DNF Hacked

[pertosda]

DN Forum hacked???

Have you seen this?

http://www.DNF

Wow, Im shocked!

 

[RickM]

how can someone get passwords from the db when they are in md5?

Because MD5 can be cracked.

 

[Domainate.com]

Good to know my membership $$$ at DNF is going to site security. :p

 

[tipsfromthetop]

Its a Sad day when i here fellow domainer site has something like this happen..

Makes me wonder though was his hardware firewalls and security suites turned off? unless the hacker did ring and get his password and username if this is the case then butts need tanning!!!

 

[Static]

Good to know my membership $$$ at DNF is going to site security. :p

Haha. At least some humor in this thread.

That password leaking stuff is quite intimidating indeed...

 

[PolurNET]

NamePros needs to brace for impact as a result of this apparent new wave of 'attacks', but frankly speaking, no one can be safe from crazy, sadistic and armed folks out there in the world

 

[Amnezia]

Lets get this straight

DNS poisioning does not allow you to hack a site, it allows you to redirect a domain to another IP address. DNF was defaced which means the hacker must broken into the server, hence this was not DNS poisoning

 

[Domainate.com]

Haha. At least some humor in this thread.

That password leaking stuff is quite intimidating indeed...

That's the thing...it really isn't funny that out of the 3 domain forums I go to, the only one of them that's been hacked during my membership is the one where I'm PAYING for membership, and it really does raise the question: What IS my membership money going towards? Anything at all?

I do admit that I seem to have a lot more sales there than here, but I'm sure when I post sales threads here, my longevity means a lot of people have seen it before, whereas there a lot of people haven't. Besides that, I don't really like DNF at all, and now have even less reason to like them.

I know hackers can be and often are more motivated than people in charge of website security, but regardless, a site with paid memberships being hacked and possibly having passwords compromised is a slap in the face to those of us paying for memberships.

 

[zinko]

Because MD5 can be cracked.

ok, except you use a dictionary word that is obviously in md5 databases, or bruteforce?
really I want to know

 

[Domagon]

The authorities will do nothing - there's likely no real evidence ... an IP alone doesn't mean anything unless it can be collaborated with other information - that will likely prove difficult since the hacker presumably did so through other servers that have been compremised.

But even if the hacker can be physically located, if they are, as it is alleged, in Iran, there's basically zero the authorities can do...

If anything, Adam / DNF could find the authorities questioning them a bit, if DNF knowingly allows people from Iran to register / buy membership on there.

Ron

 

[PolurNET]

Because MD5 can be cracked.

ok, except you use a dictionary word that is obviously in md5 databases, or bruteforce?
really I want to know

this is not an appropriate place to talk about these kinds of things.

 

[Ben]

ok, except you use a dictionary word that is obviously in md5 databases, or bruteforce?
really I want to know

The only way you can crack an md5 hash is to bruteforce it.

Note: It's possible for him to get into your DNF account using your password hash without cracking it, so even if you have a secure password it'll be best to change it once DNF's back.

 

[Domagon]

MD5 is a hash - it does not store the actual password, but rather a mathmatical checksum, so to speak, of it.

Many different password combinations can share the same hash ... so what one does, with some / much effort, is generate a lot of potential passwords using a dictionary, lookup table, etc and compare those until they get some matches to the user's password MD5 hash ... when they do, they can, with some confidence, assume it's likely (they can't be 100% sure though from that alone) the user's real password.

Ron

 

[johnn]

It's a sad situation but you guys have to be careful what to say here as the scumbag may watch this thread now.
Don't speculate what was happened as you may give him more tips.
I am sure there will be a statement from Adam when the storm is over as -rj- did a while ago.

John

Please do not speculate and discuss in details how/what/when, etc....

 

[Acroplex]

The databse seems to be intact; I was able to view live (non-cached) threads of as late as 7:35am earlier today. This is good news. The hacker achieved nothing, hopefully. The real issue will be if he got a dump of the entire database. That means thousands of PMs amongst members that might contain sensitive information. Change your passwords across all of your accounts.

 

[Domagon]

That's the big unknown ... did the hacker copy the database? -if so, to what extent?

Hopefully, DNF is forthcoming and honest about the situation so people can take the necessary precautions.

Ron

 

[Lasher]

I would love to be an active member at DNF but have a problem with the maturity level of not allowing the "N" word to be mentioned (Namepros), it's just so immature.

Regardless, hope they get things back to normal soon because it is clearly an important and valued forum to many domainers.

 

[slider]

I would love to be an active member at DNF but have a problem with the maturity level of not allowing the "N" word to be mentioned (Namepros), it's just so immature.

:lol: Wow. I was actually planning on making an account there sometime this week, but after seeing it get hacked...I'm not willing to pay for a membership.

 

[Ray]

my post got censored

 

[PoorDoggie]

how can someone get passwords from the db when they are in md5?

Because MD5 can be cracked.

not necessarily. point is (as mentioned below) the only way to "crack" md5 is to bruteforce it. This would mean feeding a program pre-made words/phrases, md5ing them and checking them against the hash keys. This is the reason why places nowadays tell you to have numbers and letters in your passwords, and if your password is a simple name or dictionary word then it is insecure.

Because MD5 can be cracked.

ok, except you use a dictionary word that is obviously in md5 databases, or bruteforce?
really I want to know

Bruteforce... but if your password is a dictionary word the chances are that its already been stored as an md5 string for checking.

Its a shame to hear. I don't really know this website - I don't think I have every been on there. lol But, it must be a terrible feeling for the poor guy!

 

[larrylegend]

URGENT MESSAGE REGARDING DNF HACK.
If you only read one message today...let it be this.
When DNF got hacked, so did you email address, your username and your password. (probably - you have to think that way)
Trying to choose my words carefully. But you must be aware that some guy in Iran now has your email address, your username and possibly your password.
If you use that for ANY other site, ANYwhere... get busy quick.


Another good lesson to use multiple email addresses and NEVER use the same password on a public site that you do on your email account, or to ever use the same email address for your important stuff that you do for forums and stuff....