Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Autohotkey forum emails leaked?


  • Please log in to reply
25 replies to this topic
tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: Oct 13 2016 01:04 AM
  • Joined: 21 Dec 2007

Like i said i am willing to post an announcement but that's all that's technically possible anyway. an email blast is not possible even if i were inclined. while these things are certainly suspect they certainly don't rise to anything more than a nuisance if true. I am all for err on side of caution. it would be far easier to steal said passwords with a man in the middle as almost all email is un-encrypted. as is this site. And on top of that the amount of work to brute a tens of thousands of email accounts they would surely select a better audience. the scenario you described above would simply require some port sniffing when you log onto this site and no brute force a tall. its an encrypted connection. there are and have been countermeasures for brute force attacks on user accounts for a very long time. and this is true of most common mail hosts. So while its worth mentioning it certainly does not rise to being anything more than a nuisance.

 

I have corrected a typo in the above statement caught by another user here it was an unintentional and important typo.


Never lose.
WIN or LEARN.

tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: Oct 13 2016 01:04 AM
  • Joined: 21 Dec 2007

http://autohotkey.co...ic/150288-spam/


Never lose.
WIN or LEARN.

Lexikos
  • Administrators
  • 9844 posts
  • AutoHotkey Foundation
  • Last active:
  • Joined: 17 Oct 2006

You now have three people, all connected to here, and spam coming from the same source. Coincidence?

How's this for coincidence?

The previous admin was and still is the admin of a Runescape botting community.
The previous admin still has a copy of the forum DB. Probably even on the same server as that community. I think both sites were hosted on the same server.

You can jump to whatever conclusion you like.

tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: Oct 13 2016 01:04 AM
  • Joined: 21 Dec 2007

I never drew the paralell..... i know he is chaffed but... Yes i left the DB on the old server of his when i moved it. but never would i have imagined.... My bad then, I am wholey responsible. clearly i made a very poor decisions. and it also would explain how the files that left the opening went un used till i moved.

Double-facepalm.jpg

kinda glad i removed his admin access immediately after.


Never lose.
WIN or LEARN.

anotherautohotkeyuser
  • Members
  • 6 posts
  • Last active: Dec 22 2015 10:36 PM
  • Joined: 16 Apr 2015

Here's report number four, assuming this isn't one of you guys with a different nick: http://ahkscript.org...hp?f=17&p=55485

That was me Mango! :-)



anotherautohotkeyuser
  • Members
  • 6 posts
  • Last active: Dec 22 2015 10:36 PM
  • Joined: 16 Apr 2015

I never drew the paralell..... i know he is chaffed but... Yes i left the DB on the old server of his when i moved it. but never would i have imagined.... My bad then, I am wholey responsible. clearly i made a very poor decisions. and it also would explain how the files that left the opening went un used till i moved.

kinda glad i removed his admin access immediately after.

Tank: given the disgraceful disregard this bastard has for other people's privacy, is it unreasonable to ask you to share their name?



tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: Oct 13 2016 01:04 AM
  • Joined: 21 Dec 2007

I do not believe in lowering myself to other peoples mistakes. when we moved this site to a new server i neutered him immediately but i was trying to not be facetious and didn't delete everything from his server. I knew he would be capable of being petty but i hadn't imagined this. this would have been his last move. if he is indeed to blame. It's why i gave Chris the power to subvert me if i ever go so far astray, its why there are 2 other people with my same access to everything. Everything he had done to date wasn't bad. but enough was that it became time to cut him out when the opportunity arose. . Lets not make it about him. lets just let him fade from memory like a bad burp. 

as my daughter says "let it go Elsa". It should be known even he cannot without extraordinary means and tens of thousands of expensive equipment crack the passwords in the DB. I suspect this is all nothing more than an attempt to make me run back to him for help. to make him relevant. IF he is in fact directly responsible. I'll reserve accusations and just let it fade


Never lose.
WIN or LEARN.

anotherautohotkeyuser
  • Members
  • 6 posts
  • Last active: Dec 22 2015 10:36 PM
  • Joined: 16 Apr 2015

Thanks Jackie; i think that makes the point that i was going for. SPAM is almost never an indication of a data-breach.SPAM is welllll SPAM an attempt to get you to click something you shouldnt. it has NOTHING to do with where you have or have not used an email address

I absolutely disagree with this statement; but only because I use unique non-wordlist buildable e-mail addresses at one of my domains, every time I have to provide an e-mail address to a web site. This simple mechanism makes it easy to identify a problem, and prove the source of the issue. I know immediately which domain is culpable for any unsolicited e-mail, intentional or not. Of much more importance to me though is: this approach provides me with an indicator that my PII has been compromised.

Of course though, Tank's statement is a general truism for a lot but not all SPAM.



sinkface
  • Members
  • 2 posts
  • Last active: Oct 30 2015 03:36 PM
  • Joined: 22 Dec 2011

Let me chime in and say I have received the same spam and I too use a unique email address for each website I register with. When I start receiving spam to a specific address, I know they've either sold me out or their email DB has been compromised.

 

I registered this account on 12/22/2011. I have not received a single email to that account since that date until I received the RuneDreams spam yesterday.



noname
  • Members
  • 650 posts
  • Last active:
  • Joined: 12 Nov 2011

I checked the gmail account and found  1 spam ,you can guess "RuneDreams" 28 oct .I rarely use this account so considering the other facts it is almost sure that it is leaked from ahk database.


winXP  and ahk unicode


jNizM
  • Members
  • 928 posts
  • Last active: Jan 12 2018 09:23 AM
  • Joined: 01 Aug 2012
I think (like lexikos said) the leak is more from powerbot[dot]org (Runescape Bot Forum), thats why the spam contains "RuneDreams".

And thats another reason why I think we should not merge/convert this IP Bord Forum with ahkscipt[dot]org.
We should close it and make it read-only and start a self-sufficient AutoHotkey Forum and get the autohotkey[dot].com domain back.
[AHK] 1.1.27.04 x64 Unicode | [WIN] 10 Pro (Version 1709)
My GitHub Profile | Donations are appreciated if I could help you