SH Forum Is Open To Hackers
05-03-2017, 09:12 AM
#1
Senior Member
SuperBike
Thread Starter
Join Date: Jan 2007
Posts: 2,116
SH Forum Is Open To Hackers
It was brought to my attention by the very IT security savvy administrator on another motorcycle forum I'm a member of when I asked him to check on the security of this forum, that this forum could be hacked by "your average 11 year old Russian and get all the members info" because the "Superhawk forum Registration page is http [versus https] and thus not secure and not encrypted. If hacked, your info is leaked to whoever wants it.".
He goes on to explain and provide the following info; everything in [ ] is my lowly input and added commentary. The question is, what can this forum's administrator and Owner willing to do to make it secure and bring it up to current standards as a https secure forum??!!
Hey guys, just to warn you. That "MT09 " forum is not secure. [He is using the MT09 forum as an example and could have just as easily used the Superhawk] It is one of the many forums that does not protect their login and registration pages with SSL. So, the info that you type in (username, password, email address) and your ip address is wide open for hackers. And unprotected forums like that get hacked all the time and the forum owners often don't even know it. Due to laziness and outdated website admin practices.
It is also built on Vbulletin. An old forum software that is full of security holes that requires almost weekly security updates and I'll tell ya. A forum admin that doesn't even secure their "registration" and login pages, probably doesn't keep up with the security updates either. Baldy at ADV Rider recently switched away from Vbulletin software because honestly, it's unsafe in 2017.
I would not use your real email address on that forum and I suggest using a junk throwaway password that you don't use anywhere else. At the very least. And don't pay for anything on that forum, do not send anyone your credit card info or address. Because honestly, your avg 11 year old Russian kid could have everyone's info and their entire database in about ten minutes.
As you know, our forum is ssl secure and built on a more secure software platform and I have a team on the back end managing our security.
See below top left of screenshot.
If you are joining or logging into any website or forum, look at where that arrow points and make sure that websites address starts with "HTTPS" not HTTP! HTTP websites are not secured with SSL encryption and are wide open to basic hack attacks.
Also, as a reminder, don't be one of those idiots who uses the same password on multiple websites. Use one different long password per website. Why? If one website gets hacked, they enter all the personal info from the database and use software to try your email's/password on thousands of retail sites automatically. So many people use one password on all of their websites, and those are the people wondering how their identity got stolen.
Now you know!
To see if a lazy website admin has gotten your info hacked and leaked to the public, visit this link and enter all of your email addresses one at a time! haveibeenpwned.com/
How does the above website haveibeenpwned.com/ know what sites have been hacked? Because when a hacker finds an unsecure database, they download that database on hacker websites for all of the hackers in the world to see and use!
He goes on to explain and provide the following info; everything in [ ] is my lowly input and added commentary. The question is, what can this forum's administrator and Owner willing to do to make it secure and bring it up to current standards as a https secure forum??!!
Hey guys, just to warn you. That "MT09 " forum is not secure. [He is using the MT09 forum as an example and could have just as easily used the Superhawk] It is one of the many forums that does not protect their login and registration pages with SSL. So, the info that you type in (username, password, email address) and your ip address is wide open for hackers. And unprotected forums like that get hacked all the time and the forum owners often don't even know it. Due to laziness and outdated website admin practices.
It is also built on Vbulletin. An old forum software that is full of security holes that requires almost weekly security updates and I'll tell ya. A forum admin that doesn't even secure their "registration" and login pages, probably doesn't keep up with the security updates either. Baldy at ADV Rider recently switched away from Vbulletin software because honestly, it's unsafe in 2017.
I would not use your real email address on that forum and I suggest using a junk throwaway password that you don't use anywhere else. At the very least. And don't pay for anything on that forum, do not send anyone your credit card info or address. Because honestly, your avg 11 year old Russian kid could have everyone's info and their entire database in about ten minutes.
As you know, our forum is ssl secure and built on a more secure software platform and I have a team on the back end managing our security.
See below top left of screenshot.
If you are joining or logging into any website or forum, look at where that arrow points and make sure that websites address starts with "HTTPS" not HTTP! HTTP websites are not secured with SSL encryption and are wide open to basic hack attacks.
Also, as a reminder, don't be one of those idiots who uses the same password on multiple websites. Use one different long password per website. Why? If one website gets hacked, they enter all the personal info from the database and use software to try your email's/password on thousands of retail sites automatically. So many people use one password on all of their websites, and those are the people wondering how their identity got stolen.
Now you know!
To see if a lazy website admin has gotten your info hacked and leaked to the public, visit this link and enter all of your email addresses one at a time! haveibeenpwned.com/
How does the above website haveibeenpwned.com/ know what sites have been hacked? Because when a hacker finds an unsecure database, they download that database on hacker websites for all of the hackers in the world to see and use!
05-03-2017, 09:21 AM
#2
Senior Member
SuperBike
Thread Starter
Join Date: Jan 2007
Posts: 2,116
This other forum's administrator goes on to say:
It says that "some" images posted on here are not https. This is why i added the "add image to post" button and soon we will be deleting ALL http links and images that members have posted over the years.
Our site is secure, but your warning is showing that there are http links and images loaded on here, and that clicking on those links and images may put you at risk because they lead to sites that aren't secure.
I am giving you guys "some" time to replace your photo-bucket and imgur pics before deleting them.
As far as those sites that you looked up and noticed tat they had gotten your info hacked, I would go to them each and change your passwords right away!
And again, I wll soon be deleting all HTTP picture links. Including avatars. For the reasons stated above. I like to run a clean ship.
Check their login pages to see if the login page is at least https. If the login page is https then they have encrypted their login page and it should be secure. If their login page is just http, then your avg 11 year old Russian could hack it and get all the members info.
Having anti virus on your computer does nothing to THIER FORUM man. Https means that a page or website is encrypted and it's data is secure.
Again go to each forums "login" page where you actually login or join, and see if the web address begins with http (not secure) or https(secure encrypted).
Your personal computer could be perfectly protected with the worlds best antivirus, but that doesn't protect their website and your data that sits on it folks. If the page on a website where you enter info is not https, if it is http, it is not safe and is open to be easily hacked.
Now, a general forum can be http and that's ok I guess, but thier login and registration pages need to be https, or stay away. Go back in and change password to some crazy long password that doesn't match any passwords that you use on other websites.
That mt09 forum's login and registration pages aren't even https, and that's some risky shet in 2017. Those members better hope that site doesn't get hacked because I bet a bunch of those people use the same damn passwords on their retail and banking sites.
I took it a step further and made this entire forum https.
They really need to start teaching this shet in school or like everywhere.
Show of hands. How many of you use the same couple passwords on all of the websites that you use? If so, be honest. I can help you fix that easily too.
[I asked him if other MC news websites (which I do not subscribe to any, were secure; the following are 2 examples and his responses]
Crash. net
Login page is unsecure, not encrypted. If hacked, your info is leaked to whoever wants it.
Road racing world. I'm shocked that they haven't encrypted their login page. wow.
If a website admin is too lazy or cheap to encrypt your login credentials, ip address, and data, then they do not deserve your time.
And if any of those website admins come here to complain, too freakin bad man. It's 2017, get with the freakin program. Your visitors/members expect you to protect their info and data.
[His final recommendations and comments to date]
As long as you don't use that password that you use one the superhawk forum, on any other sites that contain important info about you, especially retail, banking, or any site where you have registered any payment info or SSN or home address, then you are not at much risk.
If the password you use there is also used on other sites, then at least login and change your password to a unique long password so that it no longer matches the password from other sites.
And that's the big danger. People who use the same password on multiple sites. If it gets hacked from one unsecured site, then the hackers use that to find the site that they can use to get your important info.
And if anyone thinks I'm being "over cautious" you need to read this Hacker steals 45 million accounts from hundreds of car, tech, sports forums | ZDNet
Last year hackers got 45 million passwords from all of the vertical scope/motorcycle.com forums that were all HTTP.
It says that "some" images posted on here are not https. This is why i added the "add image to post" button and soon we will be deleting ALL http links and images that members have posted over the years.
Our site is secure, but your warning is showing that there are http links and images loaded on here, and that clicking on those links and images may put you at risk because they lead to sites that aren't secure.
I am giving you guys "some" time to replace your photo-bucket and imgur pics before deleting them.
As far as those sites that you looked up and noticed tat they had gotten your info hacked, I would go to them each and change your passwords right away!
And again, I wll soon be deleting all HTTP picture links. Including avatars. For the reasons stated above. I like to run a clean ship.
Check their login pages to see if the login page is at least https. If the login page is https then they have encrypted their login page and it should be secure. If their login page is just http, then your avg 11 year old Russian could hack it and get all the members info.
Having anti virus on your computer does nothing to THIER FORUM man. Https means that a page or website is encrypted and it's data is secure.
Again go to each forums "login" page where you actually login or join, and see if the web address begins with http (not secure) or https(secure encrypted).
Your personal computer could be perfectly protected with the worlds best antivirus, but that doesn't protect their website and your data that sits on it folks. If the page on a website where you enter info is not https, if it is http, it is not safe and is open to be easily hacked.
Now, a general forum can be http and that's ok I guess, but thier login and registration pages need to be https, or stay away. Go back in and change password to some crazy long password that doesn't match any passwords that you use on other websites.
That mt09 forum's login and registration pages aren't even https, and that's some risky shet in 2017. Those members better hope that site doesn't get hacked because I bet a bunch of those people use the same damn passwords on their retail and banking sites.
I took it a step further and made this entire forum https.
They really need to start teaching this shet in school or like everywhere.
Show of hands. How many of you use the same couple passwords on all of the websites that you use? If so, be honest. I can help you fix that easily too.
[I asked him if other MC news websites (which I do not subscribe to any, were secure; the following are 2 examples and his responses]
Crash. net
Login page is unsecure, not encrypted. If hacked, your info is leaked to whoever wants it.
Road racing world. I'm shocked that they haven't encrypted their login page. wow.
If a website admin is too lazy or cheap to encrypt your login credentials, ip address, and data, then they do not deserve your time.
And if any of those website admins come here to complain, too freakin bad man. It's 2017, get with the freakin program. Your visitors/members expect you to protect their info and data.
[His final recommendations and comments to date]
As long as you don't use that password that you use one the superhawk forum, on any other sites that contain important info about you, especially retail, banking, or any site where you have registered any payment info or SSN or home address, then you are not at much risk.
If the password you use there is also used on other sites, then at least login and change your password to a unique long password so that it no longer matches the password from other sites.
And that's the big danger. People who use the same password on multiple sites. If it gets hacked from one unsecured site, then the hackers use that to find the site that they can use to get your important info.
And if anyone thinks I'm being "over cautious" you need to read this Hacker steals 45 million accounts from hundreds of car, tech, sports forums | ZDNet
Last year hackers got 45 million passwords from all of the vertical scope/motorcycle.com forums that were all HTTP.
05-06-2017, 06:43 PM
#7
Senior Member
MotoGP
Join Date: Jul 2007
Location: NYC
Posts: 5,033
Aqua, it is necessary if you goal is to stir up hatred for the Rooskies and start a new cold war. You first need to introduce some distrust, right down to the 11 year olds. Then you start attributing stuff like oil and tire threads on Russian hackers.
You can see the direction. You just cant trust em. They are out to destroy our whole way of life......
You can see the direction. You just cant trust em. They are out to destroy our whole way of life......
05-12-2019, 03:37 PM
#9
Moderator
MotoGP
Join Date: Jul 2007
Location: Gettysburg, Pa
Posts: 5,072
That sucks...
Us Mods have zero input or control on that kind of stuff just to let you all know. Greg is the admin, and he is MIA. We've both reached out to try to get admin status, with no reply. So moral of the story, don't share anything you consider valuable here... Change your password occasionally.
Us Mods have zero input or control on that kind of stuff just to let you all know. Greg is the admin, and he is MIA. We've both reached out to try to get admin status, with no reply. So moral of the story, don't share anything you consider valuable here... Change your password occasionally.
05-12-2019, 04:54 PM
#10
Administrator
MotoGP
Join Date: Apr 2006
Location: Kempner, TX
Posts: 4,402
If a website admin is too lazy or cheap to encrypt your login credentials, ip address, and data, then they do not deserve your time.
If anyone is silly enough to put data on this forum worth anything, they deserve what they get
Signed
Erik Marquez
Birth Date 12/26/1976
SSN 554-432-5675
Credit card number 340532213013 Exp date 12/03/2020 CCV 307
Thread
Thread Starter
Forum
Replies
Last Post
