SH Forum Is Open To Hackers - SuperHawk Forum


SuperhawkForum.com News News related to the forums including enhancements, problems, etc.

Like Tree1Likes
  • 1 Post By smokinjoe73
Reply
 
 
 
LinkBack Thread Tools Search this Thread
Old 05-03-2017, 10:12 AM   #1
Senior Member
SuperBike
Thread Starter
 
skokievtr's Avatar
 
Join Date: Jan 2007
Posts: 1,898
skokievtr is on a distinguished road
SH Forum Is Open To Hackers

It was brought to my attention by the very IT security savvy administrator on another motorcycle forum I'm a member of when I asked him to check on the security of this forum, that this forum could be hacked by "your average 11 year old Russian and get all the members info" because the "Superhawk forum Registration page is http [versus https] and thus not secure and not encrypted. If hacked, your info is leaked to whoever wants it.".

He goes on to explain and provide the following info; everything in [ ] is my lowly input and added commentary. The question is, what can this forum's administrator and Owner willing to do to make it secure and bring it up to current standards as a https secure forum??!!

Hey guys, just to warn you. That "MT09 " forum is not secure. [He is using the MT09 forum as an example and could have just as easily used the Superhawk] It is one of the many forums that does not protect their login and registration pages with SSL. So, the info that you type in (username, password, email address) and your ip address is wide open for hackers. And unprotected forums like that get hacked all the time and the forum owners often don't even know it. Due to laziness and outdated website admin practices.

It is also built on Vbulletin. An old forum software that is full of security holes that requires almost weekly security updates and I'll tell ya. A forum admin that doesn't even secure their "registration" and login pages, probably doesn't keep up with the security updates either. Baldy at ADV Rider recently switched away from Vbulletin software because honestly, it's unsafe in 2017.

I would not use your real email address on that forum and I suggest using a junk throwaway password that you don't use anywhere else. At the very least. And don't pay for anything on that forum, do not send anyone your credit card info or address. Because honestly, your avg 11 year old Russian kid could have everyone's info and their entire database in about ten minutes.

As you know, our forum is ssl secure and built on a more secure software platform and I have a team on the back end managing our security.

See below top left of screenshot.

If you are joining or logging into any website or forum, look at where that arrow points and make sure that websites address starts with "HTTPS" not HTTP! HTTP websites are not secured with SSL encryption and are wide open to basic hack attacks.

Also, as a reminder, don't be one of those idiots who uses the same password on multiple websites. Use one different long password per website. Why? If one website gets hacked, they enter all the personal info from the database and use software to try your email's/password on thousands of retail sites automatically. So many people use one password on all of their websites, and those are the people wondering how their identity got stolen.

Now you know!

To see if a lazy website admin has gotten your info hacked and leaked to the public, visit this link and enter all of your email addresses one at a time! haveibeenpwned.com/

How does the above website haveibeenpwned.com/ know what sites have been hacked? Because when a hacker finds an unsecure database, they download that database on hacker websites for all of the hackers in the world to see and use!
skokievtr is offline   Reply With Quote
Old 05-03-2017, 10:21 AM   #2
Senior Member
SuperBike
Thread Starter
 
skokievtr's Avatar
 
Join Date: Jan 2007
Posts: 1,898
skokievtr is on a distinguished road
This other forum's administrator goes on to say:

It says that "some" images posted on here are not https. This is why i added the "add image to post" button and soon we will be deleting ALL http links and images that members have posted over the years.

Our site is secure, but your warning is showing that there are http links and images loaded on here, and that clicking on those links and images may put you at risk because they lead to sites that aren't secure.

I am giving you guys "some" time to replace your photo-bucket and imgur pics before deleting them.

As far as those sites that you looked up and noticed tat they had gotten your info hacked, I would go to them each and change your passwords right away!

And again, I wll soon be deleting all HTTP picture links. Including avatars. For the reasons stated above. I like to run a clean ship.

Check their login pages to see if the login page is at least https. If the login page is https then they have encrypted their login page and it should be secure. If their login page is just http, then your avg 11 year old Russian could hack it and get all the members info.

Having anti virus on your computer does nothing to THIER FORUM man. Https means that a page or website is encrypted and it's data is secure.

Again go to each forums "login" page where you actually login or join, and see if the web address begins with http (not secure) or https(secure encrypted).

Your personal computer could be perfectly protected with the worlds best antivirus, but that doesn't protect their website and your data that sits on it folks. If the page on a website where you enter info is not https, if it is http, it is not safe and is open to be easily hacked.

Now, a general forum can be http and that's ok I guess, but thier login and registration pages need to be https, or stay away. Go back in and change password to some crazy long password that doesn't match any passwords that you use on other websites.

That mt09 forum's login and registration pages aren't even https, and that's some risky shet in 2017. Those members better hope that site doesn't get hacked because I bet a bunch of those people use the same damn passwords on their retail and banking sites.

I took it a step further and made this entire forum https.

They really need to start teaching this shet in school or like everywhere.

Show of hands. How many of you use the same couple passwords on all of the websites that you use? If so, be honest. I can help you fix that easily too.

[I asked him if other MC news websites (which I do not subscribe to any, were secure; the following are 2 examples and his responses]

Crash. net

Login page is unsecure, not encrypted. If hacked, your info is leaked to whoever wants it.

Road racing world. I'm shocked that they haven't encrypted their login page. wow.

If a website admin is too lazy or cheap to encrypt your login credentials, ip address, and data, then they do not deserve your time.

And if any of those website admins come here to complain, too freakin bad man. It's 2017, get with the freakin program. Your visitors/members expect you to protect their info and data.

[His final recommendations and comments to date]

As long as you don't use that password that you use one the superhawk forum, on any other sites that contain important info about you, especially retail, banking, or any site where you have registered any payment info or SSN or home address, then you are not at much risk.

If the password you use there is also used on other sites, then at least login and change your password to a unique long password so that it no longer matches the password from other sites.

And that's the big danger. People who use the same password on multiple sites. If it gets hacked from one unsecured site, then the hackers use that to find the site that they can use to get your important info.

And if anyone thinks I'm being "over cautious" you need to read this Hacker steals 45 million accounts from hundreds of car, tech, sports forums | ZDNet

Last year hackers got 45 million passwords from all of the vertical scope/motorcycle.com forums that were all HTTP.
skokievtr is offline   Reply With Quote
Old 05-03-2017, 07:06 PM   #3
Moderator
MotoGP
 
Wolverine's Avatar
 
Join Date: Jul 2007
Location: Gettysburg, Pa
Posts: 3,950
Wolverine is on a distinguished road
PM Greg... see if you get a reply. LMK how long it takes.
Wolverine is offline   Reply With Quote
Old 05-03-2017, 07:13 PM   #4
Senior Member
MotoGP
 
smokinjoe73's Avatar
 
Join Date: Jul 2007
Location: NYC
Posts: 4,688
smokinjoe73 is on a distinguished road
All I can say is, DO NOT let me find that 11 year old Russian kid.........
Wolverine likes this.
smokinjoe73 is offline   Reply With Quote
Old 05-03-2017, 07:19 PM   #5
Moderator
MotoGP
 
Wolverine's Avatar
 
Join Date: Jul 2007
Location: Gettysburg, Pa
Posts: 3,950
Wolverine is on a distinguished road
Insert Cops theme Bad Boys here.
Wolverine is offline   Reply With Quote
Old 05-06-2017, 02:25 PM   #6
Senior Member
Back Marker
 
Aquasnake's Avatar
 
Join Date: Nov 2012
Location: Henderson, NV
Posts: 172
Aquasnake is on a distinguished road
Uhh.... ummm... this thread is kinda moot, as, on my screen anyway, the addy starts with https.
Great info to know but doesn't really apply to this site. Just saying.
Aquasnake is offline   Reply With Quote
Old 05-06-2017, 07:43 PM   #7
Senior Member
MotoGP
 
smokinjoe73's Avatar
 
Join Date: Jul 2007
Location: NYC
Posts: 4,688
smokinjoe73 is on a distinguished road
Aqua, it is necessary if you goal is to stir up hatred for the Rooskies and start a new cold war. You first need to introduce some distrust, right down to the 11 year olds. Then you start attributing stuff like oil and tire threads on Russian hackers.

You can see the direction. You just cant trust em. They are out to destroy our whole way of life......
smokinjoe73 is offline   Reply With Quote
 
 
Reply

Related Topics
Thread Thread Starter Forum Replies Last Post
Do not open "Obama Amazing Speech". Delete immediately!! LineArrayNut Everything Else 1 12-12-2008 10:44 AM
Mr Stupid Can't Open the Seat... adam75dfw General Discussion 8 05-25-2008 11:22 PM
open pipes vtrj Technical Discussion 18 03-11-2007 05:10 AM
Keep an eye open for these guys on your favorite canyon road caffeineracer General Discussion 3 09-23-2005 04:49 PM
Can't open the "SHAGForums.com News" nomead General Discussion 1 06-25-2004 01:56 PM


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:17 AM.


We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.