[Theory] How the site was "hacked" and what you can do to stay safe

Discussion in 'Site Discussions & Suggestions' started by Sasori, Jan 12, 2017.

Thread Status:
Not open for further replies.
  1. Sasori
    OP

    Sasori GBAtemp Maniac

    Member
    1,339
    770
    Jan 28, 2015
    United States
    I can almost guarantee that this was just a simple bruteforce to get passwords using a program called SentryMBA, and not an exploit. Similar. This is a similar method that people use to get access to netflix, hulu, and minecraft accounts. The same thing happened to Se7enSins a few months ago. So this is all coming from experience and what us and our staff team did to prevent as much damage as possible. While this method of attack is of course a theory. I do recommend that you do not take this suggestion lightly.

    1. Change your password to something new. I recommend using this site to generate a secure password
    2.
    It was brought to my attention that the admin team disabled this feature of xenforo

    If you do one or both of these you will be perfectly fine. Although I doubt most of us will have any issues anyway since the script kiddies are only interested in popular/powerful accounts.

    i.e Hundshammer, auroram and staff members
     
    Last edited by Sasori, Jan 12, 2017
    hobbledehoy899 likes this.
  2. N64

    N64 GBAtemp Fan

    Member
    425
    143
    Apr 16, 2014
    United States
    theres no 2FA on this site.
     
  3. VinLark

    VinLark This machine kills bourgeois sentimentality.

    Member
    4,058
    4,650
    Jun 11, 2016
    Trinidad and Tobago
    4chan and other wonders of the internet
    Never seen F2A on this site

    Have you been hacked?
     
  4. Sasori
    OP

    Sasori GBAtemp Maniac

    Member
    1,339
    770
    Jan 28, 2015
    United States
    Its built into Xenforo. So an admin must of went out of their way in the ACP(admin control panel) and disabled it...ugh. Ill make a note thank you. I wasn't aware that they disabled it since that doesn't make much sense security wise.

    No sir. Always have those unique passwords ;)
     
  5. VinLark

    VinLark This machine kills bourgeois sentimentality.

    Member
    4,058
    4,650
    Jun 11, 2016
    Trinidad and Tobago
    4chan and other wonders of the internet
    Wow it got disabled

    Let's just throw this site out next, shall we? I can't believe the admins would do that fuck.
     
  6. Ronhero

    Ronhero Too Weird to Live, Too Rare to Die

    Member
    3,000
    1,053
    Jun 28, 2014
    United States
    Arizona Bay
    GBAtemp is powered by XenForo which uses a strongly "salted" encryption for passwords
     
  7. Sasori
    OP

    Sasori GBAtemp Maniac

    Member
    1,339
    770
    Jan 28, 2015
    United States
    That doesn't mean tools like SentryMBA still can't be used.
     
    VinLark likes this.
  8. Ronhero

    Ronhero Too Weird to Live, Too Rare to Die

    Member
    3,000
    1,053
    Jun 28, 2014
    United States
    Arizona Bay
    I was hacked too remember. I am the one who first notified admins.... got called a troll and had my post moved to EOF
     
  9. zoogie

    zoogie simple pimp tool

    Member
    6,146
    7,721
    Nov 30, 2014
    United States
  10. Ronhero

    Ronhero Too Weird to Live, Too Rare to Die

    Member
    3,000
    1,053
    Jun 28, 2014
    United States
    Arizona Bay
  11. Sasori
    OP

    Sasori GBAtemp Maniac

    Member
    1,339
    770
    Jan 28, 2015
    United States
    That doesn't mean that users don't share usernames and passwords


    That still doesn't debunk a program like SentryMBA potentially being apart of this...I recommend reading up on that program and how it works before replying again. Not trying to cause an argument but you honestly seem like you don't quite understand the terminology of whats going on here. Your last reply to Zoogie gives some strength to that statement as well.

    I apologize for saying that, especially since this is a theory. But you are trying to refute theories with statements that make no sense. :(
     
  12. Ronhero

    Ronhero Too Weird to Live, Too Rare to Die

    Member
    3,000
    1,053
    Jun 28, 2014
    United States
    Arizona Bay
    Mkay I'll just leave
     
  13. pwsincd

    pwsincd Garage Flower

    Member
    3,302
    1,699
    Dec 4, 2011
    Manchester UK
    Which site was hacked... ?
     
  14. Sasori
    OP

    Sasori GBAtemp Maniac

    Member
    1,339
    770
    Jan 28, 2015
    United States
    A few users had their accounts compromised on this site.
     
  15. pwsincd

    pwsincd Garage Flower

    Member
    3,302
    1,699
    Dec 4, 2011
    Manchester UK
    ok cause our IRC channel and specifically my login was compromised and it carried the same password as here.. so it seems peoople are using the info gained.
     
  16. TotalInsanity4

    TotalInsanity4 GBAtemp Supreme Overlord

    Member
    6,908
    6,879
    Dec 1, 2014
    United States
    Under a rock
    Basically there's a hacker on the site that seems to have some sort of vendetta against Luma3DS
     
  17. p1ngpong

    p1ngpong Irish ex captain

    Former Staff
    6,432
    10,284
    Apr 18, 2008
    Croatia
    DS Scene
    Speculation threads with no proof arent helping anyone, but so far I see no evidence that this is a mass hack over something like bruteforcing like the OP says. Just change your passwords to something complex to secure your accounts.
     
    Chary, T-hug, VinsCool and 3 others like this.
Thread Status:
Not open for further replies.