Delete my account
-
[quote name=“Pryderi” post=“54308” timestamp=“1390485187”]
On some Runeschape-forum. Although Bushstar made the file public already before he offered this ‘‘FTC-database’’ for sale.
[/quote]Wait, run this by me again? I’m not following.
Edit: Well I found it: https://www.bugabuse.net/98-hacking-resources/51140-selling-feathercoin-forum-database-15-6k-members.html
But what’s this your saying about Bushstar making the file public?
-
[quote name=“Kevlar” post=“54328” timestamp=“1390488612”]
[quote author=Pryderi link=topic=7136.msg54308#msg54308 date=1390485187]
On some Runeschape-forum. Although Bushstar made the file public already before he offered this ‘‘FTC-database’’ for sale.
[/quote]Wait, run this by me again? I’m not following.
Edit: Well I found it: https://www.bugabuse.net/98-hacking-resources/51140-selling-feathercoin-forum-database-15-6k-members.html
But what’s this your saying about Bushstar making the file public?
[/quote]I was totally wrong, was talking about the index.tar of the SMF php. Sorry!
-
By all means change your details including password but it seems a little late to have your account deleted as the attackers already have the DB. We are now running vanilla SMF which is as secure as it can get.
Soon after the attack I put out the SMF files which included the attack files as people wanted to analyse the attack. They got some pretty scary tools on the server which really meant that we needed to move server entirely.
Looking forward to a more secure forum Invision comes highly recommended. It seems to be actively developed and has excellent documentation which is a good sign. I’m adding this to ones to consider. I was pondering vBulletin but it has not had the best security track record.
-
[quote name=“FeatherWeightBoxer” post=“54319” timestamp=“1390486206”]
I don’t want to start invoking data protection act on people but you are by not deleting my account breaking the ‘not kept for longer than is necessary’ part of the act.
If one of the admin’s could update the e-mail address and change my username to something else and then lock the account - then I would be happy.
If I can’t get in and my posts have a different username then I will know that it has worked.
[/quote]If you just want it inaccessible:
You can change your email yourself [email protected]. for example [email protected]
You can also open a text editor, bang the keyboard like this wiujdhfe8q74ghlqjuwegflajdfh, paste that as your password, and never save that file.If you want your account deleted:
I’m sure someone can do that for you.
BUT IT WILL NOT SOLVE YOUR PROBLEM.
The info is already out.DELETING YOUR ACCOUNT WILL NOT HELP YOU.
Your best bet is to use a new account.
-
[quote name=“Bushstar” post=“54346” timestamp=“1390491903”]
By all means change your details including password but it seems a little late to have your account deleted as the attackers already have the DB. We are now running vanilla SMF which is as secure as it can get.Soon after the attack I put out the SMF files which included the attack files as people wanted to analyse the attack. They got some pretty scary tools on the server which really meant that we needed to move server entirely.
Looking forward to a more secure forum Invision comes highly recommended. It seems to be actively developed and has excellent documentation which is a good sign. I’m adding this to ones to consider. I was pondering vBulletin but it has not had the best security track record.
[/quote]Vanillaforums looks hot.
-
do they have our emails?
-
yes I guess lots of people have our email addresses and not just from this attack.
But an email address the public part of your email account anyway so who cares who has it.I guess its the password part you should be worried about and my guess / hope is that the DB never really held the password it simply held a hash of the password which can be compared to a hash of what you type into the password box. (I could be wrong but this is standard practice)
-
[quote name=“kris_davison” post=“55658” timestamp=“1390916836”]
yes I guess lots of people have our email addresses and not just from this attack.
But an email address the public part of your email account anyway so who cares who has it.[b]I guess its the password part you should be worried about[/b] and my guess / hope is that the DB never really held the password it simply held a hash of the password which can be compared to a hash of what you type into the password box. (I could be wrong but this is standard practice)
[/quote]well in my case the password was unique to this forum (don’t use it anywhere else).
I don’t like them having my email because it can help identify me, I prefer to remain anonymous, and it’s getting harder all the time. -
[quote name=“mharrison” post=“55676” timestamp=“1390922010”]
The issue with the e-mail addresses are they know that you have an interest in Crypto Currency. They could send you phishing e-mails that you are more likely to fall victim for.
[/quote]All someone needs to do is come to the forum and click on the email button next to your name. There, they now have your [email protected] and the knowledge that your into crypto’s because they found it on a crypto forum…
-
[quote name=“Calem” post=“56180” timestamp=“1391133853”]
[quote author=mharrison link=topic=7136.msg55676#msg55676 date=1390922010]
The issue with the e-mail addresses are they know that you have an interest in Crypto Currency. They could send you phishing e-mails that you are more likely to fall victim for.
[/quote]All someone needs to do is come to the forum and click on the email button next to your name. There, they now have your [email protected] and the knowledge that your into crypto’s because they found it on a crypto forum…
[/quote]I clicked on the email icon by your name and I still don’t know your email address? Am I missing something?
~//~ -
Time for everyone to move to bitmessage ;)
I like the bitmessage.ch Mail Gateway also.