Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 16 to 30 of 39

Thread: MOA Forum Hacked?

  1. #16
    Can't Grow It?? Mow it!! bullit7801's Avatar
    Join Date
    Oct 2004
    Location
    Lincoln, NE; Flat, Boring & Windy Great Plains
    Posts
    900
    Quote Originally Posted by 68159 View Post
    I wonder why not every member received an e-mail from BMWMOA Are some of us more important than others
    Quote Originally Posted by Rob Nye View Post
    I'm quite confident every member was sent an e-mail.

    Some users are paranoid and put in bogus addresses.
    Some users forgot to update an old address
    Some users will have the message end up in their spam filter

    If you want me to send you a copy directly send me a pm with your address.
    And for more members than we want, we don't have an e-mail address on file. Of course, that is NOT true for forum users. To register for the forum, an e-mail address is required. Rob is right, thou, about the above. We hope all forum users find out about the hack and change their password.

    tb
    Tom "Bullit" Buttars
    Ambassador
    1978 R100RS, 2006 F650GS, 2007 F800S

  2. #17
    Fortis Fortuna Adiuvat Omega Man's Avatar
    Join Date
    Jan 2010
    Location
    Mansfield,MA
    Posts
    14,159
    The example of listing the spam threads has been deleted at the request of the poster....The request from the MOD Team remains... Thanks.

    The Mod team is on it and it isn't going to be fun PLEASE don't re-post threads and send members down the rabbit hole.
    Attention if a member sees a suspicious site and it looks like the Moderators are not on it use the Report Post Button.
    NEVER click on one of the links in one of these spam posts. They are most likely embedded re-directs.
    Last edited by Omega Man; 02-05-2012 at 04:59 PM. Reason: remove quote
    "You can do good or you can do well. Sooner or later they make you choose." MI5
    Mod Squad
    2009 F800GS 1994 TW200

  3. #18
    Registered User dancogan's Avatar
    Join Date
    Aug 2004
    Location
    SE Michigan
    Posts
    2,242
    Hats off to the mods for responding so quickly. I awoke to find the forum was virtually filled with spam, some rather innocuous in content and some inappropriate. Less than 2 hours later it's apparently all gone. I'm sure it took someone or some team of people a fair bit of time to clean this up.

    Will this continue, due to the recent hacking?
    Dan

  4. #19
    Ritalin Poster Boy rob nye's Avatar
    Join Date
    Mar 2003
    Location
    Bristol, Rhode Island
    Posts
    2,947
    Quote Originally Posted by dancogan View Post
    Hats off to the mods for responding so quickly. I awoke to find the forum was virtually filled with spam, some rather innocuous in content and some inappropriate. Less than 2 hours later it's apparently all gone. I'm sure it took someone or some team of people a fair bit of time to clean this up.

    Will this continue, due to the recent hacking?
    It will be a tough slog for a bit, me thinks.

    While all the issues would be resolved in hours with a forum upgrade there is a very good chance that the interface between the forum and back end of the member management / e-commerce system would break.

    I'm willing to wager that someone is doing validation testing on the interface with the latest version of VB but that takes time and money as one needs to set up a test lab discover any issues and then fix them before upgrading the DB.

    In the interim I think the fastest way to stop the spam is to turn off the self-registration feature, all new forum logins would have to be validated by a human.

    There are people working on this in the last few days the forum has been updated to 3.8.6. I'm confident they'll get this sorted out as quickly as they can. In the mean time kudos to the mods for rapid clean up.

  5. #20
    Curmudgeon At Large Bobmws's Avatar
    Join Date
    Mar 2003
    Location
    Astatula, FL
    Posts
    1,309
    This morning I saw all the spam crap on the forum and logged out. When I went to log in a few hours later, I got an error message that would not allow me to log in.
    Submitted the lost password form and tried the new one, same error massage.
    Now an hour or so later I can log in with the new password, but am unable to update it.
    Is this part of the repair?
    Bob Weis
    Bikeless! 2004-bmw-k12rs-hannigan-Sold!

  6. #21
    Cannonball Rider #52 darrylri's Avatar
    Join Date
    Oct 2003
    Location
    Surf City, USA (Santa Cruz, CA)
    Posts
    4,573
    Bob, we have been working today to clean up the mess. Can you tell me if you were trying to change your password here, in the forum, or over on the club's main site, under Account Management? Thanks!
    --Darryl Richman, forum liaison
    http://darryl.crafty-fox.com

  7. #22
    Liaison 20774's Avatar
    Join Date
    Sep 2005
    Location
    San Antonio, TX
    Posts
    20,537
    There's a lot going on behind the scenes. Yes, just about everyone was "locked out" for a bit. There are some software upgrades going on and stepping through those takes quite a bit of tweaking. We were stable with the forum software for some time but because of the hack into the database last month, the decision was made to move the forum versions along to try and take advantage of new security patches, etc. Being that this is above my understanding of how forums/software works, that's about all that I know.

    Hang in there, things will get better!
    Kurt -- Forum Liaison ---> Resources and Links Thread <---
    '78 R100/7 & '69 R69S & '52 R25/2
    mine-ineye-deatheah-pielayah-jooa-kalayus. oolah-minane-hay-meeriah-kal-oyus-algay-a-thaykin', buddy!

  8. #23
    Curmudgeon At Large Bobmws's Avatar
    Join Date
    Mar 2003
    Location
    Astatula, FL
    Posts
    1,309
    Quote Originally Posted by DarrylRi View Post
    Bob, we have been working today to clean up the mess. Can you tell me if you were trying to change your password here, in the forum, or over on the club's main site, under Account Management? Thanks!

    Darryl,
    I was in account management. I just looged on again and was able to change it. Thanks to all of you behind the scenes for the hard work.
    Bob Weis
    Bikeless! 2004-bmw-k12rs-hannigan-Sold!

  9. #24
    Registered User gimmeshelter's Avatar
    Join Date
    Nov 2008
    Location
    Detroit
    Posts
    37

    Hacking

    I am more than a little incensed at how this is being handled by the organization. I would expect a full responsible accounting of what is going on and not have to go to a forum to find out what other's think is going on.

    Very poor management. Is this a cover up?

    This is probably the first time I have thought of quitting the Club. Right now I feel as much a member to the BMWOA as I feel being a member of Costco.

  10. #25
    rabid reader dbrick's Avatar
    Join Date
    Apr 2003
    Location
    Santa Cruz CA
    Posts
    2,337
    Quote Originally Posted by gimmeshelter View Post
    I am more than a little incensed at how this is being handled by the organization. I would expect a full responsible accounting of what is going on and not have to go to a forum to find out what other's think is going on.
    Forum Liason DarrylRi posted this thread soon after the intrusion was discovered. This isn't about "what others think is going on," but what BMWMOA thinks is going on. It seems quite reasonable to me.

    Very poor management. Is this a cover up?
    YMMV. Mine is they're doing pretty well here. I like the distinction between the first thread (what happened) and this one (what everyone thinks)
    David Brick
    Santa Cruz CA
    2007 R1200R

  11. #26
    Ritalin Poster Boy rob nye's Avatar
    Join Date
    Mar 2003
    Location
    Bristol, Rhode Island
    Posts
    2,947
    Quote Originally Posted by gimmeshelter View Post
    I am more than a little incensed at how this is being handled by the organization. I would expect a full responsible accounting of what is going on and not have to go to a forum to find out what other's think is going on.

    Very poor management. Is this a cover up?

    This is probably the first time I have thought of quitting the Club. Right now I feel as much a member to the BMWOA as I feel being a member of Costco.
    Good morning,

    Cover up? What's to cover?

    Here's the issue as I see it.

    Background: The MOA runs a membership e-commerce system. These systems are very expensive (think six figures) and take a ton of time to implement. The MOA invested the time and effort to get the member database integrated with a system that allows us to preregister for the rally, join, renew and buy some swag from the Country Store.

    That's a HUGE member benefit that in this day and age the average user thinks should perform like a utility, i.e. always be there. I see this with IT at work because people have no idea what it really takes to "keep the lights on." Especially with regards to costs and delivery time.

    Along the way we rolled out the forum using V-Bulletin. VB is recognized as one of the gold standards of forum software. It's run by many sites larger than this and some of the chartered clubs also run VB.

    The challenge was and still is how do you maintain a member database for the e-commerce and have the same user id and log in work across the forum. The easy way out is to purchase the forum module from the e-commerce vendor but when you compare it to VB it is painfully bad.

    The solution involves a custom interface between the two databases. This is not off the shelf stuff and it isn't something that some geek in a closet can do in a day, or perhaps even a week. IIRC the original interface took months.

    As an admin of a VB forum I can testify that they offer patches and updates on a frequent basis. They are very quick to provide information and a patch on urgent security issues. They're so good that as a volunteer admin sometimes I have a hard time keeping up. That's because a good admin doesn't just load patches willy-nilly, first the DB is backed up and the patch might even be run on a test system first. The MOA has very good VB Admins, sometimes I go to them for advice on my system.

    The elephant in the room is the interface. Every patch and update to either system carries the risk that the interface will need to be re-coded. This is something that's much easier to deal with if it can be planned, tested and validated, vs being built due to a system down issue. Break fixing sucks.

    So to sum it up, the MOA admin team is challenged to keep both systems current and the interface working just right; plus you've got 90 days until rally registration opens which is a big hit on the system. Because of the need to test and validate every patch it's completely understandable that they got caught by a hacker, the same thing happened to my board but as it's smaller I just took it off line for five days. Our admins don't have the luxury of being able to do that.

    Ultimately what happened is someone got into the VB database and pulled out username, email (in plain text) and passwords (in hash keys). That's all they got.

    What the admin team has been able to do is update the forum to the latest update for this version. This should have closed the leak. I'm willing to wager they're working on updating to the most current version which is a huge job, plus the user interface will change. If you want to see what it looks like check out the YB forum. It is also quite possible that they'll stay with this version as long as VB is supporting it; If I was running the show that would be a strong consideration, especially with rally registration coming up. At the very least I'd get the ball rolling on testing so the upgrade trigger could be pulled on my schedule, not some hackers.

    The worst thing that will happen to the users is more spam. If you use gmail, comcast etc chances are you won't even notice, it'll just be more load on their spam boxes. You should watch out for the ones that do get through, they will not be offering to grow your unit, they'll have a link that they want you to click.

    These emails could even look like they came from the MOA with instructions to click here to update your personal information.

    DO NOT DO THAT.

    There has been plenty of discussion on passwords and such, by now you really should have changed your password to something different but most importantly you should change your password on *every* site that you've subscribed to or made a purchase from using the same e-mail address you used here.

    The other golden rule is never, ever check the box labeled "save information for later" or "save credit card". While it sounds convenient that's the info the hackers are always after.

    So no, no conspiracy, but at the most technical level there is perhaps one or two people on the board and one or at best two people in the office who really understand how this works, the bulk of it is managing the vendors.

    I hope this provides some understanding as to what is likely going on in the back room. No conspiracy at all. There's no need for an adversarial attitude either, folks that run services like this care more about performance and up-time than you do so calling them out or talking about cancelling your membership only adds to the acid in the gut. It will not provide any positive motivation for the guys in the trenches.

  12. #27
    Dances With Sheep GREGFEELER's Avatar
    Join Date
    Mar 2003
    Location
    Boise, ID
    Posts
    3,324
    Quote Originally Posted by rob nye View Post
    good morning,

    cover up? What's to cover?

    Here's the issue as i see it.

    Background: The moa runs a membership e-commerce system. These systems are very expensive (think six figures) and take a ton of time to implement. The moa invested the time and effort to get the member database integrated with a system that allows us to preregister for the rally, join, renew and buy some swag from the country store.

    That's a huge member benefit that in this day and age the average user thinks should perform like a utility, i.e. Always be there. I see this with it at work because people have no idea what it really takes to "keep the lights on." especially with regards to costs and delivery time.

    Along the way we rolled out the forum using v-bulletin. Vb is recognized as one of the gold standards of forum software. It's run by many sites larger than this and some of the chartered clubs also run vb.

    The challenge was and still is how do you maintain a member database for the e-commerce and have the same user id and log in work across the forum. The easy way out is to purchase the forum module from the e-commerce vendor but when you compare it to vb it is painfully bad.

    The solution involves a custom interface between the two databases. This is not off the shelf stuff and it isn't something that some geek in a closet can do in a day, or perhaps even a week. Iirc the original interface took months.

    As an admin of a vb forum i can testify that they offer patches and updates on a frequent basis. They are very quick to provide information and a patch on urgent security issues. They're so good that as a volunteer admin sometimes i have a hard time keeping up. That's because a good admin doesn't just load patches willy-nilly, first the db is backed up and the patch might even be run on a test system first. The moa has very good vb admins, sometimes i go to them for advice on my system.

    The elephant in the room is the interface. Every patch and update to either system carries the risk that the interface will need to be re-coded. This is something that's much easier to deal with if it can be planned, tested and validated, vs being built due to a system down issue. Break fixing sucks.

    So to sum it up, the moa admin team is challenged to keep both systems current and the interface working just right; plus you've got 90 days until rally registration opens which is a big hit on the system. Because of the need to test and validate every patch it's completely understandable that they got caught by a hacker, the same thing happened to my board but as it's smaller i just took it off line for five days. Our admins don't have the luxury of being able to do that.

    Ultimately what happened is someone got into the vb database and pulled out username, email (in plain text) and passwords (in hash keys). That's all they got.

    What the admin team has been able to do is update the forum to the latest update for this version. This should have closed the leak. I'm willing to wager they're working on updating to the most current version which is a huge job, plus the user interface will change. If you want to see what it looks like check out the yb forum. it is also quite possible that they'll stay with this version as long as vb is supporting it; if i was running the show that would be a strong consideration, especially with rally registration coming up. At the very least i'd get the ball rolling on testing so the upgrade trigger could be pulled on my schedule, not some hackers.

    The worst thing that will happen to the users is more spam. If you use gmail, comcast etc chances are you won't even notice, it'll just be more load on their spam boxes. You should watch out for the ones that do get through, they will not be offering to grow your unit, they'll have a link that they want you to click.

    These emails could even look like they came from the moa with instructions to click here to update your personal information.

    Do not do that.

    there has been plenty of discussion on passwords and such, by now you really should have changed your password to something different but most importantly you should change your password on *every* site that you've subscribed to or made a purchase from using the same e-mail address you used here.

    The other golden rule is never, ever check the box labeled "save information for later" or "save credit card". While it sounds convenient that's the info the hackers are always after.

    So no, no conspiracy, but at the most technical level there is perhaps one or two people on the board and one or at best two people in the office who really understand how this works, the bulk of it is managing the vendors.

    I hope this provides some understanding as to what is likely going on in the back room. No conspiracy at all. There's no need for an adversarial attitude either, folks that run services like this care more about performance and up-time than you do so calling them out or talking about cancelling your membership only adds to the acid in the gut. It will not provide any positive motivation for the guys in the trenches.
    +1
    Greg Feeler
    BMW MOA Foundation Secretary, Ambassador & amateur K-Bike collector, it seems
    1972 R75/5, 1990 K75, 1990 K1, 1992 K75S, 2003 K1200RS

  13. #28
    Intermediate Adventurer Newstar's Avatar
    Join Date
    Jan 2006
    Location
    Landenberg, PA
    Posts
    2,779
    Rather than mud slinging, we should all say a big THANK YOU to Kurt, Darryl, and Gary for working hard all week to contain and clean up the mess. Many on the forum have no idea how much clean up was necessary because these guys were on top of it.

    Kudos to them!

  14. #29
    High & Dry statdawg's Avatar
    Join Date
    Feb 2006
    Location
    In the Endless Mountains
    Posts
    2,730
    Quote Originally Posted by Newstar View Post
    Rather than mud slinging, we should all say a big THANK YOU to Kurt, Darryl, and Gary for working hard all week to contain and clean up the mess. Many on the forum have no idea how much clean up was necessary because these guys were on top of it.

    Kudos to them!


    Thanks to all involved and thank you Rob for the detail.
    If one cannot command attention by one's admirable qualities one can at least be a nuisance

  15. #30
    Still Wondering mika's Avatar
    Join Date
    Aug 2004
    Location
    Fly Over Land
    Posts
    11,807
    +1 in thanks for all the hard work that has gone into dealing with this.

    As to mud slinging...one word - PARODY...even around here no one could be that clueless so it must have been a parody the rest of you did not understand.

    Right?!?

    I would have said something sooner but I was to busy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •