Possible Hack

Started by =CfC=Fitz, September 16, 2019, 12:25:22 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


Hi all,

My web host advised that the site may have been hacked. I've cleared up the back end but I suggest that you all change your passwords asap. I've deleted a lot of stuff for unused themes and a couple of files that may affect the current theme so please let me know if you spot any issues with the site.

Pip pip,



Thanks for taking care of this Fitz.
Seems to be hacker season again.
@work our telephone system has been hacked on the weekend.
After a few thousand international calls, our provider cut the line.
A colleague of mine had a few hundred calls on his list... I consider myself lucky as my phone list is clear.

Learn. Challenge. Improve. -


Password changed to something stronger and equally forgettable! 😁

Fly Navy.Sail Army.Walk Sideways


Going to church doesn't make you a Christian any more than standing in a garage makes you a car.


I should probably also mention that if you use the same password on any other sites you might want to change those as well. Hackers have a habit of trying email/password combinations wherever they can.


It should be noted though that SMF does not store plain text passwords and it does not use a reversible encryption either.
Passwords are stored in hashed&salted format.
Hashed means it's one-way encryption, you cannot simply "decrypt" a hashed password.
Salted means that so called "rainbow tables" are useless when attempting to guess the matching password for a hash.
What's left is a brute force attack, which works for pretty simple and short passwords, so complexity is the key.
My password generally have both uppercase and lowercase letters, numbers and special characters like "+-#&%$()" etc, and they're at least 10 characters long.
Not that his would make unhashing impossible, but with today's hardware, it would take a little longer than all of us are going to stay on this planet, even if we sum it up.
Nevertheless, of course I don't recycle passwords across sites - this is something I'd generally suggest not to do at all, never ever.

Learn. Challenge. Improve. -