I'm sorry if this comes of a rant but it really worry's me seeing the lack of security some webmasters take on this forum.
Over the past few months I've tried to stay away from this site, Why? Due to being scammed multiple times but also due to a number of the websites listed here being hacked and the owners don't even bother to inform their users.
One of these sites is even co run by an administrator on ForumPromotion!
At this time two of the hacked websites have ads on the forum index opening up many more users to being hacked.
I noticed around a month back WebsiteForums.org run by Cameron & John had a password logger installed after they got hacked, This keylogger has recorded every users password and sent it to a remote server. After the hacker gains these they move onto the next site and next.. opening up more users to harm.
I sent Cameron multiple PM's and even an email regarding this over a month back including a guide to remove the hack, I never got a response and the keylogger is still installed at the time of typing this.. . I guess the only good news in this is the server the keylogger was planted on has since removed it as they were also hacked.
So today I also spotted PeakForums.net has been hacked multiple times and the full database is floating around the web, In this case the hack happened in November 2015 and again over the past few days yet there's no warning to users to reset logins or anything. What sucks more is the site was just sold to a new owner and he has no idea his users info is leaked.
Going back to WebsiteForums.org, I know exactly how it was hacked and it was due to a staff member reusing their password on other sites which have been hacked.
In this day and age webmasters need to use random passwords on private sites as this sort of thing can happen over and over. In the case of WebsiteForums.org this could have been prevented if they had enabled 2-step login protection which is a core feature to XenForo. Or more simply, Using a different password unique to WebsiteForums.org
Another thing I noticed was mutliple websites I bought here ran outdated software, Webmasters need to learn to keep on top of them updates, Even ForumPromotion is currently running an outdated version of phpBB and this site should be an example to webmasters new and young.
What do you think? Should webmasters take their sites security and users information seriously?
Over the past few months I've tried to stay away from this site, Why? Due to being scammed multiple times but also due to a number of the websites listed here being hacked and the owners don't even bother to inform their users.
One of these sites is even co run by an administrator on ForumPromotion!
At this time two of the hacked websites have ads on the forum index opening up many more users to being hacked.
I noticed around a month back WebsiteForums.org run by Cameron & John had a password logger installed after they got hacked, This keylogger has recorded every users password and sent it to a remote server. After the hacker gains these they move onto the next site and next.. opening up more users to harm.
I sent Cameron multiple PM's and even an email regarding this over a month back including a guide to remove the hack, I never got a response and the keylogger is still installed at the time of typing this.. . I guess the only good news in this is the server the keylogger was planted on has since removed it as they were also hacked.
So today I also spotted PeakForums.net has been hacked multiple times and the full database is floating around the web, In this case the hack happened in November 2015 and again over the past few days yet there's no warning to users to reset logins or anything. What sucks more is the site was just sold to a new owner and he has no idea his users info is leaked.
Going back to WebsiteForums.org, I know exactly how it was hacked and it was due to a staff member reusing their password on other sites which have been hacked.
In this day and age webmasters need to use random passwords on private sites as this sort of thing can happen over and over. In the case of WebsiteForums.org this could have been prevented if they had enabled 2-step login protection which is a core feature to XenForo. Or more simply, Using a different password unique to WebsiteForums.org
Another thing I noticed was mutliple websites I bought here ran outdated software, Webmasters need to learn to keep on top of them updates, Even ForumPromotion is currently running an outdated version of phpBB and this site should be an example to webmasters new and young.
What do you think? Should webmasters take their sites security and users information seriously?
