backtomyroots 432 Posted February 28, 2012 How about now? (TCPhotos is a seperate issue) TC homepage fixed and password changed. Forum password changed. No TC Photos page available . (Any idea when back online ?) Great job fixing things ! Share this post Link to post Share on other sites
wolfdogstinkus 1893 Posted February 28, 2012 I am just glad the site is back! I was lost without this place. So the hackers have my e-mail address? so just watch out for spam e-mails? I use different passwords for every site I use and most are stored in my head so no problems there. Well done for getting the site running again so quickly. Share this post Link to post Share on other sites
netsmithUK 488 Posted February 28, 2012 No TC Photos page available . (Any idea when back online ?) Afraid tcphotos will be another couple of days. Although it wasn't compromised as part of this hack, the potential is there so I need to do everything I've done for TC for TCPhotos too. (I didn't actually think anyone used it any more - although I'm glad some people still find it useful. Cheers Chris Share this post Link to post Share on other sites
Skottoman 306 Posted February 29, 2012 Chris,I found the file you mentioned this evening and, just to clarify to everyone, it contains *every* email address and password of 38000+ registered members, not just the 400 you reference in the original post. A bit of good news I hope - it's clear from the file how the attack was done and it was not particularly sophisticated. SQL injection is script-kiddie stuff and if you've got a site that's been around as long as this one has, with a large number of SQL databases, PHP etc., there is always going to be a weakness. Although the note at the bottom claims it was 'Anonymous', I highly doubt this. I run my own sites as well and I know how difficult it is to make everything 100% secure, although password encryption might have been a good idea! Still, it looks like many members kept the site-generated password and probably stored it in in their browser, rather than using their own, so hopefully a lot of the data is useless. I have, though, got 12 emails today from someone called 'Fun Girl' who would like me to download an attachment because she's desperate to meet me. Decisions, decisions.... I've noticed "Fun girl" spam also, except on a mac, the attachment automatically appears as a girl, posing.... well, yeah... something like that... I may have to adjust my spam filters... NICE TO BE BACK! THANKS CHRIS! Cheers, Skottoman Share this post Link to post Share on other sites
pininfarina 1009 Posted February 29, 2012 What a relief when it came back up!! Just login and found "An error occurred on the server when processing the URL. Please contact the system administrator." did the site just went down again? Share this post Link to post Share on other sites
backtomyroots 432 Posted February 29, 2012 Afraid tcphotos will be another couple of days. Although it wasn't compromised as part of this hack, the potential is there so I need to do everything I've done for TC for TCPhotos too. (I didn't actually think anyone used it any more - although I'm glad some people still find it useful.Cheers Chris TC Photos is a BIG part of my online builds & inventory ! Thanks for the update ! Share this post Link to post Share on other sites
tonysmini 19 Posted February 29, 2012 Should be working - email me the details of what email address you are using. Are you getting the email through? What message do you get on screen?Chris Chris, all sorted now, may have been the fact that I was trying to do it on my Iphone, done it on my laptop and it's worked. Cheers, Tony Share this post Link to post Share on other sites
actualday 7 Posted February 29, 2012 Well done, minimised the damage there... You have a good disaster recovery strategy in place, good to see. Thanks for your Herculean efforts getting the site up and running, and importantly for taking the time to contact TC members. Very much appreciated. Thanks again. Share this post Link to post Share on other sites
netsmithUK 488 Posted February 29, 2012 A few people are getting an error when they hit the home page. I'm pretty sure this is because I changed the way cookies worked after I made the site live again and after some of you had already reset your passwords. I may have fixed this issue now, but if you are still having problems please clear your browser cache for cookies from this site. Cheers Chris Share this post Link to post Share on other sites
Jools 0 Posted February 29, 2012 Just a big thank you netsmith for all the work getting it back together. -Jools Share this post Link to post Share on other sites
matman 1499 Posted February 29, 2012 WooHoo i can live again , TC is back . Amazing the amount of time i'm on here . Gee it was two hard days , getting withdraws LOL . Thank you Chris for your time & effort & of course anyone else that may have help you . Share this post Link to post Share on other sites
Finman 69 Posted February 29, 2012 Hi Managed to update my login/password on the forum, but I am unable to get the password reminder on the mainsite. After I have entered my e-mail address it comes up with Your password has not instantly been sent because: - You have never been a subscriber. It will be sent very shortly though I have been a subscriber since Oct 11 - I am just being impatient? Plus a big THANK-YOU for getting the site back up so quickly. Rich Share this post Link to post Share on other sites
netsmithUK 488 Posted February 29, 2012 HiManaged to update my login/password on the forum, but I am unable to get the password reminder on the mainsite. After I have entered my e-mail address it comes up with Your password has not instantly been sent because: - You have never been a subscriber. It will be sent very shortly though I have been a subscriber since Oct 11 - I am just being impatient? Plus a big THANK-YOU for getting the site back up so quickly. Rich Thats a new message I just put in - it may not be 'wholly' acurate. Please can you send me a PM with the email address you are doing the reminder on. Thanks Chris Share this post Link to post Share on other sites
netsmithUK 488 Posted February 29, 2012 @ Finman - give it another try now. Cheers Chris Share this post Link to post Share on other sites
Finman 69 Posted February 29, 2012 Chris All working now. Thanks again. Rich Share this post Link to post Share on other sites
Wrecked 1 Posted February 29, 2012 I use 2 different email addresses and passwords for tamiyaclub. One for the mainpage, and one for the forum. Which one should I be worried about? Share this post Link to post Share on other sites
netsmithUK 488 Posted February 29, 2012 I use 2 different email addresses and passwords for tamiyaclub. One for the mainpage, and one for the forum.Which one should I be worried about? The one used on the main site. Although its probably not a bad idea to change both. Share this post Link to post Share on other sites
Wrecked 1 Posted February 29, 2012 Bummer. I forgot the password i used for the main site, and changed it. Now I dont know what password is in the hacker file, and dont know if I used it elsewhere. Can someone with access to the file, send me a PM with my password. Email is webmaster (@) p1800 (.) dk Share this post Link to post Share on other sites
matman 1499 Posted February 29, 2012 I would like too see this file as well . Thanks . /\ Please . Share this post Link to post Share on other sites
sgt.barnes 0 Posted February 29, 2012 Just to make you all feel a little better BBC News Police arrest 25 Anonymous Hackers Share this post Link to post Share on other sites
SB_Aust 42 Posted February 29, 2012 Good to see TC back. Anonymous hackers can take a flying leap! Share this post Link to post Share on other sites
netsmithUK 488 Posted February 29, 2012 Please watch the hacker chat guys - I don't want this to be seen in anyway a challenge for them. The web is full of stories of websites where they boasting they had beat the hackers only to be taken offline completely later on. As others have pointed out you can't really completely win against team of people doing their best to break stuff - particularly when you are one man band. As bad as it was, we were fortunate this time in that no 'physical' damage was done and it wasn't an attack on the server itself - such as a denial of service attack where they just try and swamp your server with traffic until it gives up. I'd rather not give them any reason to try and take it to the next level. Cheers Chris Share this post Link to post Share on other sites
netsmithUK 488 Posted February 29, 2012 For people not getting password reminders through, can I ask if you have any server side spam filtering enabled. I've just looked at the server and I'm getting a few of this type of issue -------------------------- Description: Message delivery to the host '[ip address of destination email host]' failed while delivering to the remote domain '[domain name email is on]' for the following reason: The connection was dropped by the remote host. -------------------------- I've had people say after trying the same process several times it can work, which is strange as I can TC system sending out the same thing each time, so why one gets through I dont know. Chris Share this post Link to post Share on other sites
Dazmeister 0 Posted February 29, 2012 Terrible, just cant really understand what the hackers have to gain other than kudos from their peers. It just goes to show how exposed we all are on the net and that we should be more carefull with our own passwords. I use the same password for a few things and had a bit of a blaise attitude but seeing what I could have lost in my Paypal this week has really made me think. And I must thank Andy (Twinset) who went out of his way to help me out this week when it all went pear shaped - I owe you a beer! Big shout out to the old school spring drive massive - it will never be the same like the halcyon days of rave in the 90's! Share this post Link to post Share on other sites
CARRERA 0 Posted February 29, 2012 Hi Chris, I also echo everyones 'Thanks' in sorting out the problem that occurred. These things happen, not a nice experience however, at least we still have a useable site following the problem. Just to add, i have managed to log into the forums however, can't get onto the home page at all? Is there a way around this? Many thanks, Andy Share this post Link to post Share on other sites