Possible Hack

[=CfC=Fitz]

Hi all,

My web host advised that the site may have been hacked. I've cleared up the back end but I suggest that you all change your passwords asap. I've deleted a lot of stuff for unused themes and a couple of files that may affect the current theme so please let me know if you spot any issues with the site.

Pip pip,

Fitz

[Storebror]

Thanks for taking care of this Fitz.
Seems to be hacker season again.
@work our telephone system has been hacked on the weekend.
After a few thousand international calls, our provider cut the line.
A colleague of mine had a few hundred calls on his list... I consider myself lucky as my phone list is clear.

Cheers!
Mike

[cjd-2010]

Password changed to something stronger and equally forgettable! 😁

Cheers,Chris

[CFC_Conky]

Done.

[=CfC=Fitz]

I should probably also mention that if you use the same password on any other sites you might want to change those as well. Hackers have a habit of trying email/password combinations wherever they can.

[Storebror]

It should be noted though that SMF does not store plain text passwords and it does not use a reversible encryption either.
Passwords are stored in hashed&salted format.
Hashed means it's one-way encryption, you cannot simply "decrypt" a hashed password.
Salted means that so called "rainbow tables" are useless when attempting to guess the matching password for a hash.
What's left is a brute force attack, which works for pretty simple and short passwords, so complexity is the key.
My password generally have both uppercase and lowercase letters, numbers and special characters like "+-#&%$()" etc, and they're at least 10 characters long.
Not that his would make unhashing impossible, but with today's hardware, it would take a little longer than all of us are going to stay on this planet, even if we sum it up.
Nevertheless, of course I don't recycle passwords across sites - this is something I'd generally suggest not to do at all, never ever.

Cheers!
Mike