Forum possibly hacked

Cyann's profile image Cyann posted 7 years ago in General Permalink

I'm receiving spam on the unique address created for this forum.

Details:

  • Sent by: www.cookiecrazie.com (static-ip-173-224-121-100.inaddr.ip-pool.com [173.224.121.100])
  • Sender (possibly spoofed): EU Business Register register@ebr-list.net

Was the forum hacked, or is it a privacy violation (addresses sold)?

Cyann's profile image Cyann posted 7 years ago Permalink

I've noticed that there is no https on this site... Please enable HTTPS! See letsencrypt.org for a quick and easy solution.

This also mean that downloads from this site cannot be trusted and are potentially infected. I've disabled auto update until this is corrected.

[expired user #10543]'s profile image [expired user #10543] posted 7 years ago Permalink

Looks like its hacked(

ansgar's profile image ansgar posted 7 years ago Permalink

I'm quite sure it's not. Email addresses are nowhere displayed nor posted anywhere else, honestly. I'm a OpenSource monkey, I hate when others don't respect data privacy. Will check the SSL thing, sigh... I have very few experience with SSL on Apache (on Windows!), so this can take some time.

ansgar's profile image ansgar posted 7 years ago Permalink

Just installed an free ssl certificate for testing purposes: https://www.heidisql.com . Took me 2 hours to find the Windows firewall was wrongly configured for port 443.

ansgar's profile image ansgar posted 7 years ago Permalink

Tataa.. I have a valid (cheap) SSL certificate running now. All pages force a redirect to https from now on. Also HeidiSQL's internal updatecheck is forced to use ssl now, and after a small update this will be ssl by default, without a redirect.

Please login to leave a reply, or register at first.