Page 1 of 1

Attention: Change your forum passwords now

Posted: Fri Jan 28, 2011 6:47 pm
by Red Squirrel
Another website on this server has been compromised and it is a good possibility that this forum's database has been accessed and recorded.

Passwords are stored in a irreversible hash so they are not in clear text, however a reverse attack to try every possible hash combination until it matches, is a possible way to reverse the hash. This can take long, but it is important that passwords be changed before they are reversed from the stored hashes from the possibly compromised database. It is also advised that if you use this password anywhere else, that you change it there too.

Sorry for any inconvenience this may cause. A full security audit will be conducted and the hacked site has been disabled until a solution is found to stop the attacks.

Archived topic from AOV, old topic ID:5514, old post ID:34505

Attention: Change your forum passwords now

Posted: Fri Jan 28, 2011 8:37 pm
by Anonymous
Damn. :cry:

Archived topic from AOV, old topic ID:5514, old post ID:34506

Attention: Change your forum passwords now

Posted: Fri Jan 28, 2011 10:36 pm
by Nexus Graveheart
Wouldn't a brute force attack at passwords take a vastly powerful computer a long time to decode? (Unless you have been hacked by the NSA)

Of course, I may be behind on the times....

Archived topic from AOV, old topic ID:5514, old post ID:34507

Attention: Change your forum passwords now

Posted: Fri Jan 28, 2011 10:54 pm
by Red Squirrel
Not in this case, because MD5 is a standard so anyone can just write a script to do something like

Write(md5("a"));
Write(md5("b"));
Write(md5("c"));
Write(md5("d"));
Write(md5("c"));

etc... and create a dictionary of all possible MD5 values for alpha numeric words up to say, 10 chars.

Then all the attacker needs to do with gathered hashes is to compare it against the (already existing) dictionary. This would be done on a local machine, so you are not limited by internet connection, anti brute force measures, etc.


I found how the attacker got in though. There is a SQL injection exploit in the calendar of that site's forum. Most likely others exist too.

Archived topic from AOV, old topic ID:5514, old post ID:34508