Welcome to M1911.ORG
The M1911 Pistols Organization Forums Site


John needs your help
Please read this message.


Sponsors Panel
If you intend to buy something from the companies advertising above, or near the bottom of our pages, please use their banners in our sites. Whatever you buy from them, using those banners, gives us a small commission, which helps us keep these sites alive. You still pay the normal price, our commission comes from their profit, so you have nothing to lose, while we have something to gain. Your help is appreciated.
If you want to become a sponsor and see your banner in the above panel, click here to contact us.

Results 1 to 10 of 10

Thread: This website was hacked

THREAD CLOSED
This is an old thread. You can't post a reply in it. It is left here for historical reasons.Why don't you create a new thread instead?
  1. #1
    Join Date
    9th August 2015
    Posts
    1
    Posts liked by others
    0

    This website was hacked

    Just got an email from one of my Credit Guard services that this site was hacked and info is in the open. Heads up...

    Dark Web Monitoring Alert
    Login Credentials Found
    Email Address mXXXXXX@gmail.com
    Password *******
    Breach forum.m1911.org
    Date Found 03/31/2021

  2. #2
    Join Date
    14th August 2016
    Posts
    175
    Posts liked by others
    19
    I received a similar notification. I have no ideal why this site is considered a Dark Web Site. It sure isn't.

    Well just reset your password (and/or change your email address) and we'll see what the powers to be say.

  3. #3
    Join Date
    2nd April 2005
    Posts
    335
    Posts liked by others
    0
    I, too, received a similar notification. No idea if it's legitimate or not.
    NRA LE Firearms Instructor
    NRA Benefactor Life Member
    No-one is completely worthless...they can always be used as a bad example.

  4. #4
    Join Date
    2nd June 2004
    Location
    Terra
    Posts
    22,286
    Posts liked by others
    906
    The problem is NOT with M1911.org.

    I'll let John explain.
    Hawkmoon
    On a good day, can hit the broad side of a barn ... from the inside

  5. #5
    Join Date
    29th May 2004
    Location
    Athens, Greece, Earth
    Posts
    28,076
    Posts liked by others
    204
    Blog Entries
    2
    The problem is not with any of M1911.ORG sites. The problem lies in your computer. When you enter you login credentials, when trying to log in M1911.ORG sites, some one was watching you. It could be a virus installed in YOUR computer or something installed when you visited a particular, messy site. It was for sure NOT M1911.ORG. And the fact that you got a notification about your log in credentials, proves it. We have almost 70,000 members. Why wasn't only your 3-5 members credentials that we found in Dark Web? And what does Dark Web means?

    I assure you, M1911.ORG does not share your credentials with any one. Actually, all we keep in file for you, is your email address and the IP address from which you last logged in, or tried to log in. Your password is stored encrypted in our site (forum.m19111.org, that's the only M1911.ORG site you can log in to), so there is no way anyone can read it. In order to protect yourself, you can stop using the same password you use in forum.m1911.org in other sites. M1911.ORG is NOT responsilble for any breach of your information, because we do not have your information, except the one you shared with us (email address).

    I hope this clarifies things. If not, please let me know here.
    John Caradimas SV1CEC
    The M1911 Pistols Organization
    http://www.m1911.org

  6. #6
    Join Date
    14th August 2016
    Posts
    175
    Posts liked by others
    19
    The information was provided by my credit reporting service that independently scans sites. Here are the details they provided in the notification

    forum.m1911.org
    Breach discovered on 03/11/2021
    In March 2021, a possible compromised data from a Forum Discussion site exposing 59411 records were found. The data contains emails and passwords.

    What should you do?
    We recommend you log into and change the password to any accounts where you use this email address to log in. Furthermore, be aware of any suspicious emails asking for your personal information as they may be phishing attempts designed to fool you into providing sensitive information to malicious websites.

    I can assure you that I can keep a home computer secure I've worked in the IT field for the majority of my life. I agree with what you say about viruses and poor habits could be a cause. But in my case I can guarantee that is not the case in my particular instance. Today was the first time I've logged onto the site in several months and the first time I've logged in from this computer. The last login was from a computer that was replaced due to hardware failure months ago. Virus scans have turned up negative and my machine is patched every few days. You ask why only a small number of people have reported this? This may be because this was just reported. When you see breaches reported on TV they happen months after the breach was discovered.

    By definition the "Dark web" is defined as:

    The dark web is the hidden collective of internet sites only accessible by a specialized web browser. It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications.

    It is absolutely absurd that this site would be lumped into this category. It doesn't even fit the definition. I have never seen anything shady on this site and I know you and Hawk keep an eye on things here. The fact that "Dark Web" and this site are even mentioned in the same breath bothers me. It suggests that all sorts of terrible things that are not true.

    So the question is why the a few of us have received notifications. What has most likely happened is that at least one monitoring services scanned the site. While these scanners can find critical issues, based on what I've seen at work they can produce false positives as well. I've seen scanners ding sites due to changes in best practices. For example, over the past few years there has been a push to have sites only to accept connections via HTTPS only regardless. These scanners will ding you if they can connect to the site via HTTP. I've also seen these same scanners flag software that is not running the latest version available. I've seen sites get breached even though they are running the latest versions of their software because the hosting companies didn't keep the underlying OS up to date.

    It may be worth checking into some of the scanning software available on line to see what is going on. I wish I could provide more info to help, but that was the info provided to me.

  7. #7
    Join Date
    2nd June 2004
    Location
    Terra
    Posts
    22,286
    Posts liked by others
    906
    It's a very odd situation. I was going to write "crazy" and then stopped, but that might still be a fair description.

    I participate in other Internet forums that use vBulletin software. I'll research versions later. M1911.org (and all John's related sites) are https. At least one of the other forum sites is not on https, yet I haven't received any notice of a compromise in regard to that site. John switched us over to https several years ago, long before most of the other "gun" forums did, so we should be safe in that respect.

    I don't know what prompted this alert, but I'm not going to lose sleep over it.
    Hawkmoon
    On a good day, can hit the broad side of a barn ... from the inside

  8. #8
    Join Date
    29th May 2004
    Location
    Athens, Greece, Earth
    Posts
    28,076
    Posts liked by others
    204
    Blog Entries
    2
    Quote Originally Posted by Warbirdnut View Post
    forum.m1911.org
    Breach discovered on 03/11/2021

    In March 2021, a possible compromised data from a Forum Discussion site exposing 59411 records were found. The data contains emails and passwords.
    Just to prove that "Dark Web" and these notices about it, are not very creditable, our forums site has currently 63,278 users. If our site as breached or hacked, why only 59,411 records were compromised? What about the rest 3,867 records?!?!!?
    John Caradimas SV1CEC
    The M1911 Pistols Organization
    http://www.m1911.org

  9. #9
    Join Date
    14th August 2016
    Posts
    175
    Posts liked by others
    19
    Yea I brought up those items as examples. Some one would have to run a scanner on the site to see what is going on. There some good open source software packages that can handle the job. Nessus is one scanner that I run into at work that does a pretty good job. It is open source you can download it from the developers website or their github.

  10. #10
    Join Date
    14th August 2016
    Posts
    175
    Posts liked by others
    19
    These tests are typically automated. Perhaps the test completed the scheduled run. I'll go back to my credit monitoring service and see if I can get some additional information. I think that if they have found something they should have reported it to you or at least your hosting provider. If your hosting provider hasn't contacted you then nothing happened or they aren't doing their job.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Sponsors Panel
If you intend to buy something from Brownells, please use their banners above. Whatever you buy from them, gives us a small commission, which helps us keep these sites alive. You still pay the normal price, our commission comes from their profit, so you have nothing to lose, while we have something to gain. Your help is appreciated.
If you want to become a sponsor and see your banner in the above panel, click here to contact us.

Non-gun-related supporters.
Thank you for visiting our supporters.