AgeMatch.com - the best dating site for inter-generational lovers!  

Page 1 of 3 123 LastLast
Results 1 to 15 of 35

Thread: Agelesslove was hacked

  1. #1
    whiterose's Avatar
    whiterose is offline Administrator
    Join Date
    Jun 2003
    Location
    Midwest, United States
    Posts
    18,919

    Agelesslove was hacked

    If you haven't logged onto the site recently, wanted to make you aware that the site was hacked on Friday, January 15th. Here is the message from the site owners:

    "AgelessLove.com has fallen victim to a savage attack by hackers, who gained control of the site and replaced the home page with an advert for a dating site.

    They also sent a fraudulent e-mail to all members requesting donations to get
    the site back up due to unpaid bills. If you did make a donation then we suggest you contact your card company immediately and cancel your card.

    We apologise for any inconvenience caused to our members. However, this cowardly attack was completely beyond our control. The site will remain closed for a couple of days while we identify security flaws and patch them."

    You may notice that certain features have been disabled while the site is updated.

    All agelesslove members are encouraged to change their passwords as a result of this event.
    Last edited by whiterose; 01-17-2010 at 07:54 PM.

  2. #2
    truckman Guest
    Yeah, I saw that, most annoying.

    Was it just Ageless or other clients of LiquidWeb (your hosting provider) ?

    With shared hosting it's not uncommon for a server to be hacked through one site that has weak security/software bugs then with root access the entire server is compromised.

    This can happen with dedicated hosting as well, since hosting providers more often than not use the same administration passwords across the board. Access to one server gives access to most/all servers.

    I see you updated the vbulletin software - that's good - the version that was there had a few holes.

    It's really important to know if they hacked you through the vbulletin software or the server OS, or potentially another site on the server.

    Not that you want to exclude certain parts of the world, but a very effective firewall blocks CH, DE, JP, NL, RO, RU, etc. That cuts down about 95% of the attempts right there.

  3. #3
    gorillagirl Guest
    Will previous threads be restored or is everything wiped out?

  4. #4
    truckman Guest
    Best I can tell the threads/posts are there, but they're not showing as new at this point. This is a common anomaly when restoring a database (mysql, postgres) driven site such as Ageless.

  5. #5
    whiterose's Avatar
    whiterose is offline Administrator
    Join Date
    Jun 2003
    Location
    Midwest, United States
    Posts
    18,919
    Truckman, I leave the technical know how to "theadmin" who represents the site owners. He is the one who researched the issue and made the corrections.

    Gorgillagirl, I am able to see all the old threads and posts. Are you saying you are not able to see them at all?

  6. #6
    Donna Guest

    change password how?

    How do we change our password?


    Donna

  7. #7
    whiterose's Avatar
    whiterose is offline Administrator
    Join Date
    Jun 2003
    Location
    Midwest, United States
    Posts
    18,919
    Go to User CP link in the upper left hand corner of this page, and there you will find an option for changing your password.

  8. #8
    Jody<3's Avatar
    Jody<3 is offline Registered member
    Join Date
    Aug 2002
    Location
    Home, home on the range (Kansas)
    Posts
    7,507
    We seem still be having issues with our forum links..i.e. when you click the links you are not going to the correct forum area.

    So frustrating...

    Also, if you have a PM in your box from someone named "ineedhelp" please do not open that PM and delete it from your PM box.

    We will continue to work on things on our end, and hopefully everything will be back to normal ASAP
    What lies behind us, and what lies before us are tiny matters compared to what lies within us.
    ~ Ralph Waldo Emerson ~

  9. #9
    truckman Guest
    Quote Originally Posted by Katrina View Post
    Truckman, I leave the technical know how to "theadmin" who represents the site owners. He is the one who researched the issue and made the corrections.
    No problem Katrina, was just starting to offer ideas that may help. In today's world, security unfortunately is often more important than content.

    If I can help, let me know. I have experience and "skillz" in this area.

  10. #10
    gorillagirl Guest
    Quote Originally Posted by gorillagirl View Post
    Will previous threads be restored or is everything wiped out?

    i checked early this morning and there was only 1 thread. my question has been answered .... restored.

  11. #11
    SummerBob is offline Super Moderator
    Join Date
    Nov 2004
    Location
    Virginia
    Posts
    1,322
    I was really sorry to see that Agless was hacked.

    I don't know if the motive for the attack has anything to do with the content of this site, or if it was just a random attack. Either way you can never be too careful on the web these days.

    I've changed my password. Suggestion: To all those who are changing passwords, it is recommended to use a "strong" password. This is a password with at least 8 characters that includes at least one of each of (capital letter, lower case letter, number and non-alphanumeric character (such as !@#$%^&*)).
    Like Abraham Lincoln once said, "You can't believe everything you read on the Internet."

  12. #12
    SummerBob is offline Super Moderator
    Join Date
    Nov 2004
    Location
    Virginia
    Posts
    1,322
    By the way, I just remembered something.

    This attack has been going on longer than since Friday.

    Early last week (I think Monday) I got an email from admin@AgelessLove asking me to join some kind of service. The message looked odd. I clicked on it and it took me to a page with a form to fill out. It looked suspicious so I ignored it and deleted the email. This might have happened on Jan 11 or 12.
    Like Abraham Lincoln once said, "You can't believe everything you read on the Internet."

  13. #13
    Jody<3's Avatar
    Jody<3 is offline Registered member
    Join Date
    Aug 2002
    Location
    Home, home on the range (Kansas)
    Posts
    7,507
    I got a message in my PM box from a member named "ineedhelp", and when I went to view that message, the site (or what I thought was the site) asked me to log in, like I had been bumped out. I believe that I did put in my information and log in again, and when I did, I gave them my user name and password. I believe this is true because when I went back to that PM, the log-in window had an address not from this site. So, in essence, they duplicated the log in window we have here on the site.

    I believe they then simply logged in as me, made themselves an administrator, promptly banned all of the moderation staff, and then went from there.

    They did a lot of damage, including scrambling all the email addresses.
    What lies behind us, and what lies before us are tiny matters compared to what lies within us.
    ~ Ralph Waldo Emerson ~

  14. #14
    NY10's Avatar
    NY10 is offline Senior Member
    Join Date
    Dec 2009
    Location
    New York, NY
    Posts
    910
    Quote Originally Posted by Jody<3 View Post

    They did a lot of damage, including scrambling all the email addresses.
    Does that mean they have access to peoples email addresses on this site, meaning now they have my email or what?

  15. #15
    whiterose's Avatar
    whiterose is offline Administrator
    Join Date
    Jun 2003
    Location
    Midwest, United States
    Posts
    18,919
    I believe it was just the administrators whose email addresses were scrambled by the hacker. I'm sure it was an attempt to keep us admins from being able to somehow reset our passwords during that time.

    You can verify the email address that the site uses to send you emails by going to User CP, then go to Edit Email and Password. The email address you selected for the site to send you emails would be listed there.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •