Potential Forum Breach

Post Reply
User avatar
Aidan Brown
Site Admin
Posts: 531
Joined: Sat Jun 17, 2006 8:04 pm
Location: Gravesend, Kent, UK
Contact:

Potential Forum Breach

Post by Aidan Brown » Sun May 10, 2020 10:25 pm

At around 4 PM today we became aware of malicious files being placed on the Hardy Tropicals webserver. These files gave whoever put them there (and anyone else who knew of their location) complete access to the files hosted on the server along with database credentials. The database is only accessible from the webserver itself so direct database access was not available, but we cannot guarantee a copy of the database was not taken.

As a precaution we would recommend that you change your Hardy Tropicals passwords and change them anywhere else you have used the same email, username and password combinations.

At this point in time it appears the entry point was the new Wordpress based website rather than the forum itself.

We have added additional measures and monitoring to prevent a repeat of this occurring and will monitor the site for any other unusual activity.

Please accept our apologies for any inconvenience

We are attempting to send out an email to all registered users but due to the number of accounts this is timing. If you have not receieved anything we are still trying.

*UPDATE* Passwords were encrypted with the PHPBB V3.2 standard encryption and were not stored in plain text
phpBB is using the bcrypt hashing algorithm with a default cost factor of 10 since the the release of phpBB 3.1.

User avatar
Las Palmas Norte
Posts: 1892
Joined: Sun Oct 28, 2007 7:17 pm
Location: Lantzville, British Columbia (Vancouver Island)

Potential Forum Breach

Post by Las Palmas Norte » Sun May 10, 2020 10:35 pm

I haven't been on here for a coons age. I did get a e-mail message about a "breach" recommending a password change.
I can't find an obvious link to my profile.
Cheers, Barrie.

User avatar
Aidan Brown
Site Admin
Posts: 531
Joined: Sat Jun 17, 2006 8:04 pm
Location: Gravesend, Kent, UK
Contact:

Potential Forum Breach

Post by Aidan Brown » Sun May 10, 2020 10:45 pm

If you click on your name (top right) you should get the option of user control panel.
20200510_234305.jpg
Then go to the profile tab and edit account settings to change your password.

Or try this link

https://hardytropicals.co.uk/forum/ucp. ... eg_details

jude
Posts: 2
Joined: Thu Jan 02, 2014 8:40 pm
Location: West Malling, Kent

Potential Forum Breach

Post by jude » Mon May 11, 2020 12:00 am

Just tried to change my password, but it kept going blank when I clicked reset.

User avatar
Aidan Brown
Site Admin
Posts: 531
Joined: Sat Jun 17, 2006 8:04 pm
Location: Gravesend, Kent, UK
Contact:

Potential Forum Breach

Post by Aidan Brown » Mon May 11, 2020 6:44 am

Reset will send you an email to create a new password. If you type your current password and new password and click submit this should change your password.

Post Reply