Is the MySql databases already restored from backup at this moment?
Besides the MySql databases backups are there also backups made / available of all the PHP scripts (and all other needed files) involved in running this forum? And are those backups restored as well as we speak?
In this case it is a hacking of the MySql database where the user IDs containing the name (nickname), the email, the password, the IP
The password is coded SHA-1.
It is not interesting for the hacker to decipher the password (SHA-1) because it has been reset by the administrator.
Concerning IPs, many are dynamic so with change by the ISP periodically.
The only interest is the e-mails which often on a forum are only pseudonyms.
In the case of a database hack, you have to search the connection logs on the server to deduce the source, I think Comodo takes care of it to find the flaw, it takes time.
There is no point in rushing a restoration until safety is restored.
For the PHP language, like all programming, it has security updates that must be applied in relation to SMF, which has also undergone updates.
The PHP <=> MySql relationship needs to be upgraded on both sides to avoid hacking
Only administrators have the rights to access the configuration - repair - upgrade - backup of an SMF forum.
Understandably that restoration takes time and that Comodo needs time to find the source of the attack so that they can investigate it further and hand it over to higher authorities.
Of course safety comes first, no need to rush things.
You say that “The only interest is the e-mails …” can you elaborate on why this is valuable to the attacker?
I mean if they are not interested in deciphering the database passwords how would they make money from the database then?
They are after making money and without knowing the correct passwords they can’t do anything with both the user profiles and their emails addresses.
What’s the point ?
To know the emails, it allows to try to hack and to know the messages on the server where the mailbox is hosted.
The resale value for an attacker is the utility of the SQL database and its importance
The value is subject to the profile of the company and its employees, here it’s not a bank or the white house so it’s a lesser value.
It is above all the fact of inducing a piracy effect to reduce the value of the company that is most important, I think…
Hacking a Security Company is ‘usually’ a challenge and gives them prestige for a start, but the sale of thousands / millions of valid email addresses is valuable in its own right . . . primarily for Phishing and spam attacks
It doesn’t take many successful Phishing emails to make it very worthwhile. Run any of your old emails through here and it’s quite an eye opener: [b]Have I Been Pwned: Page not found
Another interesting thing to know would be why (seemingly) only few members (as I have noticed so far) could escape this breach and where able to reset their password (including me)?
Maybe it was all related to timing and quick responding to the password reset, just pondering…
If the index of the database is compromised it must be repaired or restored alone as mentioned above the administrators have the access right for this kind of operation.
If the database has been manipulated by the hacker, for example deletion or modification of accounts, only the SQL restore is beneficial.
If there is a problem with PHP programming in this case, the language must be modified.
Anyway apart from a complete restoration of the server from the last recent backup after having solved the security flaw is beneficial to be fast is effective
It’s my personal viewpoint
so i have registered to the forums 3 days ago with another email and then i got an email telling me that my registeration request needs to reviewed first then i get access to the forums, so after 3 days i still getting the message that my account needs approval to login to the forums. today i’ve registered with another email and it just sent me an activation link and i’m in ( current account ). so what’s the matter with my previous registration? is it lost somewhere? i need to change email of this account to the email that i’ve registered for the other one if that one is not going to get access to forum. i tried to change email in settings and it telling me that there is someone registered with that email. any admin can help fix this?
The problems with the password reset not working is likely unrelated to the breach.
With the password reset for all accounts the danger has been neutralized. That is the beauty of the password reset; there is no need to scrutinize all accounts (which is too much work).
According to the post by Vinny Troia the hack was done by using a vulnerability in vBulletin. That means the hack started at one of four other Comodo Forums using vBulletin software. Those forums have been patched to the latest version which fixes the vulnerability used in the hack. With this entry blocked and all passwords reset the danger is averted.
I changed my password as soon as I clicked the “forgot password” option. Comodo immediately e-mailed me a link to choose a new password. I then followed the link and changed my password and I logged in here to post that initial reply. I wasn’t going to mess around with the other option you can choose the “secret security question” as I don’t know if I would remember.