Forum hacked by IS

Captain P

The forum had a message " hacked by IS" last night with a picture of a terrorist.
Clearly this has now been removed.

Can someone say what has been done to prevent this happening again and whether all the email addresses and personal details in the forum accounts where hacked as well. Clearly the security level on the forum needs to be increased in my view.

As a separate point I think the whisper function on the forum should also be removed. This is subject to potential abuse and is not appropriate particularly with a large youth section.

However please post what has been done to secure the forum against future hackers.

James

PS happy for this to be an AGM issue if required.

FD

Hi all

This was a disturbing development, given the organisation doing the hacking. Why anyone, let alone IS, would want to hack a cycling forum is quite beyond me.

Are we sure that our personal details/email addresses are safe from the hackers? Do we need to raise security and is that costly?

It makes you appreciate all of the voluntary work that goes on behind the scenes to keep the forum and club running.

John

Nathaniel Rosa

It was not "IS".

Extremely unlikely, anyway.

99.9% clearly a troll script kiddy (google it).

geoffg

Glad we are up and running again. Agree with Nat.
We talked about having a forum as an integral part of our website so that people had to go through our website first and I think this is a good idea as it allows new members to see there are other aspects to our great club than certain whacky posts.
Martin does a great job and often thankless in seeing we get such a good forum and website.
I trust him to sort this and let us know what is needed.

FD

Good to hear that the perceived wisdom is that this was just the work of some idiot 'script kiddy' - Whatever is the world coming to that people get a kick out of intimidating people with images such as this?

I was pretty shocked last night to see a picture suddenly appear of a masked terrorist brandishing a weapon and my first thought was of security

Would welcome some reassurance that our personal details and email accounts are secure from hackers.

Thanks

John

Captain P

Glad others are not concerned with this matter
However I am not sure I trust whoever did this to not have other motives.
So this is simply a matter of due diligence and a legitimate question.

Have our details been hacked by this party and , since these things are preventable , have steps been put in place to stop reoccurrence.
This is not a personal issue and comments , edited or otherwise, need not be so

Thanks
James

skelders

I spoke to Martin via text this morning, he is away at the moment and unable to access and answer your questions. I'm sure he will be able to do so soon and reassure you as soon as he can.

Captain P

Thanks for your reply Tim
Cheers

Forum Admin [Martin]

If anyone out there is concerned about hacking/their privacy/security on this forum: the only effective solution is to delete your account. I can't give reassurance we won't be hacked again.

If anyone wishes to delete their account, let me know.

FD

Thanks for your reply

As I said above - 'It makes you appreciate all of the voluntary work that goes on behind the scenes to keep the forum and club running.'

John

mattss

Being realistic, this obviously was not a targeted attack but merely an internet bot programmed to target lesser secured sites. There is not a website in existence that could not be hacked (given enough time and resource). By entering our details on any online service is, to a certain degree, at our risk, especially with a cycle club with very limited IT resource and funding.

Our hosting would be supported by a third party, therefore we have no 'in-house' control over the fire walling or security of our sites and would be relying on our service providers for this. I would imagine the only physical method of actively protecting us is by changing our account password which, as you can imagine, will only provide us with a extremely low level of protection.

I have nothing to do with the IT or web hosting at CCA, just wanted to give people an idea of what can be expected.

Andrew R

This is post is from me and not in any way sanctioned by the club however the general advice is:-

Use a unique password for each of your important accounts like email and online banking

If any of you are using the same password for CCA forum as for more important accounts such as email or online banking accounts then I would recommend changing the passwords for these accounts.

Personally I use a low grade password for all of the accounts that I don't care about so much (mainly forum accounts) and use individual stronger passwords for others.

Captain P

All good info, thanks a lot
I agree we will be dependent on third party fire walls etc and these usually come at a price.
My inference was the club look at " investing" some money in this , hence the need to discuss at an AGM.

whilst it maybe impossible to prevent determined hackers, the low grade bots can be stopped, just needs a bit of money. It was either low grade and can be stopped, or a determined hacker and therefore concerning.

So still believe there must be ground between where we are now and preventing the impossible. Would be agreeable if some options where reviewed and either discarded or taken up at a cost.

The usual emotional stuff will fly about and attempts to make stuff personal. It is not.

I also raise the whisper function and the desire to review if this is now appropriate. I believe it has served its days, but should now be removed due to the risks it carries. But those responsible if it is misused should mull that one over.
Misuse has occurred.

So thanks to those entering the rational debate.

James

geoffg

we are all good eggs at Easter :-)

geoffg

All back to normal so big thank you to Martin and those looking into issues.
Just a polite enquiry James. Just how do you intend we "prevent the impossible" as you suggest :-)