screwed since that is harder to find.
    Also if he used a different order from month/day/year.
    Since I was in the military I'm in the habit of going day/month/year. (4 May 2021)

    If I had to go with four numbers to remember I'd probably pick a famous year from history.
    1590: The first-year turtle ships were built.
    2560 (BCE): The Great Pyramid of Giza was built.
    1783: The Treaty of Paris officially ends the war between the United States of America and Great Britain.
    1350: The Renaissance begins in Florence Italy.
    But the number of US Supreme Court judges was always 6.
    Then it was 5, then 6, then 7, then 9, then 10, then 7, and then 9.

  5. #5
    BanHammer™⚒️ Manu's Avatar
    Join Date
    Feb 2012
    Location
    Behind you
    Posts
    9,519
    You're clearly trying to take me back to history heheh . At the end of the day, going full random for your passwords is what is best indeed. That said, watch the dinosaurs of coding

    Nothing new, is it.



  6. #6
    BanHammer™⚒️ Manu's Avatar
    Join Date
    Feb 2012
    Location
    Behind you
    Posts
    9,519
    BUMP


    Some older DjForums accounts are now being hacked into. It is obvious the flaw is the password used by the account holder. The account gets hijacked then gets involved to spam scam ****** websites. Those scammers are dumb enough to think that moderators may not notice a ****** website link on a forum that caters for DJs. This is clearly not the case, as DjForums as been kept 100% cleared of spam for years. It appears those spammers are using a semi-sophisticated method to spot flawed accounts.

    If your account gets hacked into, it will get banned, and all posts linked to that account will get deleted no ifs no buts. The IP address related to the account will also get blacklisted.

    So if you read this, and your password is ''123456'' or ''password'', change it for something more secure.

  7. #7
    Junior Member Rhino's Avatar
    Join Date
    Feb 2012
    Location
    Austin, TX
    Posts
    92
    It’s been a long time since I’ve been on here but I am curious since we’re on this topic, why not have an https version of the site? Encrypted sites are pretty standard now and that’s just another layer in the defense to stop attackers.

  8. #8
    BanHammer™⚒️ Manu's Avatar
    Join Date
    Feb 2012
    Location
    Behind you
    Posts
    9,519
    Weak passwords are usually the root cause of accounts being easily accessed, while VBulletin forums do not feature 2 step verification. HTTPS has been mentioned in here: http://www.djforums.com/forums/showt...Going-to-HTTPS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
a