NeoMallers Site News (important!) + scam

23 posts / 0 new
Last post
saudor
saudor's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 10/06/2007 - 12:30pm
NeoMallers Site News (important!) + scam
As some of you know, NeoMallers' database has been accessed through a staff account on this site. Using that account, they were able to disable the security set on this site and run a php code that essentially allowed them to upload a "Shell Tool" This allowed access into the file system (where all the neomallers files are stored). With access to the file system, they were able to retrieve the database password in addition to hijacking the main index.php file of this site which recorded password logins to this site as of March 8th and archived them into a text file. The bad news is, it appears the entire database was downloaded. the good news is, passwords are stored in an one-way encryption so those of you who used non-dictionary words, you are safe for the most part. [b]But you should still change your passwords. [/b] Good news is, there was minimal damage and I was able to trace where and how they got in and every single piece of code they tried to execute and what failed and what actually worked. Also, moderators no longer have full access to the site. A new "moderation layer" will be developed as time allows in order to restore these powers but in a much more secure environment. I apologize for this "mishap" and hope it will never happen again.
neomallers_staff
neomallers_staff's picture
Offline
Last seen: 49 min 26 sec ago
Joined: 10/06/2007 - 1:18pm
Also, if you get a mail like this: [quote]Dear neopets member, Your password has been reset. Please use the new password listed below: Login (your e-mail address): westy52 Password: k8Q3RaNb79 You can change your password on the User Admin page: http://www.premium.neopets.com after you login.[/quote] DO NOT CLICK THESE LINKS. As of now, the ability to request a new password on neomallers is DISABLED. EDIT: New variant [quote]We received your request to reset your Windows Live password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account. If you didn't request that your password be reset, please follow the instructions below to cancel your request. CONFIRM REQUEST AND RESET PASSWORD 1. Copy the following web address:[/quote] [b]remember, neomallers will NEVER contact you at your email address with the exception of the welcome mail when you sign up[/b]
NeoMallers Testing Dev Account
chirigami
chirigami's picture
Offline
Last seen: 13 years 11 months ago
Joined: 23/02/2009 - 2:32pm
thanks for letting us know Dmitri! I really appreciate it :3
lariboo
lariboo's picture
Offline
Last seen: 10 years 1 month ago
Joined: 10/12/2008 - 7:41pm
Happy to have ya back and the site, happy and safe :*
saudor
saudor's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 10/06/2007 - 12:30pm
Yeah it's safe now. One last thing to do is to permanently lock out my account from access.
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
lilly
lilly's picture
Offline
Last seen: 13 years 8 months ago
Joined: 14/07/2009 - 4:32pm
Wow. Not sure I understood that. Thanks, though. Neomallers is awesome.
Gavin63
Gavin63's picture
Offline
Last seen: 1 year 3 months ago
Joined: 23/07/2009 - 11:09pm
Just wondering does that mail come to your neopets webmail, neomail personal email or through neomallers mail. What is it with these hackers.. Are they trying to bring neopets down *angry* Tha Shop http://www.neopets.com/browseshop.phtml?owner=galitare&misc Main Mall Info http://www.neopets.com/~vegemite_kid Branch Mall Info http://www.neopets.com/~Nlcfon
darkelvensfi
darkelvensfi's picture
Offline
Last seen: 13 years 5 months ago
Joined: 25/04/2009 - 11:15pm
I'd assume it comes through the same email that you used to sign up with Neomallers with. If you have used the same password for Neomallers as Neopets, you'd best be quick about changing both of those passwords; even if they aren't the same but by knowing one you can decipher the other. Make sure you use different passwords for both sites. If you use the same email for both Neomallers and Neopets, you may want to do a quick change over. Create a new email that you can use specifically with Neopets; so the hackers do not know which email account your Neopets account is linked to. Some email accounts can be hacked even if Neopets 'cannot' be. Hope this helps.
Triciaroo
Triciaroo's picture
Offline
Last seen: 10 years 4 weeks ago
Joined: 01/08/2009 - 1:46pm
[quote=darkelvensfi]I'd assume it comes through the same email that you used to sign up with Neomallers with. If you have used the same password for Neomallers as Neopets, you'd best be quick about changing both of those passwords; even if they aren't the same but by knowing one you can decipher the other. Make sure you use different passwords for both sites. If you use the same email for both Neomallers and Neopets, you may want to do a quick change over. Create a new email that you can use specifically with Neopets; so the hackers do not know which email account your Neopets account is linked to. Some email accounts can be hacked even if Neopets 'cannot' be. Hope this helps.[/quote] Thanks for that, Dark. I was little confused too. Lol. Passwords changed on both sites, just in case. I use different email accounts anyway so I'm thinking I'm going to be safe. Thanks for the speedy info though. ------------------------------------------------------- http://www.neopets.com/browseshop.phtml?owner=triciaroo Size 351/400 Target date: 31st May 2010
------------------------------------------------------- http://www.neopets.com/browseshop.phtml?owner=triciaroo Size 528/550 Target date: 16th September 2012
inara60
inara60's picture
Offline
Last seen: 9 years 11 months ago
Joined: 22/03/2009 - 10:26am
Thank you for the heads up Dmitri, and for everything you do to keep us safe =) [hr] [url=http://www.neopets.com/browseshop.phtml?owner=inara60]Lucky Treasure Maps![/url]
[hr] [url=http://www.neopets.com/browseshop.phtml?owner=inara60]Lucky Treasure Maps![/url]
tatsulot
tatsulot's picture
Offline
Last seen: 10 years 9 months ago
Joined: 01/01/2010 - 8:51am
thanks for everything you did and lucky for us :o neomallers were going to be targets of attempts, foiled by early precautionary measures :P

Pages