• We will be performing necessary maintenance on the forum and related hardware from Satuday 25th of September onward. Users might experience some downtime, which we will ensure that it is limited - if at all noticeable.

Other Special report email? Phishy?

BlackMarilyn

Well-Known Member
I got an email an hour ago from subscriber_notify[USER=37335]longhaircareforum[/USER].com with the subject "Stop your hair-loss using only 1 secret celebrity trick!" and a link to a url that looks like this forum but it was longhairs...forum instead of longhair...forum.

Was addressed to my username signed by Dimopoulos Administrator.

Looks like a dodgy email. Has anyone else received one?
 

Dak

Well-Known Member
Any word on this from the administers of the site? Is it possible any other information has been hacked?

Do you need to up your security?
 

dimopoulos

Crazy Greek
Staff member
I will make an announcement on this within the next day or so. I have still a few things to check before I get all the facts straight.

The day before yesterday a user registered in the forum. Nothing wrong with that. However that user managed to get elevated permissions and thus becoming an admin a few hours later. It was discovered the following morning (I believe the timeframe was 6-8 hours) and deleted immediately.

I am still checking the logs and found out how the user managed to get in the forum. This is an undiscovered vulnerability that vBulletin has - well clearly someone discovered it in the end.

I have patched this with the latest vBulletin version yesterday, the same time the offending account was deleted.

What I am doing now is comparing all the templates of the forum with a fresh installation to ensure that nothing has been messed up. So far I have seen nothing wrong.

There are still a few megabytes of logs to go through, hence the delay in my response.

For those that received the email - trust me I did not send it.

If you still have it, please forward it to nikos[USER=37335]longhaircareforum[/USER].com so that I can narrow the investigation window as far as the logs are concerned.

Please delete that email. We never send out announcement emails.

Thanks!
 

beverly

Admin (November 2020 Photo)
Staff member
We do not send spam email to your account where you would have to click a link. If you get anything from longhairScareforum.com please mark it as spam. Our security is currently up to date thanks to Nikos. If you have any personal concerns, please put in a support ticket. Link to the support system is in my signature.
 

dimopoulos

Crazy Greek
Staff member
One more thing to add, no passwords have been compromised. It would be great if you all could change it just in case but passwords are stored encrypted in the database and it is a one way encryption i.e. there is no decryption mechanism.

The servers were intact i.e. nobody got in them. It was only vBulletin.
 

Dak

Well-Known Member
Thanks for responding. I never thought it was spam FROM here, more that there had been a security issue.

First time in all the time I've been on here, at least that I'm aware of.

Spammers are so stupid, as if anyone on this site would believe Dimopoulos would send a bulk email offering celebrity hair secrets, let alone pay $5 for a 'report'. :lachen:
 

Angelicus

Well-Known Member
Thank you, Admins! I knew not to open that mail. I appreciate the team resolving this so quickly.
 

Maracujá

November 2020 --> 14 years natural!!!
I got one as well, it went directly to my spam and I deleted it. How can I change my password here?
 

Pat Mahurr

Pun intended
I finally got one of these emails today. I know it's not legit, but to be honest, I was beginning to feel left out since I hadn't gotten one.

Yes, I deleted it.
 
Top