Model Boat Mayhem

Please login or register.

Login with username, password and session length.
Pages: [1] 2   Go Down

Author Topic: Has membership list been hacked ?  (Read 4488 times)

RAAArtyGunner

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 3,848
  • Location: Brisbane, Australia
Has membership list been hacked ?
« on: December 20, 2012, 07:53:02 PM »

WARNING.
 
Anyone received spam such as this.
 
The 'Yamato' thread has recently featured in postings to which I have a notification link
 
Suggest you don't click on any links below
 
Is it possible for a hacker to gain access to members email addresses once they have breached the forum.
 
 Hello! I saw your interest in model battleship Yamato and decided to acquaint you with our offer. We make kits for professionals to build ship models in 1:100 scale. Very good kit with high quality detailing. Yamato, we also have. Possible to install radio equipment. With a kits and ready-made models you can find on the site - removed - We will be happy if we can help you. If you would be interested please contact us by E-mail - removed -
Logged
Gunna build those other boats one day.

Bob K

  • Bob K
  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 3,701
  • Location: Windsor
Re: Has membership list been hacked ?
« Reply #1 on: December 20, 2012, 09:04:09 PM »


Is it possible for a hacker to gain access to members email addresses once they have breached the forum.


You have your email link clearly shown (envelope icon) under your screen name and avatar.
Even a visitor to the site can click  on it and send you an email.
Logged
HMS Skirmisher (1905), HMS Amazon (1906), HMS K9 (1915), Type 212A (2002), HMS Polyphemus (1881), Descartes (1897), Iggle Piggle boat (CBBC), HMS Royal Marine (1943), HMS Marshall Soult, HMS Agincourt (1912)

NFMike

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 1,061
  • Location: Hythe, Hants, UK
    • Plague Marine Services
Re: Has membership list been hacked ?
« Reply #2 on: December 20, 2012, 09:14:38 PM »

... but I don't think it gives them your e-mail address as the message is sent by the forum software.

Peter Fitness

  • Global Moderator
  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 6,889
  • Location: Wyrallah, near Lismore NSW Australia
Re: Has membership list been hacked ?
« Reply #3 on: December 20, 2012, 09:17:14 PM »

If you don't want your email address made public, go to your profile and uncheck the "Allow users to email me" box. Otherwise your address is visible to all users. It's only Personal Messages (PMs) that are handled by the forum software.


Peter.
Logged

ardarossan

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 670
  • Location: UK
Re: Has membership list been hacked ?
« Reply #4 on: December 20, 2012, 10:50:32 PM »


You have your email link clearly shown (envelope icon) under your screen name and avatar.
Even a visitor to the site can click  on it and send you an email.

I believe that all the contact links only appear to be available if you are registered and logged-in.
I logged-out and back in again earlier on this evening to confirm this for myself, but can't guarantee that this is the same for others using different systems and configurations.

I would suggest that if anyone has an insight how and why spammers might be able to overcome the system, that initially it would be better to inform Martin and/or the Moderators instead of posting it online.

Andy
Logged
How much wood would a Woodchuck chuck, if a Woodchuck would chuck wood?

bikerdude999

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 522
  • Location: Corby, UK
Re: Has membership list been hacked ?
« Reply #5 on: December 20, 2012, 11:12:41 PM »

No need to 'overcome' the system. Anyone who joins can click on the email icon under members names, which brings up the on-forum email page, then they send a mail to your email address, not on the forum, so no usernames displayed, just their email address.


Martin may be able to find the sender in the member list using the email address? Otherwise it's just a case of mark as spam, or hide your email address on the forum.
Logged

Martin [Admin]

  • Administrator
  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 19,453
  • Location: Peterborough, UK
    • Model Boat Mayhem
Re: Has membership list been hacked ?
« Reply #6 on: December 20, 2012, 11:24:30 PM »


I can't even find that post!  {:-{

Logged
"This is my firm opinion, but what do I know?!"    -   Mayhem FaceBook Group!

bikerdude999

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 522
  • Location: Corby, UK
Re: Has membership list been hacked ?
« Reply #7 on: December 20, 2012, 11:33:06 PM »

I assumed it was this 1: http://www.modelboatmayhem.co.uk/forum/index.php?topic=39855.0


Where the last post was made by a trader trying to advertise their wares.... So probably the same person sending the spam.
Logged

NFMike

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 1,061
  • Location: Hythe, Hants, UK
    • Plague Marine Services
Re: Has membership list been hacked ?
« Reply #8 on: December 21, 2012, 12:03:14 AM »

If you don't want your email address made public, go to your profile and uncheck the "Allow users to email me" box. Otherwise your address is visible to all users.

I don't think that is correct. The recipient's e-mail address is hidden (unless you e-mail yourself). The "Allow users to email me" box does what it says - if unchecked then no-one (except admin I expect) can e-mail you from the forum.

The spammer in the OP has probably gone to each poster in that Yamato thread in turn, used the e-mail link and then pasted his text into each - one at a time. Which isn't really spamming at all as it is limited in volume and targeted at people that have shown interest. Quite sensible in fact.

ardarossan

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 670
  • Location: UK
Re: Has the Yamato thread been hacked ?
« Reply #9 on: December 21, 2012, 02:51:33 AM »

RAAArty, Having looked at your OP again, there is nothing in the message you received that specifically mentions Mayhem.

It's worth bearing in mind that your details could have been lifted from the database of any other modelling site and/or friends computer/email address box, with the 'Yamato' reference in the message you received being purely coincidental.
 
No need to 'overcome' the system. Anyone who joins can click on the email icon under members names, which brings up the on-forum email page, then they send a mail to your email address, not on the forum, so no usernames displayed, just their email address.

Martin may be able to find the sender in the member list using the email address? Otherwise it's just a case of mark as spam, or hide your email address on the forum.

Not true. Your email icon is only visible to anyone registered IF you select the option in your profile settings that states Allow users to email me.


I don't think that is correct. The recipient's e-mail address is hidden (unless you e-mail yourself). The "Allow users to email me" box does what it says - if unchecked then no-one (except admin I expect) can e-mail you from the forum.

The spammer in the OP has probably gone to each poster in that Yamato thread in turn, used the e-mail link and then pasted his text into each - one at a time. Which isn't really spamming at all as it is limited in volume and targeted at people that have shown interest. Quite sensible in fact.

Whether it is termed 'Spam', 'Junk' or just plain 'Unwanted', it can all be identified as 'Unsolicited'. Unsolicited email is electronic mail that an individual did not request, and it remains a widespread problem.
As Unsolicited email can contain or precede a phishing scam and/or lead to the propagation of worms and viruses by disguising itself in a recipients system, I don't consider it to be 'Quite sensible in fact', if a registered user is abusing the Mayhem system to bother the membership in this manner.

Consequently, I'll keep my fingers crossed that the source may be identified before too long.

Andy
Logged
How much wood would a Woodchuck chuck, if a Woodchuck would chuck wood?

Peter Fitness

  • Global Moderator
  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 6,889
  • Location: Wyrallah, near Lismore NSW Australia
Re: Has membership list been hacked ?
« Reply #10 on: December 21, 2012, 04:20:12 AM »

The "Allow users to email me" box does what it says - if unchecked then no-one (except admin I expect) can e-mail you from the forum.



I thought that was what I said {:-{  which was, in part, go to your profile and uncheck the "Allow users to email me" box. Perhaps,  to be crystal clear, I should have added "If it is checked".


Peter.
Logged

vnkiwi

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 1,600
  • Location: SE Asia
Re: Has membership list been hacked ?
« Reply #11 on: December 21, 2012, 04:47:40 AM »

RAAArty is correct. I got one exactly the same, and the link takes you direct to a Russian web-site which indeed does sell Yamato stuff in 1:100 scale.
The email address is also that which is the contact for the web-site.
Someone obviously obtained our email addresses from 'Model Mayhem'.
cheers
vnkiwi
ps mine email came from the web-site address
Logged
If it ain't broke. Don't fix it !

bikerdude999

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 522
  • Location: Corby, UK
Re: Has the Yamato thread been hacked ?
« Reply #12 on: December 21, 2012, 06:34:31 AM »

Not true. Your email icon is only visible to anyone registered IF you select the option in your profile settings that states Allow users to email me

Actually there is nothing that is 'not true' in my post, I didn't say under all members names, thought it would be obvious that it was meant for members with the email link there... Splitting hairs really...
Logged

tigertiger

  • Global Moderator
  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 7,162
  • Location: Kunming, city of eternal springtime, SW China.
Re: Has membership list been hacked ?
« Reply #13 on: December 21, 2012, 07:29:34 AM »


I thought that was what I said {:-{  which was, in part, go to your profile and uncheck the "Allow users to email me" box. Perhaps,  to be crystal clear, I should have added "If it is checked".


Peter.
See below
TT
Logged
The only stupid question is the one I didn't ask

RAAArtyGunner

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 3,848
  • Location: Brisbane, Australia
Re: Has membership list been hacked ?
« Reply #14 on: December 21, 2012, 10:42:38 AM »

If you don't want your email address made public, go to your profile and uncheck the "Allow users to email me" box. Otherwise your address is visible to all users. It's only Personal Messages (PMs) that are handled by the forum software.


Peter.
Peter,
 
Thank you and have now changed my profile.
Seeing as we have several instances of 'mavericks' or whatever you wish to call them sneaking through as members, why not automatically disable the email option.
That would make PM's the form of contact and "spam/bad" for want of a word PM's can then be reported to admin for action  <*< <*< <*<
Logged
Gunna build those other boats one day.

Norseman

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 3,484
  • Location: Huyton, Liverpool
Re: Has membership list been hacked ?
« Reply #15 on: December 21, 2012, 10:57:45 AM »

Hi
I posted on the Yamoto thread but didn't get any traders email. My profile doesn't show my email because I just prefer to give it to our members via pm.
Dave
Logged

RAAArtyGunner

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 3,848
  • Location: Brisbane, Australia
Re: Has the Yamato thread been hacked ?
« Reply #16 on: December 21, 2012, 10:57:46 AM »

RAAArty, Having looked at your OP again, there is nothing in the message you received that specifically mentions Mayhem.

It's worth bearing in mind that your details could have been lifted from the database of any other modelling site and/or friends computer/email address box, with the 'Yamato' reference in the message you received being purely coincidental.
 
Andy
Andy,
Consider this and make your own conclusions.
1. The email address the spam was sent to is the one I use for this forum and not my 'normal' address.
2. Am not a member of other sites only Mayhem, and using the address that the spam went to.
3. Have only made comment/participated etc regarding Yamato on this forum.
4. The 1/10 scale Yamato thread is a recent one in question which was dormant until last couple of days.
5. There have been some bogey/dodgy posters of recent times.
6. Coincidences ??????
Logged
Gunna build those other boats one day.

RAAArtyGunner

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 3,848
  • Location: Brisbane, Australia
Re: Has membership list been hacked ?
« Reply #17 on: December 21, 2012, 11:02:28 AM »

Hi
I posted on the Yamoto thread but didn't get any traders email. My profile doesn't show my email because I just prefer to give it to our members via pm.
Dave

After this episode, I agree that that should be the default position, namely, no emails address visible other than to admin who see all anyway
Logged
Gunna build those other boats one day.

NFMike

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 1,061
  • Location: Hythe, Hants, UK
    • Plague Marine Services
Re: Has membership list been hacked ?
« Reply #18 on: December 21, 2012, 11:56:59 AM »

I thought that was what I said {:-{  which was, in part, go to your profile and uncheck the "Allow users to email me" box. Perhaps,  to be crystal clear, I should have added "If it is checked".


No, you actually said:
Quote from: Peter Fitness
If you don't want your email address made public, go to your profile and uncheck the "Allow users to email me" box. Otherwise your address is visible to all users. It's only Personal Messages (PMs) that are handled by the forum software.
This implies that "Allow users to email me" gives your e-mail address to the sender. It does not. Much like the PM system it allows the sender to enter a message which is then sent to the recipient's e-mail address by the forum software. The sender is not given the recipient e-mail address and therefore cannot add it to his address book or pass it on (unless you reply to that e-mail of course at which point you can't hide).


Making your address public is when you (eg) post it in view, like here abcd@efgh.com, so anyone can copy it.
Enabling the Allow e-mail function on the forum does not make your address public or display it at all.

NFMike

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 1,061
  • Location: Hythe, Hants, UK
    • Plague Marine Services
Re: Has membership list been hacked ?
« Reply #19 on: December 21, 2012, 11:57:48 AM »


After this episode, I agree that that should be the default position, namely, no emails address visible other than to admin who see all anyway
It doesn't really matter - see post above.

RAAArtyGunner

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 3,848
  • Location: Brisbane, Australia
Re: Has membership list been hacked ?
« Reply #20 on: December 21, 2012, 12:21:32 PM »

It doesn't really matter - see post above.

Wouldn't making use of PM's instead of being able to send an email to an address, enable Admin to track/find culprit.
 
Or are they both delivered the same way by the forums software, if so, then can they be tracked?
Logged
Gunna build those other boats one day.

Colin Bishop

  • Full Mayhemer
  • *****
  • Online Online
  • Posts: 10,464
  • Location: SW Surrey, UK
Re: Has membership list been hacked ?
« Reply #21 on: December 21, 2012, 12:59:36 PM »

PMs are PMs - Admin don't have access to them.
 
Colin
Logged

TheLongBuild

  • Full Mayhemer
  • *****
  • Online Online
  • Posts: 4,261
  • Build em, and play hard..
  • Location: Everywhere, But Nowhere !! But mainly in England....
    • Runcorn & District Scale Model Boats
Re: Has membership list been hacked ?
« Reply #22 on: December 21, 2012, 01:01:42 PM »

The Culprit is known, and was a registered member very briefly but was trying to sell goods related to models on certain posts.
 
 

ardarossan

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 670
  • Location: UK
Re: Has the Yamato thread been hacked ?
« Reply #23 on: December 21, 2012, 02:10:45 PM »

Andy,
Consider this and make your own conclusions.
1. The email address the spam was sent to is the one I use for this forum and not my 'normal' address.
2. Am not a member of other sites only Mayhem, and using the address that the spam went to.
3. Have only made comment/participated etc regarding Yamato on this forum.
4. The 1/10 scale Yamato thread is a recent one in question which was dormant until last couple of days.
5. There have been some bogey/dodgy posters of recent times.
6. Coincidences ??????

Hi RAAAAty, obviously I can see that the issue has eveloped further since I wrote my reply to you.
However, I did think it best to offer another plausible alternative in order that you could protect yourself, having considered the possibility that it may be a 'phishing' message along similar lines to those 'Your bank account has been frozen'-type emails which occasionally do appear to come from a bank that you may have an account with.

Andy
Logged
How much wood would a Woodchuck chuck, if a Woodchuck would chuck wood?

malcolmfrary

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 5,617
  • Location: Blackpool, Lancs, UK
Re: Has membership list been hacked ?
« Reply #24 on: December 21, 2012, 04:20:21 PM »

Realistically, probably not.  If the member list had been hacked, we would all be complaining about the viagra adverts, offers of temporary negotiable friendship and offers join in money laundering.  Spammers are looking for the biggest return on the least effort, meaning that they always go for the lowest common denominator.  Spending the time and effort in preparing an offer on a specific range of models just doesn't figure.
Opportunist rather than malicious villan.
Logged
"With the right tool, you can break anything" - Garfield
Pages: [1] 2   Go Up