Have a bunch of accounts been suddenly hacked

Vanity

[dfwgator]

Years ago FR was hacked and obscene pics and threads were posted continuously.

Yes, I remember that.

[who_would_fardels_bear]

Were there at least some foxes there? ;-)

[dfwgator]

Including the Mother of All Obscene Pics.

[DJ MacWoW]

The old guy with no teeth and an open backdoor? Yeah. I remember that.

[Bearshouse]

Were there at least some foxes there? ;-)

Nothing even Foxy.

[Jamestown1630]

What happens on the Internet STAYS on the Internet...

[higgmeister]

Sad that the forum can be hacked so easily.

What makes you assume it was easy?

[Rurudyne]

Amen!

[Drago]

Or was a “hack” at all...someone signing up for an account and spamming the site is not a hack. An existing FR user with a terrible password that gets exploited is also not a “hack” of the site.

[CatOwner]

Given the number of posts that were popping up gave that appearance. Of course, my natural tendency was to change my password. Minutes later, we were told not to go that. Ugh.

I can't say for certain, but it appears a few individuals here were duped into re-entering their login credentials through a bogus URL. As someone mentioned, if you're using https logins, I'm not sure that would work as that should prompt a warning message.

[gitmo]

But this was several different accounts, all long time FReepers.

[DJ MacWoW]

This were at least 5 accounts with posts seconds apart. It was a hack.

[Drago]

I missed all the “suspect” posts, so don’t have an additional guess as to the problem. But “long time user” doesn’t necessarily equal “good password”.

https://www.grc.com/haystack.htm

[Drago]

Depends on your definition of “hack” I guess...someone collecting hundreds of Freeper usernames over time and throwing a password cracker at them to get their password then logging in all the accounts they compromised to post rapid-fire (run a script) spam posts is not a “hack of the website” in my book. It a compromise of a weak password. Use more than 11 random digits (no words/names) and include “special characters”.

https://www.grc.com/haystack.htm

[higgmeister]

It looked like the attack was a spoofed DNS that invited Freepers to login to their fake website server thereby giving up their password as part of the login which the hacker then used to make bogus posts on the real Fresno server.

[Drago]

Possible, but easier to run a password cracker against FR usernames to get their password then use those accounts to spam FR. The FR (”virtual”) server is now in the Dallas area (”Linode”). The old physical server that John R. had co-located in the San Jose, CA area (NTT data center) was retired after NTT closed their data center there.

[gitmo]

But “long time user” doesn’t necessarily equal “good password”.

Agreed. I was responding to the suggestion that someone had set up some new accounts to spread mayhem on FR.

I plan to make my password more complex.

[Drago]

We have an official thread on the subject now:

https://freerepublic.com/focus/f-news/3989769/posts

Yeah, a good password is a good thing...an example:
The PW “lovemomma” can be cracked/hacked in 56 seconds or less...but “lovemomma1$” would take more like 56 years...the power of “special characters”, randomness and PW length, etc..

https://www.grc.com/haystack.htm

[gitmo]

My company has tests that rate your password.

They also send out fake phishing emails with bogus links. If you fall for it and click the link, you go back to security training.

[Drago]

Ha! “Remedial security training”...do they serve coffee/donuts?!?