Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38
Like Tree9Likes

Recent Attack

This is a discussion on Recent Attack within the About This Board forums, part of the Other Forums category; Could just reset everyone's passwords, would be easier - and put a message on the failed logon attempt advising users ...

  1. #21
    Board Regular Kyle123's Avatar
    Join Date
    Jan 2012
    Location
    Leeds, UK
    Posts
    2,188

    Default Re: Recent Attack

    Could just reset everyone's passwords, would be easier - and put a message on the failed logon attempt advising users to request a new password. That wouldn't result in 100's of thousands of emails - most of the users have probably never posted anything.

    Anyway, I'm not kicking up a stink as such, just advising people to change their passwords. The impact should be minimal if people follow proper guidelines and have one password per site and don't repeat it anywhere

  2. #22
    Board Regular
    Join Date
    Sep 2016
    Location
    Canada
    Posts
    231

    Default Re: Recent Attack

    Quote Originally Posted by Joe4 View Post
    Do you have any idea what happens if you try to send out 375,000 email from a single source?
    You get classified as a "Spammer", start showing up on Spam websites, and many ISPs start blocking emails from your IP.
    We already have some situations where some ISPs block our emails, as I see it often when people send us emails when they sign up and never receive the confirmation email that we send that contains the link they must click to activate their account.
    Actually yes, I have a pretty good idea considering I regularly setup and configure web servers and there are certainly proper ways of going about sending out these emails. If Sony, LinkedIn, Yahoo, Apple etc, can do it, so can you. Ensuring SPF and DKIM is properly configured and knowing your server's SMTP limits for starters. Abiding by legislation also helps to prevent being marked as a spammer (by including un-subscribe links). It would also be ill-advised to send emails to all 374,509 members of this forum. I'm willing to bet at least half of that total member count are dead accounts to begin with. You could have started with the users who've actually logged in within 3 months prior to the security breach.

    Upon doing a bit of research, MrExcel.com appears to be hosted by a company called Pair Networks. As per their terms of usage, MrExcel.com cannot:

    Send out mail to more than 25 addresses in one batch, whether sequentially or in parallel. Such batches must "sleep" for at least three seconds between each delivery attempt. Please consider using our pairList service for such mailings.
    It identifies that should you wish to send out mass emails, do so in batches of 25 with at least three seconds between each delivery attempt. Furthermore, it seems Pair Networks even provides you a tool they call "pairList" for this very purpose.

    Look, I'm not trying to incite any arguments, I'm just calling out the facts. There appears to be a lack of concern for security around here (I mean heck, you just got hacked and yet your STILL using the same very out-dated forum software--where's the logic in that?). At the absolute very least, I suggested removing the version number so as not to publicize to the entire world that your using out-dated and bug-riddled software, yet that suggestion was entirely ignored.

    Have you guys even actually identified the source of the hack yet? Has anyone even sat down and gone through the Apache logs?

    MrExcel.com has grown into a powerful community of 374,510 people. This puts a target on your back for hackers and data thieves. Whether you like it or not, you have an obligation to perform your due diligence to ensure the privacy and security of the members of this community.

    I know how to protect myself in an online world, its the other 374,509 people that I worry about. I just don't understand how you can be so non-chalant about the fact that you have a huge number of people who could unknowningly have someone digging about their email inbox as we speak; who knows what else. Hell, the very fact that someone is out there making money of a list of your users. This is okay with you?

    You'll have to excuse me because I've grown rather attached to MrExcel.com and it's a little upsetting to hear this happening and to be met with defensive sarcasm and vague information from the leaders of this community.
    AliGW likes this.
    TIPS FOR FINDING EXCEL SOLUTIONS:

    1. Ask Google.
    2. Use the Search functionality on this board.
    3. A lot of VBA code can be acquired by using the Macro Recorder.
    4. Microsoft's Developer Network is your friend!

  3. #23
    Board Regular J.Ty.'s Avatar
    Join Date
    Feb 2012
    Location
    University of Warsaw, Poland
    Posts
    708

    Default Re: Recent Attack

    The page for password change is presently not secured. To me, changing the password now over an open link is not much better (and perhaps even worse) than leaving it as is.

    J.Ty.
    My Excel uses ";" to separate arguments in functions, and they sometimes stay there when I copy-paste or insert a screenshot. In such cases please replace ";" by "," everywhere.

  4. #24
    Board Regular
    Join Date
    Oct 2015
    Location
    Sapphire Coast of Australia
    Posts
    326

    Default Re: Recent Attack

    Quote Originally Posted by Krayons View Post
    I also cannot stress enough the importance of using strong passwords. LastPass is an amazing tool. With it, every single one of my accounts all use a unique 20 character password. (EG: &8y*^Ex4Zvk$&S!7A9nV) The odds of it being brute forced, are so astronomically small, that I have absolutely zero concerns as a result.
    Also worth mentioning is that LastPass (presumably other password managing browser extensions such as KeePass) perform the logon for you and makes password changes easy.

    Worth noting is there is a 'Security Challenge' tool in LastPass that will rate the strength of the passwords you use. For example, my MrExcel pwd scored 97% (only 12 characters long and contains no special characters). You can filter the 'Security Challenge' results to show compromised passwords. I haven't done mine for a while. I just found five more hacked accounts with passwords that require changing. I thank Mrexcel for indirectly alerting me to those problems.
    I offer advice in good faith. Please be patient if I miss something.
    Find Out more about:
    Functions used above
    VBA functions
    Excel VBA Functions
    Debug your own code
    Free Tutes/Guides

    VBA does not undo so Copy your critical workbook before testing anyone's VBA.

    Posting Aids

  5. #25
    Board Regular FDibbins's Avatar
    Join Date
    Feb 2013
    Location
    Duncansville, PA USA
    Posts
    5,846

    Default Re: Recent Attack

    Just did a quick check for the "best" password managers....
    The Best Password Managers of 2017 | PCMag.com
    Dashlane and LastPass both came out tops there

    - Posting guidelines, forum rules and terms of use

    - Try searching for your answer first, see how

    - Read the FAQs

    - List of BB codes


    Regards

    Ford

  6. #26
    Board Regular
    Join Date
    Oct 2015
    Location
    Sapphire Coast of Australia
    Posts
    326

    Default Re: Recent Attack

    For those chasing a freeware password version so you can trial it first:
    The Best Free Password Managers of 2017 - Password Managers - Products
    I offer advice in good faith. Please be patient if I miss something.
    Find Out more about:
    Functions used above
    VBA functions
    Excel VBA Functions
    Debug your own code
    Free Tutes/Guides

    VBA does not undo so Copy your critical workbook before testing anyone's VBA.

    Posting Aids

  7. #27
    New Member
    Join Date
    Jan 2014
    Posts
    20

    Default Re: Recent Attack

    So I can't seem to find how to delete my account from the user control panel and I've contacted a moderator and nothing has happened. Can an administrator please delete my account. I no longer want to remain a member of this forum. I'd appreciate if you can completely remove me from your database.

    Can you let me know when this is done because I rarely use this site. Thanks
    Last edited by Inactiveb0347; Jan 15th, 2017 at 02:29 AM.

  8. #28

    Join Date
    Feb 2015
    Posts
    13

    Default Re: Recent Attack

    Quote Originally Posted by punkrock760 View Post
    So I can't seem to find how to delete my account from the user control panel and I've contacted a moderator and nothing has happened. Can an administrator please delete my account. I no longer want to remain a member of this forum. I'd appreciate if you can completely remove me from your database.

    Can you let me know when this is done because I rarely use this site. Thanks
    Likewise. It's been about two years since I've used the forum. I just rather delete it and then I'm also going to delete the email address that's associated with this account.

    Please send me an email when the account is deleted.
    Thanks!

  9. #29
    Board Regular
    Join Date
    Sep 2016
    Location
    Canada
    Posts
    231

    Default Re: Recent Attack

    Quote Originally Posted by punkrock760 View Post
    Can you let me know when this is done because I rarely use this site. Thanks
    Quote Originally Posted by shav05 View Post
    Please send me an email when the account is deleted.Thanks!
    Unfortunately, that won't likely happen considering you've both made posts on this forum. Deleting your accounts would to my best knowledge, bork up any thread your account was part of.

    CLICK THIS LINK and just change your email to any @mailinator email address and change your password to random nonsense you're never going to remember. You account is as good as deleted.

    With that, I bid you adieu.
    mole999 likes this.
    TIPS FOR FINDING EXCEL SOLUTIONS:

    1. Ask Google.
    2. Use the Search functionality on this board.
    3. A lot of VBA code can be acquired by using the Macro Recorder.
    4. Microsoft's Developer Network is your friend!

  10. #30
    New Member
    Join Date
    Dec 2015
    Posts
    5

    Default Re: Recent Attack

    I have received an email allegedly from Bill Jelen of this forum.

    I am now reading, via this thread, of an attack on this form which has resulted in obtaining users emails and passwords.

    I am very concerned and annoyed to read that this attack happened over a month ago and yet I have only been informed today. Not being a regular visitor I would not have seen the warnings provided and now learn that my details have been in the hands of criminals for over a month.

Page 3 of 4 FirstFirst 1234 LastLast

Like this thread? Share it with others

Like this thread? Share it with others

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


DMCA.com