PayPal is enemy infrastructure. Exploit it as necessary.
HACKED ACCOUNTS!!!!!
- Thread starter texcross
- Start date
The #1 community for Gun Owners in Texas
Member Benefits:
Fewer Ads! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
I shouldn't have said facilitate. My bad. His account was used to vouch for a member that had been hacked. To make it look legitimate. It was a fluid situation with posts being deleted, threads being locked then unlocked. Etc. If you were activity watching the for sale thread in question I can see how it was confusing for members needing ammo
Last edited:
I paid you with PayPal. I received the boker today btw. Thanks for working with me on that. Also, if my account gets hacked I'm going to text you so you can give the forum a heads up.
In light of current shenanigans, I'm really glad that worked out
Darqhelmet
You had one job, one.
So do we know if the forum user name / password list was hacked? Just Bens account? Does he reuse his password and some where else was hacked? Maybe throw an announcement up suggesting everyone change their passwords.
I think Kevin is considering this.
I never use my email address password as anything else. #1, #2 I use 2FA on anything I care about, hilariously my forum password here (and everywhere else) is weak because it has, historically, been where my passwords have been stolen from because of exploited servers and databases.
My 2FA here has never been compromised.
My 2FA here has never been compromised.
A couple of things I learned watching this in real time.
1. If something doesn't feel right, it isn't. My first clue was how the for sale thread was cleaned up, it just did not feel like a Ben job, which is why I engaged him in the NSFW thread on that action.
2. Trust but verify. Once I suspected Ben's account status, I should have notified texcross immediately. Instead, I reached out to Ben by pm and that resulted in my getting banned by the attacker.
3. Take decisive action. Once I got banned and knowing how it happened wasn't how those things work around here, I went straight to the MFWIC on email with a very clear subject line and pertinent details. I don't know if he knew what was going on by then, but I know we mounted a great defense shortly afterwards.
4. Timing is everything. From the time Ben's account was compromised to me contacting the MFWIC was 63 minutes. In that space multiple members were harmed. Had I done step 3 when I first suspected something fishy was going on, things may have turned out much differently.
5. Incoming friendly fire isn't friendly. My public posts in the for sale thread and NSFW thread probably did more harm than good in that it tipped the attacker to my hand.
6. Collateral damage is still damage. Once I got banned and went to alternate comms, at least one other member was banned when I reached out to them and they took action to contact Ben. At that point, neither of us had many options left to spread the word.
1. If something doesn't feel right, it isn't. My first clue was how the for sale thread was cleaned up, it just did not feel like a Ben job, which is why I engaged him in the NSFW thread on that action.
2. Trust but verify. Once I suspected Ben's account status, I should have notified texcross immediately. Instead, I reached out to Ben by pm and that resulted in my getting banned by the attacker.
3. Take decisive action. Once I got banned and knowing how it happened wasn't how those things work around here, I went straight to the MFWIC on email with a very clear subject line and pertinent details. I don't know if he knew what was going on by then, but I know we mounted a great defense shortly afterwards.
4. Timing is everything. From the time Ben's account was compromised to me contacting the MFWIC was 63 minutes. In that space multiple members were harmed. Had I done step 3 when I first suspected something fishy was going on, things may have turned out much differently.
5. Incoming friendly fire isn't friendly. My public posts in the for sale thread and NSFW thread probably did more harm than good in that it tipped the attacker to my hand.
6. Collateral damage is still damage. Once I got banned and went to alternate comms, at least one other member was banned when I reached out to them and they took action to contact Ben. At that point, neither of us had many options left to spread the word.
Last edited:
That possibility has crossed my mind. I've done some checking on my system and that doesn't seem to be the case. Besides, it wasn't my account that was hacked first. (Probably. More speculation to follow.) It would be way too big a coincidence for two of us, completely unknown to each other, to have keyloggers installed that this particular bad actor had access to.
No. Period.
However, a mod can change your password.
This is one of the things that bothers me. Kevin is hitting the logs to see what the bad guy did while he was here. He hasn't shared anything about other password changes with me so I doubt they happened. If I were a bad guy, though, I would have definitely found a bunch of unused old accounts, changed their passwords and emails, and taken control of them so that I could re-invade the forum at a later date.
The idea has been floated of making everyone change their passwords once in the near future. That's likely to be a pain but it's a precaution I've encouraged texcross to take.
Right. It's happened to a number of forums starting a couple of weeks ago.
Right.
Just a future note - While I occasionally use an alternate font color or all caps for a word or two, when you see a post that consists entirely of a non-standard font, enlarged, in red, shouting something in all caps and using rather stilted language for the entire post...well...that's a clue that it isn't me.
Normally I'd insert a smiley face after that last paragraph but I really don't feel like smiling about any of this yet. This is one of those "someday we'll look back and laugh" moments and I figure that someday won't happen for quite a while.
Even though the bad guy had my credentials, he couldn't do that. While it's possible to build a list of forum user names, I don't have any way to see anyone's password, much less get a list of them.
This post is long enough so I'll stop. There are some other posts here that I'll reply to shortly.
That needs some amplification.
This same attack hit the Oklahoma gun forum yesterday after us; that's already been noted. Kevin has advised me that two more forums were hit last night.
Something new and weird is happening and there are lots of people trying to figure it out. I have no doubt that elements of past security failures are being exploited; they always are. But this recent rash of attacks is different.
People a lot smarter than me in the forum business space are making it a priority to understand but no one is there, yet.
Thanks for a hugely insightful set of observations.
Folks, pay attention to that post. There is much wisdom there.
So much so, in fact, that 2FA is now mandatory for the staff here on TGT.
A good lesson, well learned by me in this case. As I've stated before, if I hadn't gotten cute and tried to scoop up all the accounts that were in cahoots, this thing wouldn't have blown up the way it did.
It's like first aid. First, stop the blood spurting out. Figure out the niceties later.
If I had just banned the guy and removed the thread when I first saw it, yesterday would have been completely unremarkable.
In the future, I'll tend much more toward the "Ban immediately and give 'em a way to appeal" school of administration instead of the "Let me figure this out before I upset the apple cart" school.
Yep. I immediately emailed Vaquero and called Kevin as soon as I could find his number, a step that, I admit, took me a few minutes. But it was off-the-board contact methods that were critical in limiting the damage.
Two Factor Authentication.
Basically, when you log in and give your password, the software asks you for an additional piece of information that only you should possess.
Most commonly, you'll get a text with a string of numbers to enter. It slows down the login process by a minute but it increases the security of your login process by orders of magnitude.
Unfortunately, the forum software is not set up to provide that extra bit of information via text which is the simplest and most convenient way to do it. This forum uses either an app on your phone (which is convenient in the long run though it requires you to install an app to make it work the first time) or it sends you an email.
2FA is not mandatory for regular users but it's smart. It's now mandatory for staff.
Darren,
I'll email you at the email you provided when you made your account on TGT.
Normally, a new account requires 25 posts before it can PM on this board. However, if I know what I'm doing (and that's a big question in my mind at the moment) I just turned on PMs for you. You should see an envelope icon in the upper right of your screen if you're on the web interface. Or you can just click on my avatar and select "Start a Conversation."
I'll try to PM you now to test.
Edit to add: Both email and PM have been sent. The real communication needs to happen with Kevin since he's the one who can fix things. However, I'd appreciate any sort of reply that shows we have a valid communications channel.
I'm sure sorry I'm going to wind up meeting you under these circumstances.
Last edited:
