Discussion in 'General Discussion' started by gfunkdave, Jan 15, 2013.
Looks like we're missing every post for the last two weeks or so.
Yes, it was compromised, the host did a restore and got it back up but recent posts and new users were missing as the backup was a few weeks old.
Would anyone affected by this please repost wherever possible, and users who have been kicked off, please register again.
Is there any information about what exactly was compromised? Given that the forum has my Email address and a password, should I now be expecting lots of spam to my Email address, and shouldn't we all change our passwords? :/
I've changed both just in case.
The forums we not compromised. It was the server.
Passwords are md5 hashed, so I don't know them.
Sent from my GT-I9100 using Tapatalk 2
The server being compromised (presumably meaning root access) means any kind of data, including the forum (presumably), could have had its data offloaded somewhere. It doesn't take long to brute force MD5s depending on the length of the password: http://kutioo.blogspot.com/2012/01/breaking-md5-hashs.html
I would suggest an Email or message be sent to all users recommending they change their passwords given the compromise. It's better to be safe than sorry.
And a very good example of why you should never use the same password on multiple sites.
bcrypt is the ideal replacement for md5.
edit: http://hashcat.net/oclhashcat-plus/ scroll down to performance to see figures. MD5 is fast whereas bcrypt is slow.
Due to the security issue on the Server which Linksysinfo resides on, I would like to advise all users that it is in your best interests that you change your password for your user account.