Jump to content
netsmithUK

Tamiyaclub.com was hacked in Feb 2012

Recommended Posts

Hello all.

I'll try and keep this brief and to the point.

Over the days of 11th-15th of February Tamiyaclub.com came under attack from hackers. This was not a casual 'experiment' but a sustained sequence of penetration attempts. On the plus side those doing it do not seem to have caused any physical damage to the site or the data but they did manage to harvest the nicknames, email addresses and those passwords that user used on this site. The club does not and never has stored any financial data locally so they have not got any of those sort of details from us. All transactions are processed through and by Paypal and they look after all of your data.

That said if you have used your TC password anywhere else on the web you should go and change your passwords there as soon as possible.

The attack only came to light on Monday when someone came across a file of 400 of our user emails and club passwords posted to the web. As soon as I saw it I took the site down and set about investigating what had happened. As a first step I obviously have reset all club passwords (so you will need to do a password reminder on the main site to get your details again)

The hackers did not gain access to any control panels, ftp settings or any other server settings. There is nothing to say they gained access to the forums either. That said as many users shared passwords between the forum and the main site I have also reset all forum passwords.

I feel embarassed and terrible that has happened and have spent the last two days incorporating every type of security check I could find. For security reasons, I don't want to go into exactly what they are in detail but I've added new checks to every page and completely changed the way passwords and cookies are stored and handled. (The new reminder service is an example of this) Most of the pages already ran checks for this sort of attack but they managed to find one that was sadly lacking. I don't want this to become a 'game' between me and the hackers either - they potentially have much more resource than me and could makes things terrible for us all.

My hope is that it was just a passing attack and that I've made it awkward enough for them just to move on and let us be.

Because of the amount of code I've changed over the past 2 days, despite running through it with a few beta testers there is a chance that some things might not work. If you find anything please let me know

I'll post more later.

Regards and apologies again

Share this post


Link to post
Share on other sites

Mate i wouldnt feel embarassed about it, its not your fault those loosers aint got nothing better to too...glad your back online!

Share this post


Link to post
Share on other sites

was it because of the hack that i found my self logged out a couple of times in the last days ?

Share this post


Link to post
Share on other sites

as said, you've no reason to feel bad or be embarassed about hackers getting into the site. I think it's happened to just about every site/forum i've used over the past seven years. Just one of these things and the people behind it have more time and resources on their computer than they do in they're day to day lives.

The password issue might explain how my e-mail address was hacked on Friday and scam e-mails sent to all my contacts. That seemed to be an easy enough fix though.

well done for getting the site back online so quickly and hopefully that's the end of it.

Share this post


Link to post
Share on other sites

No need to feel embarrassed at all Chris - especially considering you don't get paid to keep TamiyaClub online.

Stuff happens. I think you did us all proud in the way that you handled it.

Share this post


Link to post
Share on other sites

Well handled Chris . Absolutely no need to say sorry . Well done on having the site back up and running .

Share this post


Link to post
Share on other sites

Many thanks for reacting so quickly and the many hours of work that haven doubt gone in in the last 36 hours.

Welcome back everyone !

Share this post


Link to post
Share on other sites

Hi Chris, I agree with everyone else. Nothing to feel embarrassed about and no need to say sorry. You should be proud of the professional way you handled it and especially how quickly you got the code changed and got the site back up and running.

thanks again for keeping the site going it really is very good, and a credit to you

thanks

Paul

Share this post


Link to post
Share on other sites

yea cant be helped one of those things now, I guess they want the info to try and use it to log in other sites and buy stuff?

I use same passwords for forums but not for buyin stuff. So be ok hopefully and I use different user names on forums as well.

Share this post


Link to post
Share on other sites

Don't feel embarrased, these hackers are a lot more experienced in all this than you or anyone else...

Just ask Sony.

Glad TC is back online :(

Share this post


Link to post
Share on other sites

Well done Chris.

A quick question, seems that I have to re-log every time I go back on TC, is there a way to stay logged in ? Like a "remember me" box?

Thanks

Jerome

Share this post


Link to post
Share on other sites
Well done Chris.

A quick question, seems that I have to re-log every time I go back on TC, is there a way to stay logged in ? Like a "remember me" box?

Thanks

Jerome

I've changed the way the site handles cookies and thats stopped this feature from working - it'll be back shortly.

Share this post


Link to post
Share on other sites

Thank you for all your hard work & dedication in getting the site back up & running. :(

Share this post


Link to post
Share on other sites

Chris,

I found the file you mentioned this evening and, just to clarify to everyone, it contains *every* email address and password of 38000+ registered members, not just the 400 you reference in the original post.

A bit of good news I hope - it's clear from the file how the attack was done and it was not particularly sophisticated. SQL injection is script-kiddie stuff and if you've got a site that's been around as long as this one has, with a large number of SQL databases, PHP etc., there is always going to be a weakness. Although the note at the bottom claims it was 'Anonymous', I highly doubt this. I run my own sites as well and I know how difficult it is to make everything 100% secure, although password encryption might have been a good idea! Still, it looks like many members kept the site-generated password and probably stored it in in their browser, rather than using their own, so hopefully a lot of the data is useless.

I have, though, got 12 emails today from someone called 'Fun Girl' who would like me to download an attachment because she's desperate to meet me. Decisions, decisions.... :(

Share this post


Link to post
Share on other sites
Chris,

I found the file you mentioned this evening and, just to clarify to everyone, it contains *every* email address and password of 38000+ registered members, not just the 400 you reference in the original post.

A bit of good news I hope - it's clear from the file how the attack was done and it was not particularly sophisticated. SQL injection is script-kiddie stuff and if you've got a site that's been around as long as this one has, with a large number of SQL databases, PHP etc., there is always going to be a weakness. Although the note at the bottom claims it was 'Anonymous', I highly doubt this. I run my own sites as well and I know how difficult it is to make everything 100% secure, although password encryption might have been a good idea! Still, it looks like many members kept the site-generated password and probably stored it in in their browser, rather than using their own, so hopefully a lot of the data is useless.

I have, though, got 12 emails today from someone called 'Fun Girl' who would like me to download an attachment because she's desperate to meet me. Decisions, decisions.... :(

go for it , seems totally legit ;) and she seems fun :).

seriously , total security take a lot of work and usually is very user un friendly .

Share this post


Link to post
Share on other sites
Chris,

... it contained all 38000+ registered members, not just the 400...

If it does I'm mistaken. I hit the download link and the file I got just had the 400 as far as I could see. I assumed all 38000 we available somewhere, I just couldn't see them or how to get them on that particular site (You don't have to post a link here to prove me wrong or explain how to get the whole file - I'm happy to take your word for it) Either way I've warned everyone to take appropriate measures.

Cheers

Chris

Share this post


Link to post
Share on other sites
The homepage for TC will not come up for me ? Looking forward to changing that password ASAP !

I think I may have broken it while trying to fix the cookie issue. Its still working for me logged in or not, is anyone else still having issues?

Share this post


Link to post
Share on other sites
I think I may have broken it while trying to fix the cookie issue. Its still working for me logged in or not, is anyone else still having issues?

No TC homepage and also no TC Photos page :(

Share this post


Link to post
Share on other sites
No TC homepage and also no TC Photos page :(

How about now? (TCPhotos is a seperate issue)

Share this post


Link to post
Share on other sites

So was this the first of the big things you had planned for TC in 2012? ;) ....about as popular as that Scorcher wind up in 2005 I'd say. :)

Seriously though, well done for reacting quickly & decisively. If anything it made me realise just how lazy I was getting, using the same password too frequently. :(

Share this post


Link to post
Share on other sites

My password reset for the homepage doesn't work, I'll give everything a few days to settle down before I try again.

Share this post


Link to post
Share on other sites
My password reset for the homepage doesn't work, I'll give everything a few days to settle down before I try again.

Should be working - email me the details of what email address you are using. Are you getting the email through? What message do you get on screen?

Chris

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...