Tamiyaclub.com was hacked in Feb 2012

[Magnox 0]

Terrible, just cant really understand what the hackers have to gain other than kudos from their peers. It just goes to show how exposed we all are on the net and that we should be more carefull with our own passwords.

Email lists are worth a bit of money on the Dark Side of the 'Net. There is more to it than just kudos - in some cases it is organised crime at work, but in the 20-odd years I've been online, this is the first time I've had my email address compromised and, boy, someone is going to town on it. I have had to set my email client to just bin anything it thinks is junk and hope that nothing from friends and family gets thrown away as well. It was inevitable, really.

To those who have PM'd or asked for 'The List' - I'm afraid I deleted my copy once I had established I was on it and the drop-box site that was hosting it has removed it, so I can't help directly. Basically, Chris has already covered what you need to do - if in doubt (and you should be!) change every password that, if compromised, could affect you. The main ones would be your Paypal account (their security is hopeless) and your email account(s). Facebook is pretty secure these days, but anything that might let someone know more about you and be able to 'social engineer' their way into your online life. Despite my experience, and running several sites myself, I've been lazy too. A quick Google of my details showed my 'whois' details for all the sites I run on behalf of other people and the usual 'admin/password' would have given people access not just to my data, but to others who count on me.

It was a wake-up call for me, certainly - totally agree with you Daz!

[FLEXUS 3]

I use 2 different email addresses and passwords for tamiyaclub. One for the mainpage, and one for the forum.

Which one should I be worried about?

hi Chris well done for getting the site up and running again.

no need to feel bad about what happened.

is the mainpage/home page for subscribers?

if im only joined to the forum do i need to be worried about my details being hacked?

cheers Karl

[Dazmeister 0]

Email lists are worth a bit of money on the Dark Side of the 'Net. There is more to it than just kudos - in some cases it is organised crime at work, but in the 20-odd years I've been online, this is the first time I've had my email address compromised and, boy, someone is going to town on it. I have had to set my email client to just bin anything it thinks is junk and hope that nothing from friends and family gets thrown away as well. It was inevitable, really.

To those who have PM'd or asked for 'The List' - I'm afraid I deleted my copy once I had established I was on it and the drop-box site that was hosting it has removed it, so I can't help directly. Basically, Chris has already covered what you need to do - if in doubt (and you should be!) change every password that, if compromised, could affect you. The main ones would be your Paypal account (their security is hopeless) and your email account(s). Facebook is pretty secure these days, but anything that might let someone know more about you and be able to 'social engineer' their way into your online life. Despite my experience, and running several sites myself, I've been lazy too. A quick Google of my details showed my 'whois' details for all the sites I run on behalf of other people and the usual 'admin/password' would have given people access not just to my data, but to others who count on me.

It was a wake-up call for me, certainly - totally agree with you Daz!

I use a pretty stupid password thats easy to remember for forums and such but I ended up using that for here and it also ended up being my Paypal one so I was severely compromised until Twinset in shining armour came to the rescue

I have not noticed any extra spam emails - other than the usual ***** REDUCTION ones!

[netsmithUK 525]

There are a couple of issues that a few people are experiencing at the moment.

1. an error on the home page. I'm pretty sure this is a cookie problem, caused by me working on it while people were doing password reminders etc. I'm working on a fix. In the meantime clearing all cookies from this site seems to fix it for most.

2. password reminder arriving but clicking on the link gives and error. In most cases this appears as the email client being used adding something to the link in someway (probably trying to be over helpful) In this instance copying the link from the email and pasting it directly into the browser address bar seems to resolve the issue

3. At the moment the site currently forces you to log in everytime you visit. This is because I now store cookies in a very encrypted way on your machines, so encrypted even my system can't decrypt them at the moment. There is no work around for this at the moment but at least it makes things a bit more secure for you all (even while its not working)

4. finger trouble. I think largely down to the fact lots of people never actually manually logged in before, they have forgotton that old chestnut of the club, which is. For the mainsite you use email and club password and for the forum you use username and forum password. Still got a lot of people that get it wrong.

1,2 & 3 I'm obviously working on a proper solutions.

Its good the list has gone, I asked for it to be removed but never expected it too because of the nature and other content on that site. Maybe they took pity on us when I explained we were just a harmless club and not an FBI front. Don't assume this means its gone though, its still out there somewhere so all the advice of changing your password on other services still stand. TC security was never terrible, I put a lot of time and effort into it and took it very seriously (just ask anyone that asked me to send them their password) but they still found their way in. The security is now even tighter, checking for multitudes of things at lots of levels on every single page. This has me think about security on other sites now much more closely, I can't believe many of them have put in the sort of checks we now have, so I for one am going through all my online accounts and changing every one, even those where I didn't use the same password as TC. You should have a unique one per site, that doesn't follow any sort of pattern with any other site.

Cheers

Chrris

[wolfdogstinkus 2064]

I am glad the site is back and it's working fine for me. I even ventured onto Tamiya america site when tamiyaclub was down, I did see the post on modelsport forums as well while I was desperately looking round for RC forums, sweating, shaking and itching like mad for two days and then I got my fix when the site returned.

I was just looking for the M04L manual on the main site and it's not working?

[TWINSET 1797]

I was just looking for the M04L manual on the main site and it's not working?

If you scroll down to it from this page; http://www.tamiyaclub.com/manuals.asp (58240) it works ok - it's the link from the kit page that doesn't work

[lee1980 71]

on my ipad home page looks fine and, I do not need to log in each time I visit forum, I guess it works different to pc's maybe!

Glad its back online thanks, I dont have any more spam than usual so think ok there!!

[wolfdogstinkus 2064]

If you scroll down to it from this page; http://www.tamiyaclub.com/manuals.asp (58240) it works ok - it's the link from the kit page that doesn't work

Thanks TWINSET, sorry for shouting. I have found my manual now anyway.

[netsmithUK 525]

Hi Guys - sorry I've been out and about most of today so a bit slow to respond. I'll be online later and work through outstanding issues and posts.

I know the logging in each time thing is annoying. It annoys me too so it right up there on the list of things to be fixed. It is however a security issue so I want to be sure its as good as it can be before I release it.

Thanks to all those supporting other users - love it when the community helps each other out

Chris

[JYCM3 241]

Chris, you should consider adding the 'thank you' button/function to the forums.

Anyways thank you for working hard to get everything fixed especially you don't have a team of IT staff to help you.

[CARRERA 0]

Now this may be a dumb question, but how do i reset my password on the main front page?

[Tamiya Era 778]

Hi Guys - sorry I've been out and about most of today so a bit slow to respond. I'll be online later and work through outstanding issues and posts.

I know the logging in each time thing is annoying. It annoys me too so it right up there on the list of things to be fixed. It is however a security issue so I want to be sure its as good as it can be before I release it.

Thanks to all those supporting other users - love it when the community helps each other out

Chris

Thanks to u Chris for such a great effort and assurances...

TC

[TWINSET 1797]

Now this may be a dumb question, but how do i reset my password on the main front page?

Once you're logged in, go here; http://www.tamiyaclub.com/member.asp?id=3371 and click the 'edit your details' link above the pic

If you can't login because of the password change, ask for a reminder, then login and change it

[CARRERA 0]

Once you're logged in, go here; http://www.tamiyaclub.com/member.asp?id=3371 and click the 'edit your details' link above the pic

If you can't login because of the password change, ask for a reminder, then login and change it

Thanks for that.

Think i've done it!

Cheers,

Andy

[netsmithUK 525]

the manual page is now fixed

[matman 1501]

Showroom does not stay in category , Like NIB , New built , Runner . Or is it just me ?.

Thank you & have a great day .

[TWINSET 1797]

Showroom does not stay in category , Like NIB , New built , Runner . Or is it just me ?

I'm guessing that's a cookie issue - if you set a preference on any website, that preference is stored as a cookie - seeing as the TC cookie is flaky at the moment I would assume it's that.

Mine is set to 'category' every time I start TC in a new browser session, regardless of what it was when I closed browser

[matman 1501]

I'm guessing that's a cookie issue - if you set a preference on any website, that preference is stored as a cookie - seeing as the TC cookie is flaky at the moment I would assume it's that.

Mine is set to 'category' every time I start TC in a new browser session, regardless of what it was when I closed browser

That's what i through , It is set to category . But the NIB list don't show up & runner category's . So time will tell .

Chris did say if there is a problem let him know . Dam the cookie jar .

So that is fine & thanks for your time in replying .

[TWINSET 1797]

But the NIB list don't show up & runner category's

Same here, dunno what's causing that though, will have to wait for the boss to swing by and 'splain

Mine's showing my favourites as default, even though it's not the top of the list of 'views' - TC's just weird

Edit; Further thinking - I believe all the options are on the list, NIB/Runner etc are classifications when you enter a new model, not a selectable view

[matman 1501]

Same here, dunno what's causing that though, will have to wait for the boss to swing by and 'splain

Mine's showing my favourites as default, even though it's not the top of the list of 'views' - TC's just weird

Edit; Further thinking - I believe all the options are on the list, NIB/Runner etc are classifications when you enter a new model, not a selectable view

No it's not , But if you click on favorites , It will show favorites & put all your cars in it's category ( As favorites will be 1st )

All of my showroom cars are all the same , NOT in it's category's .

Like ..

NIB list of cars's

favorites list of car's

building list of car's

Runner list of car's

Now this is what i'm on about , as i think i didn't explain it right .

Thanks for your time.

[netsmithUK 525]

I think I've cracked the auto login thing for the main site. It should kick in the next time you login fresh to the site

I'll look at the category thing is a bit.

Getting there, slowly...

Cheers

Chris

[matman 1501]

I think I've cracked the auto login thing for the main site. It should kick in the next time you login fresh to the site

I'll look at the category thing is a bit.

Getting there, slowly...

Cheers

Chris

I have had to clear the cookies , B4 i could get back into TC , So hope you have cracked it .

Thank you SIR , your doing a great job & thanks twinset .

[netsmithUK 525]

I've sorted the 'sort by' option too when browsing showrooms.

[matman 1501]

I've sorted the 'sort by' option too when browsing showrooms.

Well done . That was quick ....

I see you have removed the movies 2012 " Omen "

[Wandy 1617]

I was having no trouble accessing the main site since the reboot but now it's vanished. What's happening?