My account is hacked

fpitas · Dec 13, 2022

sarumbear said:
In this case the aim was to steal money. Isn't that obvious?

No doubt.

sarumbear · Dec 13, 2022

Ornette said:
I use Dashlane, which includes a random strong password generator. Unless I'm not understanding what you're saying, it doesn't seem like a great idea to be creating your own passwords, and certainly not to reuse them on multiple sites. Just trying to be helpful here.

I do not use the same password on all my sites. I use 1password to manage passwords and my passwords are tested and reported as "extremely strong". There is no way to stop anyone hacking anything if they put their mind to it.

staticV3 · Dec 13, 2022

sarumbear said:
There is no way to stop anyone hacking anything if they put their mind to it.

Of course, all that goes out the window if the hacker has access to and knows how to use a quantum computer. Look up Shor's algorithm for details on that.

hege · Dec 13, 2022

fpitas said:
Not sure if ASR locks out after so many attempts.

Xenforo limits login tries to 4 times per 15 minutes per user by default. But nothing prevents from trying all 40000 users sequentually over and over.. would be interesting to check logs if someone is brute forcing..

hege · Dec 13, 2022

staticV3 said:
View attachment 249681
Of course, all that goes out the window if the hacker has access to and knows how to use a quantum computer. Look up Shor's algorithm for details on that.

This is completely irrelevant for brute forcing any service which will throttle failed logins. Web services also can't respond a million times per second in any case.

fpitas · Dec 13, 2022

hege said:
Xenforo limits login tries to 4 times per 15 minutes per user by default. But nothing prevents from trying all 40000 users sequentually over and over.. would be interesting to check logs if someone is brute forcing..

That's an alarming thought.

sarumbear · Dec 13, 2022

staticV3 said:
View attachment 249681
Of course, all that goes out the window if the hacker has access to and knows how to use a quantum computer. Look up Shor's algorithm for details on that.

If there is a working one around...

hege · Dec 13, 2022

fpitas said:
That's an alarming thought.

Only if users have extremely poor passwords. There's many other scenarios that could have happened here to get the password, or even not get the password and just capture the session etc. (But that's Amir's or his admins job to parse from the logs)

fpitas · Dec 13, 2022

hege said:
Only if users have extremely poor passwords. There's many other scenarios that could have happened here to get the password, or even not get the password and just capture the session etc. (But that's Amir's or his admins job to parse from the logs)

Or, perhaps Sarumbear has malware. A thorough sweep of his computer might be in order.

threni · Dec 13, 2022

hege said:
This is completely irrelevant for brute forcing any service which will throttle failed logins. Web services also can't respond a million times per second in any case.

If they obtain access to the database, or the server it's on, they could do whatever they want (potentially offline). Weak passwords would fall in a few seconds.

hege · Dec 13, 2022

threni said:
If they obtain access to the database, or the server it's on, they could do whatever they want (potentially offline). Weak passwords would fall in a few seconds.

Sure, it's not unheard of silly admins opening ports to the public internet and databases leaking. If they get on the server, they can do anything they want with the users directly anyway. Weak passwords and ignorant users can't be helped.

Passwords with modern hashes take a good while to break, you'd only do it in "seconds" if the password is some reallly silly like one in the list of most common ones. From thousands of users there is always some of course, atleast on some crappy services which doesn't force any complexity.

sarumbear · Dec 13, 2022

fpitas said:
Or, perhaps Sarumbear has malware. A thorough sweep of his computer might be in order.

The hacking was done by someone else on a different computer than mine and on the ASR website. I was not involved.

fpitas · Dec 13, 2022

sarumbear said:
The hacking was done by someone else on a different computer than mine and on the ASR website. I was not involved.

Right, but conceivably the information was harvested off your computer. Some malware these days is scary good.

sarumbear · Dec 13, 2022

fpitas said:
Right, but conceivably the information was harvested off your computer. Some malware these days is scary good.

Of course it’s possible but nobody has hacked any other account. No online stores, no banks, etc. was compromised. Then again, of course ASR is the most important of my accounts!

Prana Ferox · Dec 13, 2022

fpitas said:
Right. We were just musing as to why hackers do their hacking. Generally I think they have an aim in mind.

Sometimes you just want to sit around the house in the dark with a ski mask and type into 4 terminal windows at a time with fingerless gloves, but you feel you need an excuse

My account is hacked

fpitas

Master Contributor

sarumbear

Master Contributor

staticV3

Master Contributor

hege

Senior Member

hege

Senior Member

fpitas

Master Contributor

sarumbear

Master Contributor

hege

Senior Member

fpitas

Master Contributor

threni

Major Contributor

hege

Senior Member

sarumbear

Master Contributor

fpitas

Master Contributor

sarumbear

Master Contributor

Prana Ferox

Addicted to Fun and Learning

Similar threads