Did the site get hacked? Receiving extremely suspicious emails.

[Kerii 0]

The link goes to a completely different site.

http://www.poignee2cigares.com/forum/cache/HDD_Recovery_tool.exe

Doesn't seem to be anything off about the message source either.

 

[Sam.F 0]

I got the same email just now.

Highly suspicious!

[anybody 0]

I got this too, twice actually. Either hacked or one of the admins needed some extra money and sold out to some spammer.

The file linked to is the following according to virustotal:

Edited January 18 by anybody

[ploink 0]

I received the same message about 4 hours ago. There have been some major breaches and user databases from many websites have been published.

Over 770 million email addresses shared online in largest data breach in history

I checked my email adress on the site https://haveibeenpwned.com/ and it is found in databases "Anti Public Combo List" and "Onliner Spambot". Perhaps one of those includes the storagereviews user data.

[Brian 157]

Yes, we're still dealing with it right now, someone broke in and did bad crap.

[Brian 157]

Thankfully our users are smart enough to know we wouldn't send an HDD tool executable.

[Kevin OBrien 58]

From what I can tell someone most likely breached an old account with an unchanged password, logged into the admin console here and sent out a bulk email. We've since pruned all the old admin accounts and reset passwords. It was sent through the bulk mail feature built into the forums itself, selecting all the users as recipients. So individual account as far as we can tell were not breached, just someone getting into an admin account.

Right now the email engine on the server is disabled and the port is blocked at the firewall to prevent anything more from coming through while we check through all the layers.

[reader50 5]

I did not get this email, or any other from SR in the last 48 hours. Checked my trash & spam folders to be sure. My email addy with the board is valid. Perhaps SR interrupted outgoing mails before it got to mine.

Advice from an admin on an unrelated board: they want to download the user table. Preferably via SQL access, makes it easier and faster. They want the hashed passwords, salts, and email addresses. Over time they can crack the hashes, making the dump much more valuable than emails alone. They may also be interested in the private message table, in case any users exchanged email addresses.

Hope everyone uses unique random passes on every site. That's the way to go. Once SR is sure they're clean, I'll update mine.

[lonfa 0]

Thanks for the Heads up and Info.  Wondered about EM's. Site data updated.

[Kevin OBrien 58]

When most of this started happening, we had our host kill port 25 at the firewall level, then we started flushing the email queue. We just started opening it up slightly yesterday to monitor outgoing email traffic. But that is why many site-generated emails are slow or not moving out at all. Lots of them probably got caught up in the queue purge as well.

[reader50 5]

It's been a week. Does it look like we're out of the woods?

[LOST6200 0]

Whoa, this is a blast from the past.  Why are they hacking? 

[Brian 157]

Probably no one was impacted, our users are far too smart. They were trying to send out malware. 

[reader50 5]

I updated my pw, so the thieves cannot log in and reduce the average quality of my postings. Those viagra posts would really cut into my rep.

However, I had to change my pw over HTTP. SR has an HTTPS cert, but it's only valid for the news side. And using it with a forum address loads the news side anyway.

Perhaps the SR cert(s) could be updated, so the forums will load securely?

[MaxaGold 0]

The site works very strangely. It is loading on a white background, then on the black one. What's wrong?