Author Topic: Did some forum threads get lost?  (Read 2089 times)

I haven't been on here for a long, long time. I can see the layout has changed and I heard that something happened which was the reason for the change but can't remember off the top of my head.

Now is it just me or did some historic threads go missing during whatever happened?

forum server hard drive died, we lost about 4 months of posts at the time of death, but anything truly old/classic is still around. badspot also decided to upgrade the smf software after people were exploiting an old smf forum password reset vulnerability.

-snip-

I see, I'm curious and have a few questions then if you don't mind.

Was it just a straight 4 months from a particular date or 4 months worth of posts from various years? If the former would you happen to know it?
 
And as for the exploit, was it that people were managing to gain access to other's accounts?

Was it just a straight 4 months from a particular date or 4 months worth of posts from various years? If the former would you happen to know it?
A specific time period that was actually closer to 3 months. This was because that was when the last full backup of the forum database had occurred. Badspot apparently also managed to salvage some of the missing data after the fact and threw it back into the database, but it's not clear how much was truly recovered from that.

And as for the exploit, was it that people were managing to gain access to other's accounts?
Yes. There are a number of theories as to how the exploit worked, but I don't think anyone not involved in it ever figured out what the exploit truly was.

wasnt it just a short code that would be easier to guess than what we have now

wasnt it just a short code that would be easier to guess than what we have now
That was one of the theories, but I'm pretty sure it was ruled out. That code was 10 digits long and had no rate limiting on checks iirc, which while inadequate, could not account for how quickly the attacker was breaking into accounts.

he used leakedsource and put everyone's username in and only got people because they reused their password that was also on a compromised website

he used leakedsource and put everyone's username in and only got people because they reused their password that was also on a compromised website
I believe the discrepancy on this theory is that kompressor was also hit, but was known to have not been reusing passwords. It's also far-fetched since most of the users hit were very high-profile old accounts, and it doesn't seem likely the attacker could have known enough information to ID every one of those accounts with a breached password in the timeframe the attack occurred.

A specific time period that was actually closer to 3 months.
Right, thanks.

That was one of the theories, but I'm pretty sure it was ruled out. That code was 10 digits long and had no rate limiting on checks iirc, which while inadequate, could not account for how quickly the attacker was breaking into accounts.


Sounds like it was open to a good old brute force attack then, you're right the attacker couldn't have possibly known much about the users of old accounts such as Kompressor on other sites, more likely they just looked at who was considered a "high target" but also inactive so they could have a go out without anybody noticing repeated attempts to reset their password.

Never know it could have taken a few days for the attacker to gain access all they had to do was keep at it and once they cracked it they can strike at will. Maybe they gathered a few accounts up to unleash in series (I was gone when this all happened so I don't know, just a guess).

« Last Edit: June 12, 2020, 05:24:24 PM by Hawt »

i used to talk to him and he was giving me live updates on this, he knew what to do because he was obsessed with trying to get low digit steam accounts so he used leakedsource to get them, also kompressor's password was really loving bad you wouldn't believe it and he reused it even on the torque website

What about rotondo

« Last Edit: June 12, 2020, 05:24:30 PM by Hawt »

i used to talk to him and he was giving me live updates on this, he knew what to do because he was obsessed with trying to get low digit steam accounts so he used leakedsource to get them, also kompressor's password was really loving bad you wouldn't believe it and he reused it even on the torque website

Interesting, well it's a shame the forum layout still hasn't been fixed and it probably won't be now.