# Craftbrewer Hoax!



## alcoadam (29/8/12)

If anyone that's on Craftbrewer's mailing list received an email this morning in relation to free postage, looks to me like a scam (non - Craftbrewer related)


The "broken english" was the first giveaway and when u click on the link, you are taken to a genuine looking webpage (except for the "craftbew" address). Dont hand over any money!!!



Watch out folks, Hope Ross has caught on.....


----------



## bum (29/8/12)

alcoadam said:


> Hope Ross has caught on.....


How about your forward him the email?

The scammer probably didn't send it to him...


----------



## alcoadam (29/8/12)

bum said:


> How about your forward him the email?
> 
> The scammer probably didn't send it to him...






...I did do that first.


And I'm sure Ross is up at the moment checking his online enquiries.


----------



## Kranky (29/8/12)

alcoadam said:


> ...I did do that first.
> 
> 
> And I'm sure Ross is up at the moment checking his online enquiries.



I just put in an order with Craftbrewer and then I just got one of those emails and the lack of english skills is pretty suss.


----------



## pike1973 (29/8/12)

I also got this email and thought it was a scam but the link now has no info at all.i asked the guys in my club but no one replied so I assume that they didn't get it. I'm glad I wasn't the only one.
Adz.


----------



## Ross (29/8/12)

Just deleted the offending page & advised my IT guys.

Hopefully our new site is not too far away & we wont have to put up with scurillous attacks like this anymore.

Apologies to anyone that received the email.

cheers Ross


----------



## insane_rosenberg (30/8/12)

Lucky I came here to check it out!

It's on the front page of the craft brewer website. I went there from the bookmark in my browser. But it's even there when I follow the link from Ross' signature.


----------



## Batz (30/8/12)

Not going to _first login (Hare)_ :lol: :lol:


----------



## Ross (30/8/12)

Sorry Brewers,

I'm pretty sure I know who's doing this & will be taking action if i can prove it! It's a personal attack on our business & the livelihood of our 9 employees, but some low lifes just don't give a f**k.

Apologies to all our great customers...

Ross & the Craftbrewer Team


----------



## Batz (30/8/12)

Ross said:


> Sorry Brewers,
> 
> I'm pretty sure I know who's doing this & will be taking action if i can prove it! It's a personal attack on our business & the livelihood of our 9 employees, but some low lifes just don't give a f**k.
> 
> ...




You saying this is coming within Australia? If so very nasty stuff!


----------



## edschache (30/8/12)

Just shop the way I do - rock up unannounced and annoy Anthony and Ross for an hour. After an hour you can be fairly sure they're the real deal, even if they are a little seedy from the night before


----------



## Jay Cee (30/8/12)

I thought Ross was employing refugees from Christmas Island these days, hence the broken English in the emails :lol: 

On a serious note, that sucks if there's a malicious intent from someone known to the business. Disgrunted staff or customer ? Either way, pretty bad form. 

And where are those bloody brown pumps !? B)


----------



## Bubba Q (30/8/12)

> CraftBrewer
> Free shipping service for customers only 5$
> 
> To enhance customer convenience and reduce the cost of products , We decided make a contract with post company.Than based on a cost for every customers they subscribe to the mailing must be paid , thats free!every customers from 28 August 2012 to 10 September 2012 subscribe to mailing payments no need to payment post cost for 1 year!
> ...



I dont understand what everyone is concerned about. This seems totally legit


----------



## Lord Raja Goomba I (30/8/12)

edschache said:


> Just shop the way I do - rock up unannounced and annoy Anthony and Ross for an hour. After an hour you can be fairly sure they're the real deal, even if they are a little seedy from the night before



That's what I do, though they are usually fielding phone calls from these hoaxes 

And that's hard to do when seedy and someone is asking for grain.

Goomba


----------



## time01 (30/8/12)

just received the email also, good to hear ross is aware of it.


----------



## barls (30/8/12)

more to the point how did they get the mailing list to send it to us all.


----------



## Liam_snorkel (30/8/12)

had to laugh at


> (depleted)


----------



## Jay Cee (30/8/12)

barls said:


> more to the point how did they get the mailing list to send it to us all.



That's the biggest question. Someones not been malicious to the site as such, but has stolen sensitive information that specifically ties emails addresses to Craftbrewer. I sure hope they don't retain credit card information on the same server.


----------



## QldKev (30/8/12)

Jay Cee said:


> That's the biggest question. Someones not been malicious to the site as such, but has stolen sensitive information that specifically ties emails addresses to Craftbrewer. I sure hope they don't retain credit card information on the same server.



Or even passwords. Password re-use is a real issue


----------



## Nick JD (30/8/12)

Jay Cee said:


> That's the biggest question. Someones not been malicious to the site as such, but has stolen sensitive information that specifically ties emails addresses to Craftbrewer. I sure hope they don't retain credit card information on the same server.



Isn't that dealt with by the payment gateway thingo? I don't think businesses hold CC info, do they?


----------



## Paul H (30/8/12)

I just thought they let Josh too close to the keyboard..  

Cheers

Paul


----------



## mosto (30/8/12)

Ross said:


> Sorry Brewers,
> 
> I'm pretty sure I know who's doing this & will be taking action if i can prove it! It's a personal attack on our business & the livelihood of our 9 employees, but some low lifes just don't give a f**k.
> 
> ...



Regardless of whether you can prove it or not, might be wise to get the cops involved given the potential for below to happen.



Jay Cee said:


> That's the biggest question. Someones not been malicious to the site as such, but has stolen sensitive information that specifically ties emails addresses to Craftbrewer. I sure hope they don't retain credit card information on the same server.



Hope you get to the bottom of it mate.


----------



## dammag (30/8/12)

Free shipping for $5. Makes complete sense!


----------



## Batz (30/8/12)

I'm sure Ross said that payment details eg credit cards go to another site and having nothing to do with Craftbrewer. Passwords, mailing addresses and names etc. maybe a different story.

I'm sure Ross would be onto it today.


----------



## /// (30/8/12)

Jay Cee said:


> That's the biggest question. Someones not been malicious to the site as such, but has stolen sensitive information that specifically ties emails addresses to Craftbrewer. I sure hope they don't retain credit card information on the same server.



Oh the c/card paranoia. Ever gone to a restaurant and gave a person your c/card for them to take away and charge? They have your card, your expiry, csv number and signature. This is far greater a concern than a breach of a website that handled your transaction via a secure gateway. You gave your card, consented it to be charged and with a smart phone, allowed someone to take a pic of your signature for future misuse along with another copy of a receipt for them to further copy your signature.

That person could then charge the crap out of the card before your even back to your car and do a runner with the loot ... ohh the insecurity ... versus a secure gateway where the business does not retain your c/card info ... I know where I would be more concerned, and it would not be with a website using an encrypted gateway.

Scotty


----------



## HBHB (30/8/12)

Scumbags that do these things need to be named and shamed particularly if it's industrial. 

Martin


----------



## Clutch (30/8/12)

edschache said:


> Just shop the way I do - rock up unannounced and annoy Anthony and Ross for an hour. After an hour you can be fairly sure they're the real deal, even if they are a little seedy from the night before




*nods*

You mean that's _not_ the way it should be done?


----------



## Jay Cee (30/8/12)

Correct. Many people use the same password for everything. If someone gets a hold of it on a non-secure site, then they can get into your emails, and from there that opens up dozens of opportunities for fraud. 

Lesson: Do not use the same passwords for everything. 

As for payment gateway, youre probably right, Nick. Im only a new customer to Craftbrewer, because I mostly buy locally in my own city. And I think I gave my CC details over the phone.


----------



## Nick JD (30/8/12)

Clutch said:


> *nods*
> 
> You mean that's _not_ the way it should be done?



They prefer it if the monkeys students in sector 7G prepare your order.


----------



## Jay Cee (30/8/12)

/// said:


> Oh the c/card paranoia. Ever gone to a restaurant and gave a person your c/card for them to take away and charge? They have your card, your expiry, csv number and signature. This is far greater a concern than a breach of a website that handled your transaction via a secure gateway. You gave your card, consented it to be charged and with a smart phone, allowed someone to take a pic of your signature for future misuse along with another copy of a receipt for them to further copy your signature.
> 
> That person could then charge the crap out of the card before your even back to your car and do a runner with the loot ... ohh the insecurity ... versus a secure gateway where the business does not retain your c/card info ... I know where I would be more concerned, and it would not be with a website using an encrypted gateway.
> 
> Scotty




There's no need to be an asshole, mate.


----------



## Ross (30/8/12)

just confirming that we NEVER see your credit card details via the site - All payments are made direct with the credit card company's payment gateway. It's also illeagal to store credit card details (probably for this very reason).
Also, we can view your username but we can't view your passwords. 

IT guys are working on it. Again, apologies for any inconvenience.

Cheers Ross


----------



## Bribie G (30/8/12)

CB site is down, so obviously working on it. 

Hopefully :huh:


----------



## Clutch (30/8/12)

Jay Cee said:


> There's no need to be an asshole, mate.









It's his thing.
But don't worry, he knows stuff.


----------



## sponge (30/8/12)

/// said:


> Oh the c/card paranoia. Ever gone to a restaurant and gave a person your c/card for them to take away and charge? They have your card, your expiry, csv number and signature. This is far greater a concern than a breach of a website that handled your transaction via a secure gateway. You gave your card, consented it to be charged and with a smart phone, allowed someone to take a pic of your signature for future misuse along with another copy of a receipt for them to further copy your signature.
> 
> That person could then charge the crap out of the card before your even back to your car and do a runner with the loot ... ohh the insecurity ... versus a secure gateway where the business does not retain your c/card info ... I know where I would be more concerned, and it would not be with a website using an encrypted gateway.
> 
> Scotty



Scotty, you have blown my mind once again.

I will never look at a restaurant the same way again.

From now on, I shall carry large wads of cash around in my front pocket for complete security and peace of mind.

But on a more serious note, I have only ever gone to the counter to pay at restaurants, since I need a PIN to do it anyways. I know my parents will often just give there card out though and wait for the reciept to come back to sign. Might not be a bad idea to let them know to be a little more cautious. Never hurts to be a little over cautious in this dog eat dog world...


----------



## QldKev (30/8/12)

sponge said:


> Scotty, you have blown my mind once again.
> 
> I will never look at a restaurant the same way again.
> 
> ...




And the ladies may think you have something huge in there


----------



## hsb (30/8/12)

gmail picked this email up as a phishing scam, straight to spam box. wouldn't even have noticed but for this thread (unless going to the craftbrewer website)

+1 to multiple passwords. I use 1PasswordManager these days and generate unique secure passwords for every website I use. I had an online account compromised (albeit an unimportant non-financial one) and it was a bit of a wake up call that the same details could have caused me serious trouble on other sites.

I hope you catch the culprits and sour mash then boil them.


----------



## sponge (30/8/12)

QldKev said:


> And the ladies may think you have something huge in there



They can always tell the difference between financial and masculine size...


And neither are on my side... <_<


----------



## Batz (30/8/12)

hsb said:


> gmail picked this email up as a phishing scam, straight to spam box. wouldn't even have noticed but for this thread (unless going to the craftbrewer website)




I thought I may have been one a a few not to receive the email, but as with hsb it was in my spam box.


----------



## xa_jg66 (30/8/12)

Well having put through an order less than 24hrs earlier and payed $120 freight I was devistated when I saw the email title this morning!


----------



## Batz (30/8/12)

You more computer savvy guys, what's a good password manager? Is there a decent free download?


----------



## MaltyGoodness (30/8/12)

Got the email about an hour ago. Has links to a fake login page and a fake payment page. Seems like someones gone to a lot of effort to attack Ross' business. Hacked site, 
stole mailing list, set up another url, created fake site, set up a spam mailer etc

Real craftbrewer site is still down :angry: 

Hope they catch who did it


----------



## Logman (30/8/12)

Batz said:


> You more computer savvy guys, what's a good password manager? Is there a decent free download?


Keepass...


----------



## Jay Cee (30/8/12)

xa_jg66 said:


> Well having put through an order less than 24hrs earlier and payed $120 freight I was devistated when I saw the email title this morning!




Christ, did you buy a pallet of FWK's?


----------



## bum (30/8/12)

Batz said:


> You more computer savvy guys, what's a good password manager? Is there a decent free download?


How many phone numbers do you think you've memorised in your lifetime? How is that different to remembering multiple passwords?


----------



## Nick JD (30/8/12)

bum said:


> How many phone numbers do you think you've memorised in your lifetime? How is that different to remembering multiple passwords?



Just have a common password and add the first letter of the website's name to the start of it. And the year (forces you to change it yearly).

eg. Cpassword12

C = Craftbrewer
password = your key word, used everywhere
12 = the year


----------



## bum (30/8/12)

Nick JD said:


> Just have a common password and add the first letter of the website's name to the start of it. And the year (forces you to change it yearly).
> 
> eg. Cpassword12
> 
> ...


Hey, everyone. Post up how you determine all your passwords. And your mother's maiden name/your first pet's name. Sounds like a fun game to play on a public forum.


----------



## donburke (30/8/12)

i feel somewhat neglected that i didn't receive the email


----------



## vortex (30/8/12)

bum said:


> How many phone numbers do you think you've memorised in your lifetime? How is that different to remembering multiple passwords?



Humans CANNOT be trusted to generate sufficiently secure passwords or to remember secure passwords.

Using a password managed like LastPass, correctly configured, with different passwords (long passwords, alpha, numeric, upper & lower case + punctuation) for EVERY site you log in to, significantly improves your security against stolen password databases being cracked.

Crackers can check billions (yes, not a typo, I said BILLIONS) of password combinations a second with regular off the shelf hardware. 'Clever' passwords (such as changing E for 3, i/l for 1), appending/pre-pending your kid's birth year, marriage year, and associated tricks are all useless, and among the first things crackers check. While we all think we're the 'only' one to come up with these things, we're not, and the bad guys know it 

Don't risk it. Do it properly.


----------



## glenwal (30/8/12)

vortex said:


> Crackers can check billions (yes, not a typo, I said BILLIONS) of password combinations a second with regular off the shelf hardware.



I'd like to see the web server that will respond to the billion requests per second, and the firewall that doesn't detect the DOS attack and drop the connection.


----------



## vortex (30/8/12)

Glen W said:


> I'd like to see the web server that will respond to the billion requests per second, and the firewall that doesn't detect the DOS attack and drop the connection.


It's done offline, against a downloaded list of hashed passwords, of course 

This article is particularly good: http://arstechnica.com/security/2012/08/pa...-under-assault/ and scary at the same time.


----------



## bum (30/8/12)

vortex said:


> Humans CANNOT be trusted to generate sufficiently secure passwords or to remember secure passwords.


This has no bearing on whether or not a person is capable of doing so, however.



vortex said:


> Using a password managed like LastPass, correctly configured, with different passwords (long passwords, alpha, numeric, upper & lower case + punctuation) for EVERY site you log in to, significantly improves your security against stolen password databases being cracked.


Doing the same without software removes an extra vulnerability.



vortex said:


> Crackers can check billions (yes, not a typo, I said BILLIONS) of password combinations a second with regular off the shelf hardware.


I've never seen "off the shelf" (i.e. consumer available) password crackers that promime more than a few hundred thousand per second. How many PFLOPS do you think the average scammer's computer is capable of?



vortex said:


> Don't risk it. Do it properly.


For me, the issue with password managers is that all your passwords are tied to a single key (if any, in the case of desktop password managers). Someone who can't be trusted (as you say) to manage their own passwords should stay even further away from password managers.


----------



## insane_rosenberg (30/8/12)

vortex said:


> Humans CANNOT be trusted to generate sufficiently secure passwords or to remember secure passwords.








http://xkcd.com/936/


----------



## donburke (30/8/12)

anz's falcon takes the worry out of these sort of things

plus, the credit card issuer will refund fraudulent transactions 

start worrying about important things like correct cell counts for pitching rates


----------



## vortex (30/8/12)

bum said:


> This has no bearing on whether or not a person is capable of doing so, however.


We all think we are. That is the problem 



bum said:


> Doing the same without software removes an extra vulnerability.


Yes, this is true. However, IMO, the risk is worth it. LastPass appear to have it well sorted out.



bum said:


> I've never seen "off the shelf" (i.e. consumer available) password crackers that promime more than a few hundred thousand per second. How many PFLOPS do you think the average scammer's computer is capable of?



Graphics cards are being used these days for hashing and cracking, and there is a lot of open source software available to do this. I'm going to cop-out here and not link to examples, because i'm at work, and I don't want those searches in my work proxy history; but a google will reveal heaps of information. Security Now episode 366, the latest one, covers this also.



bum said:


> For me, the issue with password managers is that all your passwords are tied to a single key (if any, in the case of desktop password managers). Someone who can't be trusted (as you say) to manage their own passwords should stay even further away from password managers.



Yes, that is a concern of mine, too. However, at least for LastPass, the password 'database' is stored on their server after only being encrypted with AES-256 on the client (with an option of PBKDF2, also). In addition to this, LastPass allows two-factor authentication (something you have + something you know) which requires you to use Google Authenticator to generate a token (it's open source and standards based) when accessing the password database - that way if an attacker does get hold of your password database, even if they have your master password, it's useless to them.

I stayed away from it for a long time for those reasons, but I figure it was worth the risk (I actually do not store _truly_ valuable passwords - such as internet banking - in LastPass).


----------



## Jay Cee (30/8/12)

donburke said:


> start worrying about important things like correct cell counts for pitching rates




That's a myth ! One coopers packet stored at room temperature is plenty :lol:


----------



## glenwal (30/8/12)

donburke said:


> start worrying about important things like correct cell counts for pitching rates



I heard that if you pitch warm you don't need as much yeast - Do you think my Home Brand Larger will work ok. Its fermenting at 30 deg in my shed out the back. I added 2KG of sugaz because i want more alcohol, and used the yeast that came under the lid. I even got it on special for $2.95 because it was passed its best before date.


----------



## glenwal (30/8/12)

Glen W said:


> I heard that if you pitch warm you don't need as much yeast - Do you think my Home Brand Larger will work ok. Its fermenting at 30 deg in my shed out the back. I added 2KG of sugaz because i want more alcohol, and used the yeast that came under the lid. I even got it on special for $2.95 because it was passed its best before date.




hmmm - i think my AHB account may have been hacked because i don't remember posting that. Maybe my password wasn't good enough because i didn't use a password program, i just made it up myself.


----------



## Nick JD (30/8/12)

My passwords for everything are:

NeverHadaPasswordCracked


----------



## bum (30/8/12)

vortex said:


> Graphics cards are being used these days for hashing and cracking, and there is a lot of open source software available to do this.


Yeah, I had a look into it after my last post and saw the stats are a lot faster than when last I looked but the rates are still a lot slower than billions per second for anything stronger than, say, MD5 hashes (which I've been led to believe are fairly out of fashion anyway). But even at those rates can you work out how long it would take to crack my weakest (memorised) current password: 18 characters, upper/lower case, numerals, special characters, spaces? That's 18^93, right? [EDIT: yeah, looking at Shane's graphic above, I've got that up the shit, disregard the figures but I think the point still holds]. Cracking passwords of random internet users simply isn't worthwhile/practical yet.


----------



## sponge (30/8/12)

Nick JD said:


> My passwords for everything are:
> 
> NeverHadaPasswordCracked



Really should be ENeverHadaPasswordCracked12 to know that its used for every site and for this year...


----------



## fraser_john (30/8/12)

I've started using KeePass portable, carry it around on my USB, have not yet tried to see if the Ubuntu version of it can read the same db though that the Windows portable version does........


----------



## mwd (30/8/12)

donburke said:


> anz's falcon takes the worry out of these sort of things
> 
> plus, the credit card issuer will refund fraudulent transactions



Totally Off Topic :icon_offtopic: tried to log onto my ANZ Internet Account and it was blocked It says my eftpos card has been reported lost or stolen which it is odd seeing as I have the card in my hand.

Nothing to do with Craftbrewer as I always pay by direct deposit into their account :icon_offtopic:


----------



## vortex (30/8/12)

Shane R said:


> http://imgs.xkcd.com/comics/password_strength.png
> http://xkcd.com/936/



Passwords can be generated using similar methods - but you can bet that the crackers are using exactly the methods outlined in the comic to generate their own word lists and rainbow tables. I guess I'm more paranoid than most 



bum said:


> Yeah, I had a look into it after my last post and saw the stats are a lot faster than when last I looked but the rates are still a lot slower than billions per second for anything stronger than, say, MD5 hashes (which I've been led to believe are fairly out of fashion anyway). But even at those rates can you work out how long it would take to crack my weakest (memorised) current password: 18 characters, upper/lower case, numerals, special characters, spaces? That's 18^93, right? [EDIT: yeah, looking at Shane's graphic above, I've got that up the shit, disregard the figures but I think the point still holds]. Cracking passwords of random internet users simply isn't worthwhile/practical yet.



Yes as you say, some hashes are generated quicker than others. MD5 particularly is designed for speed, and that one of it's downfalls against attacks of this nature.

Based on what you've said, clearly you're in the 1% where these issues are of little concern  (and by saying that I mean you're aware of the issues and ways to prevent them being a problem when generating your own passwords)


----------



## Bribie G (30/8/12)

My email just arrived. I had been feeling peeved and left out. 

The writing seems suspiciously Yasmani - like, although no mention of pishab.


----------



## bum (30/8/12)

Whois suggests the person behind this may be one Rasool Jamali. But it is all pretty complicated. Rasool Jamali might be an honest businessman trading under the name of craftbewer.com. Do NOT navigate to that page, may be unsafe.


----------



## Clutch (30/8/12)

I hope the culprit gets outed. That'd be fun.


----------



## glenwal (30/8/12)

bum said:


> Rasool Jamali might be an honest businessman trading under the name of craftbewer.com. Do NOT navigate to that page, may be unsafe.



nope - the content on his site has a free shipping image, and a CSS sheet that references images from craftbrewer.com.au.


----------



## DU99 (30/8/12)

sent to span bin


----------



## ashley_leask (30/8/12)

bum said:


> Whois suggests the person behind this may be one Rasool Jamali. But it is all pretty complicated. Rasool Jamali might be an honest businessman trading under the name of craftbewer.com. Do NOT navigate to that page, may be unsafe.



Most likely he is just the listed contact for whatever ISP this clown uses, or just someone whose system got hacked and then used by the perpetrator. DNS records won't get you anywhere with this kind of thing.


----------



## Ross (30/8/12)

Brewers,

Site is back up, apologies for any headaches caused... If you took up the offer & entered your card details for the $5 shipping via the link in the email, please contact your bank & cancel your card immediately.
If you entered card details at checkout on our site, there is no security issue. Call me if you are confused 07 3823 5252
Hopefully no one has been comprimised.

This has been a long day....

Cheers Ross


----------



## vortex (30/8/12)

Ross said:


> Brewers,
> 
> Site is back up, apologies for any headaches caused... If you took up the offer & entered your card details for the $5 shipping via the link in the email, please contact your bank & cancel your card immediately.
> If you entered card details at checkout on our site, there is no security issue. Call me if you are confused 07 3823 5252
> ...



Ross can you please disclose weather any data from your site was stolen? Usernames, passwords (and weather they were hashed or not), address, or any other personal information you keep.

It's important to be transparent and disclose what data (if anything) was stolen so your customers are aware. 

I understand you may not know, but please ask your IT guys for the specifics.


----------



## Jay Cee (30/8/12)

Ross said:


> Call me if you are confused 07 3823 5252



That number is an S & M Parlour in Fortitude Valley <_<


----------



## glenwal (30/8/12)

Jay Cee said:


> That number is an S & M Parlour in Fortitude Valley <_<



Recognise the number did you?


----------



## Batz (30/8/12)

vortex said:


> Ross can you please disclose weather any data from your site was stolen? Usernames, passwords (and weather they were hashed or not), address, or any other personal information you keep.
> 
> It's important to be transparent and disclose what data (if anything) was stolen so your customers are aware.
> 
> I understand you may not know, but please ask your IT guys for the specifics.




This would be nice to know.


----------



## Bribie G (30/8/12)

Batz said:


> This would be nice to know.



Yes, usernames and passwords are one thing, but names, addresses and phone numbers are another. Also stuff on specific orders like "always out on Tuesdays, leave round the side" - hypothetical of course but could happen.


----------



## Liam_snorkel (30/8/12)

it's baaack


----------



## MelbourneDave (30/8/12)

Not sure if it's all fixed. After reading this thread I was curious to have a look at the craftbrewer site and just clicked on the ad at the top of the forums page literally a minute ago. Was sent to the dodgy page with broken english and free $5 shipping etc. So people probably still need to be wary.

Edit: Beaten to it!


----------



## Batz (30/8/12)

I'll say Ross would about due for a Bex and a nice lie down.


----------



## Ross (30/8/12)

Brewers,

As soon as we put the site back up, the spammers were instantly in so i've pulled the site back down.

Passwords may have been comprimised so please take action on any other accounts that may be using the same password.
Credit cards have definately not been comprimised unless you entered your card details into the $5 link - in which case, please cancel your card immediately.

I'm away for the evening, so wont be back online till tomorrow - I'm available on mobile for anyone worried or confused 0412 666952.

Really sorry.... i need a drink!!!

Ross


----------



## gravey (30/8/12)

Might be time to change hosts? Generally a site can only be hacked if the server contains a security vulnerability. So either the server isnt fully patched or the the OS or associated software has a known bug that hasnt had a patch released yet. What version of Plesk is being run on this server? Anything below a fully patched v11 should not be trusted


----------



## Batz (30/8/12)

Ross said:


> Brewers,
> 
> As soon as we put the site back up, the spammers were instantly in so i've pulled the site back down.
> 
> ...



Sorry to hear that Ross, I'm sure we all wish you the best best in getting on top of these guys as soon as possible. No one here would blame the Craftbrewer team for what has happened, but we are a little concerned about the thief of our personal details as you would appreciate.
Looking forward to seeing your site up and running again soon, chin up old boy!

Batz


----------



## [email protected] (30/8/12)

Man i hate scammers! they should be strung up.

I wish i could remember what password i was using? I cant so i am going about changing all others.

Good luck Ross and CB team in getting it sorted.


----------



## Bribie G (30/8/12)

Shouldn't affect your sales. The attack isn't so much an attack on you, it's an attack on us.


----------



## Batz (30/8/12)

Just a bit more on this, I just checked my spam box (gmail) to see if I had anything else. There was an email from a brewer here in Queensland, first and second names but a yahoo account, [email protected], not the name but you get the idea.
All it had was "Hey Batz" and a link to click on, I don't believe this is their email and I didn't open the link. 

I have no idea if the craftbrewer hacking is connected but it does look suss, just a heads up to beware. My knowledge of this sort of stuff and computers is about the same as females, I've had both for years but still don't understand how they work.

Batz


----------



## [email protected] (30/8/12)

Batz said:


> I have no idea if the craftbrewer hacking is connected but it does look suss, just a heads up to beware. My knowledge of this sort of stuff and computers is about the same as females, I've had both for years but still don't understand how they work.
> 
> Batz


Plus 1
:lol: best thing ive read all day


----------



## bum (30/8/12)

gravey said:


> Might be time to change hosts? Generally a site can only be hacked if the server contains a security vulnerability. So either the server isnt fully patched or the the OS or associated software has a known bug that hasnt had a patch released yet. What version of Plesk is being run on this server? Anything below a fully patched v11 should not be trusted


If I remember correctly (and it has been along time since I checked), the site is written in php. Not 100% secure no matter where you host it. Anyway, I'm sure Ross has got his boffins on to it.

Everyone concerned about this issue - if you change passwords anywhere you use the same one as at Craftbrewer then everything should be safe enough. If you willingly gave out your payment details by buying free postage then cancel your card asap then slap yourself in the face for being so gullible.


----------



## pk.sax (30/8/12)

You can also slap u bum for suggesting you are gullible.

anyway, sad to see you gettign targetted Ross. Hope you get on top of it.


Re passwords.. hmnnn.... I think I might start using per website email addresses. Not that I'd ever use the same password for web services with different levels of importance to me but this kind of attack is fairly un-nerving. I reckon the only way to stay clear of scammers is to keep a low profile.


----------



## Nick JD (30/8/12)

bum said:


> if you change passwords anywhere you use the same one as at Craftbrewer then everything should be safe enough.



How do these hackers know what other sites I have entered the same password? 

Surely they'd have to then hit me up for my cookies? 

But how do they know who I am?


----------



## Rowy (30/8/12)

Nick JD said:


> How do these hackers know what other sites I have entered the same password?
> 
> Surely they'd have to then hit me up for my cookies?
> 
> But how do they know who I am?




It's the force young skywalker.................


----------



## rotten (30/8/12)

Bugger I got one too. Best of luck with it Ross. I'm glad I have been watching this even though I think I'm not that gullible <_<


----------



## Nick JD (30/8/12)

Rowy said:


> It's the force young skywalker.................



JarJar Bum.


----------



## vortex (30/8/12)

Nick JD said:


> How do these hackers know what other sites I have entered the same password?
> 
> Surely they'd have to then hit me up for my cookies?
> 
> But how do they know who I am?



They certainly don't need your cookies; they're generated on login. Most likely they would plug the username/email and password into various other sites (facebook, twitter, google, yahoo, hotmail accounts etc) first, and if they gain access, usually they'll just use the account for spam. One of my twitter accounts was accessed without my authorisation using this method, thankfully it was caught very quickly (and I've stopped being so lazy with my passwords!).

Many people will use the same username/email and password across many sites, meaning they can simply plug a whole harvested database into an automated process to do all the work for them; sometimes that will often be doing the actual spamming, other times it may simply verify the details work so they can sell them on. They're simply playing the numbers, sadly it's so a big number who use the same details everywhere (or close enough to it).

At the end of the day, they don't care who 'you' are.


----------



## Nick JD (30/8/12)

vortex said:


> They certainly don't need your cookies; they're generated on login. Most likely they would plug the username/email and password into various other sites (facebook, twitter, google, yahoo, hotmail accounts etc) first, and if they gain access, usually they'll just use the account for spam. One of my twitter accounts was accessed without my authorisation using this method, thankfully it was caught very quickly (and I've stopped being so lazy with my passwords!).
> 
> Many people will use the same username/email and password across many sites, meaning they can simply plug a whole harvested database into an automated process to do all the work for them; sometimes that will often be doing the actual spamming, other times it may simply verify the details work so they can sell them on. They're simply playing the numbers, sadly it's so a big number who use the same details everywhere (or close enough to it).
> 
> At the end of the day, they don't care who 'you' are.



Good thing my password rule (posted above) works fine for this, hey?  Very simple to beat these masterminds.

And if they do spam via my shit ... who GAF?

People take their internets too seriously.


----------



## matho (30/8/12)

Maybe GLS is importing cheap Chinese hackers to bring down ross's site so he can break into the hop market


----------



## MastersBrewery (30/8/12)

good luck, Ross hope things sort themselves out, if a linching party is required for sorting this lolife scum out, I can see you won't have to look too far for assistance, look forward to see thing back up and runnning soon, I sure most of your regulars still know how to use the phone for their orders :blink: 

Mike


----------



## WarmBeer (30/8/12)

Batz said:


> ... My knowledge of this sort of stuff and computers is about the same as females, I've had both for years but still don't understand how they work.
> 
> Batz


One outta two ain't bad?


----------



## Liam_snorkel (30/8/12)

TND would be loving this


----------



## Online Brewing Supplies (30/8/12)

I had my password hacked on craftbrewer site by Ross himself, how safe is that ?? <_< 
Nev


----------



## jc64 (30/8/12)

Well I've been left out no dodgy e-mail for me, hope the site is back up soon, I have to get my fix of looking at things I want but can't afford then somehow justify the expense :lol:


----------



## Acasta (30/8/12)

Nick JD said:


> Good thing my password rule (posted above) works fine for this, hey?  Very simple to beat these masterminds.
> 
> And if they do spam via my shit ... who GAF?
> 
> People take their internets too seriously.



They would use the username p/w combo in a generator on heaps of sites. What they do with that info...

http://xkcd.com/792/


----------



## kymba (31/8/12)

did they get any direct deposit info and does that mean anything? can they get anything sensitive off the invoice history? and do they know what porn sites i visit?


----------



## gravey (31/8/12)

They would only have access to what's in the craftbrewer database, which wouldn't include bank information.

With some luck auditing is enabled on the database, which will tell the admins what data, if any, has been stolen.


----------



## bum (31/8/12)

gravey said:


> They would only have access to what's in the craftbrewer database, which wouldn't include bank information.


This is a phishing scam. They have access to whatever information tight-arsed homebrewers have willingly given them. Probably a tonne.


----------



## gravey (31/8/12)

bum said:


> This is a phishing scam. They have access to whatever information tight-arsed homebrewers have willingly given them. Probably a tonne.



Yeah sure if you gave them those details via the phishing link....but I am talking specifically about the access they have to the craftbrewer.com.au database, which they very well may have access to considering they were able to modify the front page of the site. If they can modify a site page, chances are they have access to the customer database, which Ross has said only contains customer info, not banking details as that is handled by a 3rd party.


----------



## rotten (31/8/12)

:icon_offtopic: Has anyone called ACA yet?

Good luck with it Ross


----------



## kymba (31/8/12)

gravey said:


> ...specifically about the access they have to the craftbrewer.com.au database...



yeah this is what i meant too - if they have the passwords and login details, what other infos do they have access to?


----------



## Jay Cee (31/8/12)

This thread is yesterday's news. Poor Ross is obviously hassled out enough that his business is being used as the front face a phishing scam, but I truly believe that the impact on customers will be minimal, unless someone out there is incredibly stupid. All they would have gotten was e-mail addresses, that's it. The magic to these scams is that they trick you into giving them your details directly. And if you fell for this one, there's every chance you have been a victim of this sort of thing in the past. There are hundreds that your spam filter would trash each month before you even see them. The only difference with this one is that its your chosen vendor. Next week it might be an email from your bank.


----------



## mwd (31/8/12)

gravey said:


> Yeah sure if you gave them those details via the phishing link....but I am talking specifically about the access they have to the craftbrewer.com.au database, which they very well may have access to considering they were able to modify the front page of the site. If they can modify a site page, chances are they have access to the customer database, which Ross has said only contains customer info, not banking details as that is handled by a 3rd party.



If they have access to the database then they have your sign in name and password + your name and postal address and possibly your telephone number. You should be concerned if you use the same login and password for other sites.


----------



## Jay Cee (31/8/12)

Tropical_Brews said:


> If they have access to the database then they have your sign in name and password + your name and postal address and possibly your telephone number. You should be concerned if you use the same login and password for other sites.




If they had access to the passwords, why on earth would they bother with developing and emailing a group phishing scam ? It would be more logical* not*to alarm the potential victims, and silently gather information without your knowledge that something is amiss. If they had passwords...... Which they don't...... Because they are phishing ! 

Everything is going to be OK, brewers.


----------



## bum (31/8/12)

Jay Cee said:


> Which they don't...... Because they are phishing !


This will effectively be true. However they may actually have the _encrypted_ passwords but can't do anything with them. If you clicked the link they will certainly have asked you for your password and you may very well have given it to them.


----------



## vortex (31/8/12)

Jay Cee said:


> If they had access to the passwords, why on earth would they bother with developing and emailing a group phishing scam ? It would be more logical* not*to alarm the potential victims, and silently gather information without your knowledge that something is amiss. If they had passwords...... Which they don't...... Because they are phishing !
> 
> Everything is going to be OK, brewers.



Ross himself said they _may_ have had access to the passwords stored in the database - and by extension that would include all other information in the same database. If he or his IT guys don't know for sure, it's best to assume it's been stolen, given the nature of what has occurred. I'm not sure if the modifications took place with XSS or via a local modification; I was hoping Ross could confirm this via his IT guys. If it was via XSS, it's entirely possible they have no personal details from the site, at all.

Their _end_ goal is financial gain, probably from selling the valid credit card details they have gained from the dodgy site (hopefully very few!), or by using these details to buy things. But, if they did download all of the personal details from CB's database (CB store no CC details), who's to say they're not going to either A) sell those off too, or B) use them for spear-phishing against it's own customers?

They obviously intended to go undetected - it was only through their own poor English skills that they got spotted (and real quickly, too).


----------



## Wolfy (31/8/12)

vortex said:


> Ross himself said they _may_ have had access to the passwords stored in the database - and by extension that would include all other information in the same database. If he or his IT guys don't know for sure, it's best to assume it's been stolen, given the nature of what has occurred. I'm not sure if the modifications took place with XSS or via a local modification; I was hoping Ross could confirm this via his IT guys. If it was via XSS, it's entirely possible they have no personal details from the site, at all.
> 
> Their _end_ goal is financial gain, probably from selling the valid credit card details they have gained from the dodgy site (hopefully very few!), or by using these details to buy things. But, if they did download all of the personal details from CB's database (CB store no CC details), who's to say they're not going to either A) sell those off too, or B) use them for spear-phishing against it's own customers?
> 
> They obviously intended to go undetected - it was only through their own poor English skills that they got spotted (and real quickly, too).


Unless - as *Ross* indicated earlier in the thread - the attack is a personal one designed to discredit and harm his company.

I don't know what all the fuss is about anyway, if someone uses the same (or related) password for inherently insecure and trivial purposes (routiene logins to online shops, forums etc) as they do for important things (online Banking, PayPal etc) they should expect to have problems when something like this occurs - which happens often enough for any sensible Internet user to be concerned. It's just the same as if you plaster real/personal details publicly all over the place (Facebook/other social networking).


----------



## adryargument (31/8/12)

Bah,

All these dramas - cant believe CB website is down.
Tempted to start the drive to brisbane - need more kegs!


----------



## vortex (31/8/12)

Wolfy said:


> Unless - as *Ross* indicated earlier in the thread - the attack is a personal one designed to discredit and harm his company.


I only skimmed over that previously; but I'm sure that will ultimately backfire on the attacker(s). Personally my missus and I have shopped with CB a few times over the past 12 months and will be again in the future once this mess is cleaned up. I'm guessing ditto for just about everyone else, too.

If he knows the person(s) involved, hopefully he can successfully press charges against them, as what they have done _is_ illegal.


----------



## gravey (31/8/12)

The passwords are actually only encrypted in Plesk v11 and even then it is very poorly done - if you have access to the server, you have access to the encryption key, which means you can easily decrypt the passwords. The other method employed by Plesk v11 is a hashed password....but once again this is useless as its per server, not per user, which means if you have access to the server you can decrypt the passwords very easily.

Finally, it looks like this server had some vulnerbailities - it could be that Plesk was a version older than v11, in which case passwords are stored in PLAIN TEXT.

So either way, people thinking that the passwords are secure are fooling themselves when it comes to Plesk.

I'd be interested to know if the attack used the unpatched IIS6 vulnerability or a vulnerability in Plesk. Either way, if this is a managed host, the provider has a lot of explaining to do

The passwords dont bother me too much, its the emails, address and phone numbers that bother me more


----------



## vortex (31/8/12)

Assuming his host was using it, Plesk passwords would be entirely separate to the users passwords stored in the Craft Brewer database, which is the real concern here. Any hashing/encryption on the passwords would have nothing to do with Plesk.


----------



## JaseH (31/8/12)

LOL @ the paranoid hysteria!

Drink a beer, relax. Address and phone numbers are hardly sensitive personal information, unless your in witness protection?


----------



## gravey (31/8/12)

vortex said:


> Assuming his host was using it, Plesk passwords would be entirely separate to the users passwords stored in the Craft Brewer database, which is the real concern here. Any hashing/encryption on the passwords would have nothing to do with Plesk.



Under the impression customer info is stored within Plesk when utilising the online store features, not a seperate database? It all depends on the manner in which the site was deployed...using Plesk Web Precense Builder or not. I imagine it was all built using Plesk tools as the host now shows the default Plesk web page when viewing craftbrewer


----------



## glenwal (31/8/12)

In case anyone was worried, your personal information (name, phone number and address) have infact been published publicly on a website here


----------



## Batz (31/8/12)

Nice to see Craftbrewer site back up and running.

I'll say you deserve a couple of cold ones Ross :beer:


----------



## Paul H (31/8/12)

Oooops down again..

Cheers

Paul


----------



## Batz (31/8/12)

Paul H said:


> Oooops down again..
> 
> Cheers
> 
> Paul




Works for me.


----------



## bum (31/8/12)

gravey said:


> it could be that Plesk was a version older than v11, in which case passwords are stored in PLAIN TEXT.


Yikes!



Frothie said:


> LOL @ the paranoid hysteria!
> 
> Drink a beer, relax. Address and phone numbers are hardly sensitive personal information, unless your in witness protection?


Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.

Anyone who wants to understand more of the dangers (without the technical details) have a look at this article: http://www.wired.com/gadgetlab/2012/08/app...-honan-hacking/ While you're reading it, try to remember this was done by some bored kids. Absolute tip of the iceberg stuff.


----------



## Wolfy (31/8/12)

gravey said:


> I imagine it was all built using Plesk tools as the host now shows the default Plesk web page when viewing craftbrewer


I imagine that you're incorrect, but (I presume like you) I have no knowledge how the site/server is setup, other than the web server is running Plesk.
Plesk is software that server administrators run to make server (and client) management tasks easier - in general it has absolutely nothing to do with how an individual web site hosted on the Plesk server is written, coded, configured or how the information stored by that website is encrypted or encoded. In addition (again I have no knowledge of this individual situation) it is quite likely that the attack is related to the software/configuration used to write the website/store/database rather than how the server is setup and configured.


----------



## Batz (31/8/12)

bum said:


> Yikes!
> 
> 
> Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.
> ...




This is very true, and we make it even easier by putting our birthday details right here, and most use the same host name at both sites. Deleted my birthday details just now.


----------



## vortex (31/8/12)

bum said:


> Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.
> 
> Anyone who wants to understand more of the dangers (without the technical details) have a look at this article: http://www.wired.com/gadgetlab/2012/08/app...-honan-hacking/ While you're reading it, try to remember this was done by some bored kids. Absolute tip of the iceberg stuff.


Yep, scary stuff indeed. Also, consider that every rant I and others have had about password strength, length and hashing type, is all worthless in the context of what happened to Mat. It was entirely social engineering (loopholes at Amazon and Apple allowed this), not a single password was stolen or cracked to gain access to any of the accounts, and yet they were able to cause so much havok. There is other lessons to be learned from Mat's story, but they're mostly outside the scope of this thread.

That said, what has been said about passwords previously is still incredibly important!


----------



## JaseH (31/8/12)

bum said:


> Yikes!
> 
> 
> Google "identity theft" real quickly for me. See if you can work out how easy it is for someone to get credit in your name, entirely without your permission. The information they need is very easily obtained. It is even more easily obtained if you happen to be reusing passwords and they obtain it. This isn't paranoia. Password integrity is a simple, sensible concept with which more people should be familiar. You need to be more vigilant than you seem to be.



I know about it, I've been working in IT industry for 15yrs. All I'm saying is your address and phone number are not secrets, your kidding yourself if you think they are.

Should I stress about it? Crossing the road is dangerous too but I don't get all paranoid about it. Keep a good password policy, relax and have a beer!


----------



## bum (31/8/12)

vortex said:


> but they're mostly outside the scope of this thread.


I disagree. Giving people your (reused) passwords makes the whole thing easier and worse. 

However, I did only link the article to give some idea of what can be done with a very small amount of information, responding to a claim that knowing someone's name and email is no big deal. There's no defending an entirely blase attitude to this stuff (which I obviously see you understand).


----------



## Toper (31/8/12)

vortex said:


> Yep, scary stuff indeed. Also, consider that every rant I and others have had about password strength, length and hashing type, is all worthless in the context of what happened to Mat. It was entirely social engineering (loopholes at Amazon and Apple allowed this), not a single password was stolen or cracked to gain access to any of the accounts, and yet they were able to cause so much havok. There is other lessons to be learned from Mat's story, but they're mostly outside the scope of this thread.
> 
> That said, what has been said about passwords previously is still incredibly important!


 Absolutely important,and every person who clicked that link should do a thorough AV scan,NOW ! Clickjacking and drive by downloads are still common.A keystroke logger check would also be advised,if you get one imbedded and don't realise ,it's big trouble.A good one is KLDetector,just search for it.And make sure all your AV is up to date,the interweb is the wild west,be protected.


----------



## JaseH (31/8/12)

toper01 said:


> Absolutely important,and every person who clicked that link should do a thorough AV scan,NOW ! Clickjacking and drive by downloads are still common.A keystroke logger check would also be advised,if you get one imbedded and don't realise ,it's big trouble.A good one is KLDetector,just search for it.And make sure all your AV is up to date,the interweb is the wild west,be protected.



Or use Linux


----------



## NickB (31/8/12)

Or OS X


----------



## vortex (31/8/12)

Neither can get Windows malware, granted, but they both have their own  Again, less of it than Windows - but thinking they're completely immune is shortsighted at best.


----------



## Cube (31/8/12)

Frothie said:


> Or use Linux



Linux does not protect one from stupidity. Neither does a Mac. I use iMac, Linux and windows daily.. Linux just for fun nothing serious as I prefer my iMac.

Windows is the worst of the three operating systems but still, stupid wins overall.

Btw batz, always bullshit or leave blank your date of birth on forum sign ups and even gmail, hotmail etc.

There will always be people blindly clicking links in emails with no thought. No body can help that.


----------



## Toper (31/8/12)

Frothie said:


> Or use Linux


 I certainly do,Ubuntu,and as far as I'm concerned ,it walks all over Windows,but I still realise the risk with ANY operating system,they can all get malware and none are bullet proof,as Mac users have started to find out lately.And just to emphasise the point again,NEVER click on suspect links ! NEVER !


----------



## Toper (31/8/12)

This is an excellent tool for checking the safety of any website before clicking,please bookmark it and use  http://www.urlvoid.com/


----------



## mosto (31/8/12)

toper01 said:


> This is an excellent tool for checking the safety of any website before clicking,please bookmark it and use  http://www.urlvoid.com/



How do I know that link is trustworthy :lol:


----------



## Toper (31/8/12)

mosto said:


> How do I know that link is trustworthy :lol:


 That was just a test Grasshopper  ,always search for the site yourself , you are learning well


----------



## JaseH (31/8/12)

A quick test I often do to get an idea if an email link is legit, is to mouse-over it and see what the actual link display as in the status bar before clicking on it.

For instance, a Paypal spoof email may have:

Click on this link to verify your account: http://verify.paypal.com


----------



## daemon (31/8/12)

gravey said:


> The passwords are actually only encrypted in Plesk v11 and even then it is very poorly done - if you have access to the server, you have access to the encryption key, which means you can easily decrypt the passwords. The other method employed by Plesk v11 is a hashed password....but once again this is useless as its per server, not per user, which means if you have access to the server you can decrypt the passwords very easily.


If you've gained root level access to the server then the reality is the passwords area moot point (since they can reset them anyway)! 


gravey said:


> Finally, it looks like this server had some vulnerbailities - it could be that Plesk was a version older than v11, in which case passwords are stored in PLAIN TEXT.


There's no way you could tell. As someone who manages a large number of Plesk servers, the recent vulnerabilities didn't have anything to do with how the passwords were stored (it was a SQL injection). Given the way that Craftbrewer have been specifically targeted, they may have tried any number of methods to find an exploit.

Hopefully Ross's team is on top of it all now anyway so that he can have a few beers on the weekend


----------



## andytork (1/9/12)

These hackers are pretty stupid

If you want to steal money, wouldn't you target Golf Websites or Yacht clubs rather than tight arse homebrewers who max out their cards on 100g of hops

Pehaps they are going to the Guiness World Record of most scammed card declines per hour


----------



## brettprevans (1/9/12)

just deleted the hoax email and changed my passwords.

Ross - if the guys doing this are found to be in melbourne, me and a few of my old acquaintances are happy to go pay them a visit 

now as for password managers - 1password is brilliant. you can get it for mac, pc, iphone, android etc. highly secure. that way you can have very complicated passwords for every account, email etc and all you have to remember is your 1 complicated 1password password. great stuff for those that dont want a lot of random complicated passwords floating around their head. for those thinking that this stuff is bollocks i remember back in uni (over a decade ago) in a crime and info tech subject a guy from crimtrak coming in and saying that all his passwords were at least 15 numbers/letters as anything less than that was easy enough to hack. that was over 10 years ago. massive advancements in cyber hacking tools since there. remember its not paranoia if its true.


----------



## the_new_darren (1/9/12)

Gryphon Brewing said:


> I had my password hacked on craftbrewer site by Ross himself, how safe is that ?? <_<
> Nev






Thats interesting as Ross said he didn't have access to passwords???


Concerning what othere information might have been collected.

And, no..It wasnt me. I can barely turn the computer on, let alone develop a hacking website.


----------



## Toper (1/9/12)

andytork said:


> These hackers are pretty stupid
> 
> If you want to steal money, wouldn't you target Golf Websites or Yacht clubs rather than tight arse homebrewers who max out their cards on 100g of hops
> 
> Pehaps they are going to the Guiness World Record of most scammed card declines per hour


 Hackers aren't necessarily trying for cc numbers,if a dodgy e mail link is clicked by the recipient lots of things can happen.A keystroke logger can be inserted into the pc,for example,and that gives someone access to everything typed on the compromised pc ,including passwords for other sites,then it's spam heaven for the hacker.Sometimes it might be malware that gives the hacker control of the innocent persons pc and if enough ppl have done the same,the hacker now has a botnet system for DDS attacks.Lots of very nasty things can be the reason for a hack,including the attempt to disrupt /harm a business.Never click untrusted/unknown links.


----------



## Clutch (1/9/12)

Speaking as a former debt collector, most people who've bought or sold something on this very website here have left themselves far more open to identity theft than someone who purchased something online from CB.


----------



## Ross (1/9/12)

Brewers,

Website is back up & hopefully will remain unhacked till we get our new website live - The new website is on a much more up todate & secure server, it should have gone live 2 months ago, but they're still having a few issues with the MYOB accounts integration.
The hacker simply used our newsletter service to send out all the spam emails, so it doesn't appear they accessed passwords etc, but as a matter of caution, please change as previously advised.

Apologies for the inconvenience caused, it has cost us a lot of sleep & thousands of dollars in sales, so really hope the IT guys have plugged the gap on their server & we can get on with business & making beer...


Cheers Ross


----------



## white.grant (1/9/12)

Good news Ross.


----------



## Toper (1/9/12)

Great news,and please get me that email Ross,and I'll start some corrective action with friends help


----------



## Batz (1/9/12)

Went to change my password and the sites still down, or it is for me anyway.

batz


----------



## mwd (1/9/12)

Yep still down here as well. I am not on the newsletter list and did not receive the phishing E-Mail.


----------



## stillscottish (1/9/12)

Works for me.


----------



## Toper (1/9/12)

Is that when you click on the sponsor logo on top of the page here? I'm not a customer there but the site appears to me when I click,no probs.Haven't tried to register though.


----------



## Batz (1/9/12)

No go for me. :angry:


----------



## luke_j (1/9/12)

Guys, if it's still down for you I suggest you clear your browser history (cookies etc.) and you should be good to go. Worked for me, anyway.


----------



## Cube (1/9/12)

Or simply click 'reload' button in chrome when at that plesk page.


----------



## fraser_john (1/9/12)

OK, so this has finally kicked me off to managing passwords properly with KeePass, but, I cannot find anywhere on Craftbrewer to change password, and if it is simply over typing the current password in the Account section, the password field is not really long enough.....


----------



## Batz (1/9/12)

fraser_john said:


> OK, so this has finally kicked me off to managing passwords properly with KeePass, but, I cannot find anywhere on Craftbrewer to change password, and if it is simply over typing the current password in the Account section, the password field is not really long enough.....




I don't know? How do you change your password?
Perhaps you need to go through the forgot my password trail.


----------



## vortex (1/9/12)

fraser_john said:


> OK, so this has finally kicked me off to managing passwords properly with KeePass, but, I cannot find anywhere on Craftbrewer to change password, and if it is simply over typing the current password in the Account section, the password field is not really long enough.....



Absolutely. 10 character max, way too short.


----------



## Toper (1/9/12)

Yep,10 characters is very short for safety,up 32 would be way better. I'm wondering if anyone still has one of these emails ? I'm helping Ross out in a way and want to try and get this spammer's website shut down for breaching the terms of his domain host.At the least I'll get him/her put on a worldwide spammer database.I need a copy of the email,complete with headers,as proof of breach.Full headers are all the computer language about the origin of the email,it's a slightly different way to view the header depending on your email type,hotmail,yahoo,etc.Generally "view source" .If someone still has a copy and can send it to me, including headers ,please pm me here.If you've a copy but not sure how to get the header,I'll explain it for whatever email you've got .


----------



## goomboogo (1/9/12)

vortex said:


> Absolutely. 10 character max, way too short.



I've seen a bank allowing a maximum of 8 characters for passwords to access an account online.


----------



## drew9242 (1/9/12)

andytork said:


> These hackers are pretty stupid
> 
> If you want to steal money, wouldn't you target Golf Websites or Yacht clubs rather than tight arse homebrewers who max out their cards on 100g of hops
> 
> Pehaps they are going to the Guiness World Record of most scammed card declines per hour



Haha so true.


----------



## shavey147 (1/9/12)

toper01 said:


> Yep,10 characters is very short for safety,up 32 would be way better. I'm wondering if anyone still has one of these emails ? I'm helping Ross out in a way and want to try and get this spammer's website shut down for breaching the terms of his domain host.At the least I'll get him/her put on a worldwide spammer database.I need a copy of the email,complete with headers,as proof of breach.Full headers are all the computer language about the origin of the email,it's a slightly different way to view the header depending on your email type,hotmail,yahoo,etc.Generally "view source" .If someone still has a copy and can send it to me, including headers ,please pm me here.If you've a copy but not sure how to get the header,I'll explain it for whatever email you've got .



PM sent


----------



## hirns (1/9/12)

Is the site down as I've not even been able toaccess it in the last two days?  

Hirns


----------



## Batz (1/9/12)

hirns said:


> Is the site down as I've not even been able toaccess it in the last two days?
> 
> Hirns






> Guys, if it's still down for you I suggest you clear your browser history (cookies etc.) and you should be good to go. Worked for me, anyway



From Luke, fixs it.


----------



## Toper (1/9/12)

shavey147 said:


> PM sent


 Recieved and reply sent,thanks heaps


----------



## hirns (1/9/12)

Nope still this!


----------



## mwd (1/9/12)

F5 or Ctrl R should fix it up if you are using Windoze.


----------



## Toper (1/9/12)

Would anyone who still has one of these emails please send me it with full headers? pm me here for my email addy to send it to.This will explain how to get the full headers  
<h2 class="posttitle icon">



How to find email headers </h2> OK, we should have done this a long time but we didn't. So here it is. I will build it, or other admins will help build it.

*What is an email header?*
An email header provides all the information about an email you received. That includes really important things like where the email originated from. Don't write us asking us to arrest some scammer if you don't give us an email header. It can't be done.

*Why do you (AFI) want full email headers?*
An email header will show the originating ISP (i.e. where the email came from) and it also tells us the route that an email took from the scammer's computer to yours. We don't use all of that information but other people  around here do. 


An email header *does not* look like this:

From: Mr. James Blaire <[email protected]>
Subject: CONTACT FEDEX COURIER COMPANY
Date: Friday, September 19, 2008,

That does not tell us very much except the email account the scammer used to send the email and the name on the account. It also tells us the date he sent the email. That's about 20% useful information. In short, it really does not provide much that is useful.


An email header is longer and looks something like this (this is a yahoo email header, an example):

X-Apparently-To: [[email protected]] 203.216.249.210; Tue, 23 Sep 2008 13:16:00 +0900
X-Originating-IP: [120.12.33.215] *<----This is important*
Return-Path: <[email protected]>
Received-SPF: none ([120.12.33.215]: domain of [[email protected]] does not designate permitted sender hosts)
Authentication-Results: mta127.mail.tnz.adress.com from=scam.com; domainkeys=neutral (no sig)
Received: from 120.12.33.215 (EHLO 120.12.33.215) (120.12.33.215)by mta127.mail.tnz.address.com with SMTP; Tue, 23 Sep 2008 13:15:59 +0900
Message-ID: <[email protected]>
From: "Yahoo boi" <[email protected]> Add to contacts 
To: "Your name" <[email protected]>
Subject: Hi! I'm a scammer and I want to steal your money
Date: Tue, 23 Sep 2008 02:30:51 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_NextPart_000_0002_01C91D33.0519E9D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
Content-Length: 1445


*Do you want the body text of the email?*
Yes. The header by itself tells us where the email came from but it doesn't tell us what the email says.


*How do I post a scam email at AFI?*
Copy and paste everything including the full email header. *Please be sure that you remove your email address from the post.* In the above example where your email is [[email protected]] you can post @address.com or [[email protected]]. That doesn't affect what we do one way or another but you *do not* want your email to become public. Especially here.


*Find them!*
Below we will post some servers and links to specific posts about how to find headers using those email servers. Click on the email service you use and we will try to walk you through some step-by-step instructions to find the email headers.

(Note to admins, etc. Please activate the link in these servers as you post here. Thanks)

AOL 

Bigstring

CompuServe

Cox.net 

Excite

Eudora 

Fastmail

Gmail 

Hotmail 

Lycos 

Mail.com 

Macintosh OS X Mail

MSN

Netscape 

Orange Webmail UK

Outlook 

Outlook Express 

Rediffmail 

Sify.com

Squirrel Mail

Thunderbird

WebTV

Windows Live Mail

Yahoo (all language versions)​


----------



## JaseH (1/9/12)

toper01 said:


> Would anyone who still has one of these emails please send me it with full headers? pm me here for my email addy to send it to.This will explain how to get the full headers



Ross said they used his newsletter service to send the emails, I don't think the headers are going to tell you anything more than that it originated from craftbrewer.


----------



## Nick JD (1/9/12)

I just recieved an amail in my hatmail account that says Craftbrewer has scramblid all my vowuls. 

Can it be that I'm not meshing at a hegh enough bitrete? 

And NEB Bank says I heve lust one milliun dollarz becausi I usad all the seme passwurds. 

Oh noz.


----------



## Crusty (1/9/12)

fraser_john said:


> OK, so this has finally kicked me off to managing passwords properly with KeePass, but, I cannot find anywhere on Craftbrewer to change password, and if it is simply over typing the current password in the Account section, the password field is not really long enough.....






Batz said:


> I don't know? How do you change your password?
> Perhaps you need to go through the forgot my password trail.



Guys, just log in as normal & go to update my details. Enter your new password & scroll down to save changes & you're all done.


----------



## brettprevans (1/9/12)

Update details -	change password

get 1password. Keep all ur passwords under lock and key. My 1password is more than 25 letters and numbers none to do with my personal details or sequential words. All my passwords safe, sound and complicated and I only have to remember 1of them.


----------



## Nick JD (1/9/12)

I changed my password from password to password1. 

No one ever guesses the key is under the doormat.


----------



## mwd (1/9/12)

I used to have a programme that tracked E-mails backed to source and all junctions in between using data from the hidden headers.
Buggered if I can find it now though I am pretty sure it was freeware.

email tracker pro


----------



## fraser_john (2/9/12)

goomboogo said:


> I've seen a bank allowing a maximum of 8 characters for passwords to access an account online.



Yep, NAB has a particularly weak password configuration on their internet banking, not happy jan.


----------



## Toper (2/9/12)

Frothie said:


> Ross said they used his newsletter service to send the emails, I don't think the headers are going to tell you anything more than that it originated from craftbrewer.


 Probably right,but i'd love to see anyway,and thanks to the members who have messaged me.So far I've found this out,it's a start  His phone number details 

Tel. +98.9171762673 

Number billable as mobile number
Country or destination Iran
City or exchange location South Iran
Original network provider* Mobile Communications Company of Iran (TCI)


----------



## leiothrix (2/9/12)

Nick JD said:


> I changed my password from password to password1.
> 
> No one ever guesses the key is under the doormat.




All my passwords are blank. Everyone keeps trying and trying, but no one thinks that the password is actually no password.

Crazy -- like a fox


----------



## Batz (2/9/12)

toper01 said:


> Probably right,but i'd love to see anyway,and thanks to the members who have messaged me.So far I've found this out,it's a start  His phone number details
> 
> Tel. +98.9171762673
> 
> ...




Sure doesn't look like a naughty Aussie then, he maybe on the next boat but?


----------



## pcmfisher (4/9/12)

I got that hoax email twice, 1 minute apart. 
The first to the email address I have with Craftbrewer and the other one to a different email address that has never been sent to Craftbrewer.
I thought that was rather interesting.


----------



## Ross (4/9/12)

pcmfisher said:


> I got that hoax email twice, 1 minute apart.
> The first to the email address I have with Craftbrewer and the other one to a different email address that has never been sent to Craftbrewer.
> I thought that was rather interesting.



Drop me an email & i'll check it out for you, as they only used our mailing lists that I'm aware of.


cheers Ross


----------

