Craftbrewer Hoax!

Australia & New Zealand Homebrewing Forum

Help Support Australia & New Zealand Homebrewing Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Brewers,

As soon as we put the site back up, the spammers were instantly in so i've pulled the site back down.

Passwords may have been comprimised so please take action on any other accounts that may be using the same password.
Really sorry.... i need a drink!!!

Ross

Sorry to hear that Ross, I'm sure we all wish you the best best in getting on top of these guys as soon as possible. No one here would blame the Craftbrewer team for what has happened, but we are a little concerned about the thief of our personal details as you would appreciate.
Looking forward to seeing your site up and running again soon, chin up old boy!

Batz
 
Man i hate scammers! they should be strung up.

I wish i could remember what password i was using? I cant so i am going about changing all others.

Good luck Ross and CB team in getting it sorted.
 
Shouldn't affect your sales. The attack isn't so much an attack on you, it's an attack on us.
 
Just a bit more on this, I just checked my spam box (gmail) to see if I had anything else. There was an email from a brewer here in Queensland, first and second names but a yahoo account, [email protected], not the name but you get the idea.
All it had was "Hey Batz" and a link to click on, I don't believe this is their email and I didn't open the link.

I have no idea if the craftbrewer hacking is connected but it does look suss, just a heads up to beware. My knowledge of this sort of stuff and computers is about the same as females, I've had both for years but still don't understand how they work.

Batz
 
I have no idea if the craftbrewer hacking is connected but it does look suss, just a heads up to beware. My knowledge of this sort of stuff and computers is about the same as females, I've had both for years but still don't understand how they work.

Batz
Plus 1
:lol: best thing ive read all day
 
Might be time to change hosts? Generally a site can only be hacked if the server contains a security vulnerability. So either the server isnt fully patched or the the OS or associated software has a known bug that hasnt had a patch released yet. What version of Plesk is being run on this server? Anything below a fully patched v11 should not be trusted
If I remember correctly (and it has been along time since I checked), the site is written in php. Not 100% secure no matter where you host it. Anyway, I'm sure Ross has got his boffins on to it.

Everyone concerned about this issue - if you change passwords anywhere you use the same one as at Craftbrewer then everything should be safe enough. If you willingly gave out your payment details by buying free postage then cancel your card asap then slap yourself in the face for being so gullible.
 
You can also slap u bum for suggesting you are gullible.

anyway, sad to see you gettign targetted Ross. Hope you get on top of it.


Re passwords.. hmnnn.... I think I might start using per website email addresses. Not that I'd ever use the same password for web services with different levels of importance to me but this kind of attack is fairly un-nerving. I reckon the only way to stay clear of scammers is to keep a low profile.
 
if you change passwords anywhere you use the same one as at Craftbrewer then everything should be safe enough.

How do these hackers know what other sites I have entered the same password?

Surely they'd have to then hit me up for my cookies?

But how do they know who I am?
 
How do these hackers know what other sites I have entered the same password?

Surely they'd have to then hit me up for my cookies?

But how do they know who I am?


It's the force young skywalker.................
 
Bugger I got one too. Best of luck with it Ross. I'm glad I have been watching this even though I think I'm not that gullible <_<
 
How do these hackers know what other sites I have entered the same password?

Surely they'd have to then hit me up for my cookies?

But how do they know who I am?

They certainly don't need your cookies; they're generated on login. Most likely they would plug the username/email and password into various other sites (facebook, twitter, google, yahoo, hotmail accounts etc) first, and if they gain access, usually they'll just use the account for spam. One of my twitter accounts was accessed without my authorisation using this method, thankfully it was caught very quickly (and I've stopped being so lazy with my passwords!).

Many people will use the same username/email and password across many sites, meaning they can simply plug a whole harvested database into an automated process to do all the work for them; sometimes that will often be doing the actual spamming, other times it may simply verify the details work so they can sell them on. They're simply playing the numbers, sadly it's so a big number who use the same details everywhere (or close enough to it).

At the end of the day, they don't care who 'you' are.
 
They certainly don't need your cookies; they're generated on login. Most likely they would plug the username/email and password into various other sites (facebook, twitter, google, yahoo, hotmail accounts etc) first, and if they gain access, usually they'll just use the account for spam. One of my twitter accounts was accessed without my authorisation using this method, thankfully it was caught very quickly (and I've stopped being so lazy with my passwords!).

Many people will use the same username/email and password across many sites, meaning they can simply plug a whole harvested database into an automated process to do all the work for them; sometimes that will often be doing the actual spamming, other times it may simply verify the details work so they can sell them on. They're simply playing the numbers, sadly it's so a big number who use the same details everywhere (or close enough to it).

At the end of the day, they don't care who 'you' are.

Good thing my password rule (posted above) works fine for this, hey? ;) Very simple to beat these masterminds.

And if they do spam via my **** ... who GAF?

People take their internets too seriously.
 
Maybe GLS is importing cheap Chinese hackers to bring down ross's site so he can break into the hop market
 
good luck, Ross hope things sort themselves out, if a linching party is required for sorting this lolife scum out, I can see you won't have to look too far for assistance, look forward to see thing back up and runnning soon, I sure most of your regulars still know how to use the phone for their orders :blink:

Mike
 
Well I've been left out no dodgy e-mail for me, hope the site is back up soon, I have to get my fix of looking at things I want but can't afford then somehow justify the expense :lol:
 
Good thing my password rule (posted above) works fine for this, hey? ;) Very simple to beat these masterminds.

And if they do spam via my **** ... who GAF?

People take their internets too seriously.

They would use the username p/w combo in a generator on heaps of sites. What they do with that info...

http://xkcd.com/792/
 

Latest posts

Back
Top