Good to hear the bad guys are going to get what they deserve. Hopefully this is a lesson for you and your other admin as well... use strong passwords.
Who is sh*t? Never heard of them but if you say their software is bad and to stop using it then I guess I will stay away from them. LOL.Actually the lesson was to stop using sh*t forum software
Well done to Slavik, although its only the start, the real problem now is getting them to pay....He shoots, HE SCORES!!
Well done to Slavik, although its only the start, the real problem now is getting them to pay....
Actually the lesson was to stop using sh*t forum software
One of the other admins for p8ntballer had his password stolen...
Really? How did you come to that conclusion?
What does it matter what software you're using so long as your staff is using strong passwords?
You obviously haven't much experience with hash cracking and the resources available. An 11 character MD5 password with 3 upper case, 4 lowercase, 2 numbers and 2 special characters can be bruteforce cracked in as little as 6 hours nowdays.
It was vbulletin we were on.
Well done to Slavik, although its only the start, the real problem now is getting them to pay....
That is a huge number.You obviously haven't much experience with hash cracking and the resources available. An 11 character MD5 password with 3 upper case, 4 lowercase, 2 numbers and 2 special characters can be bruteforce cracked in as little as 6 hours nowdays.
It was vbulletin we were on.
Pretty sure it does, so many failed logins and you have to wait a set time period. If your talking about the Admin CP, you could even use a second htaccess password protection before they get to the main vB Admin login page. I did it when running vBulletin, 2 logins needed to get into Admin CP settings.
That is a huge number.
How can the server handle that many login attempts?
Doesn't vbulletin have some protection against repeated login attempts?
So in other words...they're skiddies?The exploit in vbulletin basically allowed them to extact the password hashes and salts from the database. They then run that hash through a bruteforce program on a streaming proccessor to crack.
Exactly, if they claim they don't work and can only afford pittance each week to pay any fines imposed. You'll be looking at it spread over years in very small repayments. There's not a lot you can do about that either to get your money back any faster, that's why it's not even worth taking them to court sometimes. You can't make somebody pay it faster if they don't have it, and a court will take their money situation into account.
Feel the same, you may have won the court case. But now comes the hard part getting your money from them.
You obviously haven't much experience with hash cracking and the resources available. An 11 character MD5 password with 3 upper case, 4 lowercase, 2 numbers and 2 special characters can be bruteforce cracked in as little as 6 hours nowdays.
It was vbulletin we were on.
We use essential cookies to make this site work, and optional cookies to enhance your experience.