Page 1 of 1

Warning - SPAM and Target Shooting Ireland

Posted: Thu Apr 22, 2010 12:15 pm
by Guest
Just a heads up to those of you who subscribe to Target Shooting Ireland (http://www.targetshooting.ie/)

A couple of days ago I noted a tremendous increase (4X-5X) in the amount of incoming SPAM email traffic. On that same day, I received the following email from the secretary of this shooting organization:

I suspect that the hacker who made his/her way into the server was able to glean from it email addresses and login information of all subscribers.

---------------------
In the early hours of Tuesday morning, the server that this site is hosted on was the subject of an attack through another site on the server. As a precaution, we are taking the view that all user's credentials are compromised.

There are no security issues with regard to this site and your login details as no sensitive information is stored on the server and registration to this site is open to all, so a compromised login is effectively useless to an attacker.

However, if you use the same login credentials on other systems such as email, facebook etc. it is strongly advised that you change your password on those systems. The risk of such an exploit is considered very low risk, but we still would strongly advise that you change your password on those systems where your name or email address are searchable.

This is only necessary if you use the same login/password combination on other more sensitive sites. It is always advisable to use different levels of credentials on different websites depending on the possible consequences of a security breach.

We appologise for the inconvenience.

Joe Kinane (Hon. Sec. NTSA)

------------------------

Posted: Tue May 18, 2010 9:47 am
by rrpc
Hi, can't let this post sit here without posting a reply to it. I'm the sysadmin for that site and I had some email correspondence with 'Guest' on this subject. He pointed out that he had received an increase in spam since he got our notice, but I'm inclined strongly to believe that they are not connected.

As the notice that was sent to all subscribers says, our site wasn't attacked, but another one on the same server was. The attack was through a component that was installed on that site but which wasn't the latest version. The information we got from the hosters was just to the effect that the component was attacked and that it had a security vulnerability.

We warned all subscribers and shut down the component. Having investigated further, we found that our site wasn't vulnerable because we were using the latest version of the software.

No other user (in excess of 500) has reported a problem with spam. No evidence of any compromising of our site was found and there is ample evidence in the site logs of failed attempts to breach security.

We took it upon ourselves to make sure everyone was warned as soon as we were made aware of a potential problem. The site hosters advised us that it was highly unlikely that any of our data was compromised as the attack was site specific. We still felt obliged to warn people.

We didn't expect to have unfounded allegations spread all over the net for our trouble :(

Posted: Wed May 19, 2010 12:33 am
by Guest
As a follow up to my initial post, I will say this. I was and continue to be very favorably impressed with the responsiveness I have seen from the folks at Target Shooting Ireland. They sent out notice of the problem immediately and they addressed my questions and concerns with equal speed.

However, my SPAM traffic did increase dramatically at the same time the problem was announced. Coincidence? Maybe. But I subscribe to the theory that if you hear hoofbeats, think horses, not zebras.

The fact that no one else has experienced the same problem could certainly militate towards coincidence and I'm open to that possiblity.

Nevertheless, no real harm done as I have been able to adjust certain SPAM controls to deal with the problem - regardless of its cause.

Hats off to the Irish.

Posted: Wed May 19, 2010 2:50 am
by rrpc
Thanks for that.

One can never be 100% sure that nothing was compromised, but all the evidence points to that fact. It's always best in such situations to assume the worst first as it costs nothing for people to change their passwords (always a good idea) and/or usernames.

The real issue here of course is the spammers and hackers who make all this extra effort necessary. We've had to add extra authentication measures to our site to stop these idiots registering - not because they do any harm but because they clutter up our user database with their nonsense usernames and spamming email addresses. I'm sure the forum admins here are faced with the same problem.

Anyway, thanks for the compliment.

Posted: Wed May 19, 2010 6:49 am
by robf
Yep, we use a plugin called stopforumspam for that reason. It does throw up a few false positives when people pick nicknames the spammers use, but on the hole it keeps 99.99% of them out.