Re-important message from ausfish!

[kind_cir]

I clicked on it, and apparently I have won a million dollars. Just had to send through all my details to claim. How lucky is that.

[Stan53]

I just received another message from a spammer. It has a different user name vdwfhkdvv@ausfish.com.au. I have deleted it

[gra]

I've had one, haven't been on this forum for years. Edit, just checked and see the owner's response.

Gra.

[DaveR]

Same email, clearly the database here isn't secure. The fact that they also know the username for each email means this is a serious breach. Next question would be have they breached other details like passwords? If so, you better hope that your ausfish password isn't the same as your email password. Or that you don't use the same email address and password for other sites, like Paypal or Ebay. Get your act together admin.

[DazB]

Same email, clearly the database here isn't secure. The fact that they also know the username for each email means this is a serious breach. Next question would be have they breached other details like passwords? If so, you better hope that your ausfish password isn't the same as your email password. Or that you don't use the same email address and password for other sites, like Paypal or Ebay. Get your act together admin.

Passwords in vbulletin forum software are protected with a salted non reversible hash. It is not possible to decipher them even for the admin.

It is still a serious breach though and i would image the ausfish admins are having some sleepless nights patching servers. The trouble with the internet is for every 10 guys working on security there are another 100 ####ers trying to crack it.

[Lucky_Phill]

Get your act together admin.

This is the first breach of this kind in over 20 years........ I would suggest we have " our act together ".

No online forum is totally secure from very well educated hackers, whose sole purpose is to create fear / play havoc with innocent websites and users.

cheers LP

[Funchy]

Dont know if it's related but I was logged out of the forum (doesn't usually happen). Also my personalised settings were reset. Just thought I'd throw it up Phil in case it helps with working out what is going on.

[JulianDeMarchi]

Steve,

Enable SPF for the domain ausfish.com.au, set your SPF policy to -all and these issues will go away with rouge ausfish.com.au emails.

none (ausfish.com.au: No applicable sender policy available) receiver=geek.id.au; identity=mailfrom; envelope-from="rgnay@ausfish.com.au"; helo=thagoat.com; client-ip=167.114.32.55

If you had SPF enabled, the above message would normally have been dropped.

[InterNut]

Hi all, I can see the owners are probably going to get a hard time over this breach so thought I would throw in my two cents worth. I am an ex web developer and still host a number of websites for old clients and myself. Websites and servers are going to get hacked. I don't think I have had a website that has never been hacked at some point regardless of hosting companies, servers or the latest software and patches in place. The breach may not have originated from the AusFish website, it could have been a badly coded website hosted on the same server that gave them the way in and then access to the database. Unfortunately it is just one of things we must live with.

AusFish have done the right thing as far as I can see with their choice of software as vbulletin is pretty sharp when it comes to security. Not sure who AusFish is hosting with or if they are running their own server but again it really does not matter. I have had a dedicated server with one of the worlds best hosting companies at over US$10,000.00 per year cost and it still got hacked.

SO WHAT CAN WE DO AS END USERS
Do not use the same passwords for sensitive websites. Banking, email, facebook accounts etc should all have a unique password. For websites I class as un-sensitive like AusFish etc I will often use the same password across multiple websites just because it is easier to remember and change when required. Password programs such as KeePass (google it) can make life easier rather than remembering 20 or so different passwords.

[DaveR]

This is the first breach of this kind in over 20 years........ I would suggest we have " our act together ".

No online forum is totally secure from very well educated hackers, whose sole purpose is to create fear / play havoc with innocent websites and users.

cheers LP

I've been using forums since the late 90s and never once had my personal details leaked. So if I'm being honest, I really don't need to be told you have your act together when I'm receiving nonstop spam after having my personal details leaked from a site that I paid a subscription to use. That's just how I feel. I do feel for you also- this is probably a bigger headache for you than it is for me. But a headache nonetheless.

Nevertheless I'm sure you will sort it out and I wish you the best of luck.

[fishtragic]

I wasn't a subscribed Ausfish member until tonight and I got 2 of them the other day. Being new, in good faith I clicked on one of them and it went to some dodgy page that I quickly got out of and no viral after effects yet. What's wrong with these people! (I use the word 'people' loosely in this instance)

[fishtragic]

My internet security software deleted two viruses and an unauthorised change to my system yesterday. I'm assuming it was related to those dodgy emails.

[Ausfish]

My internet security software deleted two viruses and an unauthorised change to my system yesterday. I'm assuming it was related to those dodgy emails.

Not possible
They were just text emails, no files or virus attached

Can you post the full details of the messages/info from you virus software