Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WebHostingTalk.com - Compromised
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WebHostingTalk.com - Compromised

Have not see this posted yet but I know there are probably many people here who have accounts at WHT. The accounts have been compromised and are up for sale. Note that there are also a few other forums listed as also compromised.

Thanked by 1Microlinux
«134

Comments

  • ehabehab Member

    ohh dear, can this happen here? time to clean up inbox :) maybe all should do the same and if can admin's tell us are our accounts safe?

  • GCatGCat Member

    I can't believe they're selling those databases, my friend over at a sec company (won't drop their name here) has access to one private community which the database is listed for free for anyone to download

  • I just logged into WHT with one of my burner accounts. No prompt to reset my password nor any posts that I could see that mention the compromise. Wonder if the forum owners and MODS even know yet?

  • PandyPandy Member

    @ehab said:
    ohh dear, can this happen here? time to clean up inbox :) maybe all should do the same and if can admin's tell us are our accounts safe?

    looks like both wht and mac-forums use the same software on forums, so i would guess either exploit there, or compromised admin account. (altho i dont know shit)

    i doubt LET has been compromised, But honestly, its (this year), pretty much anything can get hacked.

    Just look at how alot of famous internet ppl are getting hacked. 2FA isnt that good when there still is a weak link between.

    @GCat said:
    I can't believe they're selling those databases, my friend over at a sec company (won't drop their name here) has access to one private community which the database is listed for free for anyone to download

    gotta get that money

  • AmitzAmitz Member
    edited July 2016

    Cool. I just changed my password here to the one that I had on WHT. That will be fun...

  • NeoonNeoon Community Contributor, Veteran
  • LeeLee Veteran

    @ehab said:
    ohh dear, can this happen here?

    Already happened here, the LET database is the most abused of all.

  • GulfGulf Member

    Does their forum script support salted passwords, any information?

  • ehabehab Member
    edited July 2016

    @Gulf said:
    Does their forum script support salted passwords, any information?

    only stupid password get salted :D

  • kaflokaflo Member

    why isn't there a thread on WHT about this? or is there?

  • LicensecartLicensecart Member
    edited July 2016

    As far as I know WHT uses MD5 and a salt which I believe can be decrypted if they have both which are stored in the database. Doesn't surprise me since they use VB4 the worst forum software after VB5.

  • sinsin Member

    First thing the hackers did was ask "What's your budget?"

  • jarjar Patron Provider, Top Host, Veteran

    oh no, someone can run sql queries to circumvent the forum search now.

    That's literally all that comes to mind when I think of someone having the WHT database. Anyone who reused passwords from there on anything important has probably already had their email accounts hacked from other database leaks anyway.

  • GulfGulf Member

    @Licensecart said:
    As far as I know WHT uses MD5 and a salt which I believe can be decrypted if they have both which are stored in the database. Doesn't surprise me since they use VB4 the worst forum software after VB5.

    Ok. Then they use a double md5 hash with a salt like that md5(md5(password)salt). I think it is hard to decrypt such passwords.

  • RalliasRallias Member
    edited July 2016

    Licensecart said: As far as I know WHT uses MD5 and a salt which I believe can be decrypted if they have both which are stored in the database. Doesn't surprise me since they use VB4 the worst forum software after VB5.

    MD5 is not that fast to crack. The best known attack is 2^123.4 difficulty, so the only way you're going to crack it is with existing password lists. You don't even get the benefit of same password same hash.

  • GCatGCat Member

    @Amitz said:
    Cool. I just changed my password here to the one that I had on WHT. That will be fun...

    Lovely to know you like to reuse passwords. I'll start cracking now

  • @ehab said:

    @Gulf said:
    Does their forum script support salted passwords, any information?

    only stupid password get salted :D

    >

    Plaintext <3

  • @Licensecart said:
    As far as I know WHT uses MD5 and a salt which I believe can be decrypted if they have both which are stored in the database. Doesn't surprise me since they use VB4 the worst forum software after VB5.

    The point of hashing is that you can't decrypt it... It's like you trying to guess what a tree looked like from the wood in the pencil you have in front of you.

    Sure you can rainbow table md5, but its not going to be any good when they're all salted with a unique salt. Generating rainbow tables per salt is possible, but really pointless unless you really want a specific users password.

    Thanked by 1Licensecart
  • DamianDamian Member

    Oh good, I sense this about to degenerate into people slapping each other around with their encryption dicks.

    Thanked by 2zafouhar seriesn
  • MaouniqueMaounique Host Rep, Veteran

    Damian said: Oh good, I sense this about to degenerate into people slapping each other around with their encryption dicks.

    Lasciate ogni speranza, you will be hacked.
    What is online is not secure, period. This debate about encryption and stuff will never circumvent 0day exploits, bugs, social engineering, human error or lack of expert skills, not to mention deliberate backdooring and watering down of encryption standards by 3 letters "agencies".
    It will happen, we just need plans for coping with the fallout, backups in the first line, encryption of all data which will be leaked, changing keys and inhouse generated certificates, let's encrypt and similar schemes, updates, etc.

    Let me repeat this, nothing online is secure, soon even your house will be hackable if not already.

    Thanked by 1netomx
  • rokokrokok Member

    When money involves dont expect fast statements

  • dailydaily Member
    edited July 2016

    @rokok said:
    When money involves dont expect fast statements

    There is no money involved.. What are they going to do, buy their own hacked DB off of people when it is already distributed?

    GCat said: I can't believe they're selling those databases, my friend over at a sec company (won't drop their name here) has access to one private community which the database is listed for free for anyone to download

    If by money you mean those who pay for special privileges on WHT, then that is all the more reason to get an official statement out as soon as possible.

    Thanked by 1zafouhar
  • rokokrokok Member

    im talking about their subscription such premium wow coorporate memberships, they need to make minimum impact heh :/

    Thanked by 1shovenose
  • http://www.webhostingtalk.com/showthread.php?t=1584028&p=9726227#post9726227

    They are using Version 4.3.1 of Wordpress the latest is 4.5.x

    vBulletin: http://www.webhostingtalk.com/clientscript/vbulletin-core.js?v=422

    They are using version: vBulletin 4.2.2 Patch Level 4 which is outdated: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4345175-security-update-for-vbulletin-4

    Useless fucking board I feel sorry for their corporate members. But I can't log into my account with my known passwords so I'm a bit happy about that after I raged at Bear and refused to login to their rubbish.

    Thanked by 1hostdare
  • hostdarehostdare Member, Patron Provider

    That forum needs to die gracefully

    Thanked by 1Licensecart
  • WHTWHT Member

    Its dead since 2-3 years. Full of robots commentig check the offers section.

  • RapidDediRapidDedi Member, Patron Provider

    @hostdare said:
    That forum needs to die gracefully



    More like burned to the ground lol

    Thanked by 1Licensecart
  • edited July 2016

    I wonder when will be the official statements.

    Thanked by 1HammadKhan
  • leonaleona Member

    Wow, LET must be in hack me lock down. Took many seconds to login to post this.

    I wonder If my password takeme has been compromised at WHT now.

    This is scary knowing sinister forces are at work on stealing stuff from servers

Sign In or Register to comment.