Site hacked?

[doubledeej]

I think the RadioReference site has been hacked.

I just received a spam/trojan email message sent to the email address I use uniquely for this site. Nobody other than RadioReference would have that email address.

The message claimed to be from FedEx, and it included an attachment containing the Trojan:Script/Conteban.A!ml trojan.

 

[mciupa]

This board would go crazy if the whole site was hacked. It appears everything is fine.

Have you downloaded any new software lately? Could be that a worm was in that program.

 

[doubledeej]

No. My machine is clean. I also don't store my login information in my browsers -- I use a high-security password manager, so even if my machine was infected there's no way to get my information.

There's essentially no way whoever sent me the email got this email address from me. It isn't stored on my computer anywhere.

Most people getting email wouldn't know where their information came from. But since I use a unique email address on single every website I log on to, I can always tell where someone got the information.

Does RadioReference make its user database available to anyone else who might have leaked the information, or been hacked?

Has the site forum software been kept up-to-date? These types of things are notoriously full of security holes.

I can also see that this server is running MySQL, PHP, and WordPress, all of which are frequent targets of hackers which also tend to have poor security, especially WordPress, which is full of security problems. (I get a minimum of 20-30 emails per week notifying me of security issues with WordPress.)

 

[jonwienke]

There's any number of ways someone could have gotten your email, including your email provider getting hacked.

 

[Thunderknight]

Going back to August.... Possible Security Breach of email addresses and passwords

 

[slicerwizard]

Exactly. Hello - old news...

 

[an39511]

It isn't uncommon for unique emails to be discovered over time. I use to run my own email server and was constantly being tested for active email accounts. Any email that has names (or words), combinations of names and numbers are always being thrown together in hopes of finding a valid email. If your email consists of only a word it will be found in short order. If email starts with a word followed by numbers it will be found over time. Anything that has random letters followed by numbers takes a bit longer but sooner or later it will be discovered.

 

[a417]

Anything that has random letters followed by numbers takes a bit longer but sooner or later it will be discovered.

+1

you can theoretically regex .... everything.

 

[IC-R20]

There's any number of ways someone could have gotten your email, including your email provider getting hacked.

more likely they're just crooked and sold some info lists of emails for extra money. Common if you're using a shoddy service, especially a free on. Given it's unique for this site he said it could be one of them forwarding only or honeypots that claim to be "anonymous".

 

[doubledeej]

The email address I use with this site wouldn't have ever been guessed. It was unique. I doubt my password was hacked. My passwords are always unique per site, are at least 12 characters in length and are generated by a CSPRNG. Brute forcing those is practically impossible.

My information must have been part of the information that got out in August. But I don't think I was ever notified.

 

[doubledeej]

There's any number of ways someone could have gotten your email, including your email provider getting hacked.

I am my own email provider, and I monitor the server logs constantly. I've got an excellent firewall, I patch with all available security updates multiple times weekly. If something had happened on my end, I would have known about it. And other email addresses in my domain(s) would have had issues, but they didn't -- it was just the one I use here.

 

[jonwienke]

My information must have been part of the information that got out in August. But I don't think I was ever notified.

You didn't see the notice that was posted, or notice when you were prompted to change your password?