Here we go...
 

...again, Roadster forum mark 2!

I'm sorry that this misfourtune has befallen this forum, when, I believe it was intended for me, personally.

This tale should be a warning to everyone who has an online presence, this is what I'd reccomend.

Don't use the same password on different sites, and it's probably best to use different usernames. My account was hacked on three different forums and my ebay account too. There was an attempt to get into my paypal account which failed.

I can't say anything about who might have caused these problems - I don't know. I'm told that Haynes have traced the culprit though.

I think we should put this behind us and move on with a sense of purpose that will shame the person or persons responsible.

I have a couple of quotes that seem apropriate

One's best success comes after their greatest disappointments. - Henry Ward Beecher

The robbed that smiles, steals something from the thief. - William Shakespeare, Othello

Cheers

Chris :)

good to see you back m8 lets hope that we dont have any more problems and hope you had a good break

just a little question was there a back up of the forum laying around some were ???? if not, not to worrie

I don't think there was, but I'll ask.

Cheers

Chris :)

glad the forum is back up & it really shows how much it means to so many people, it was missed by all, we,ll go from strength to strength & long may it continue.:) :) :cool:

andy

Its always a shame that some people think web crime is not a crime and i for one would punish them with the law.
The most important thing on any forum is the people, i know we may have lost some data but i am sure we can regain most of it in time.

The Roadster is here for a long time, there is huge respect amongst the kit car builders for anyone who can start with just some tubes and sheets of metal and produce a car.

Perhaps a thread of what's missing so we can put back any lost info.

No need to apologise Chris - not your fault that some people decide to take offence. Now be a good boy and don't cause any trouble :p

:D

I'll do my best, can't promise anything though :p

Cheers

Chris :)

Welcome back Chris
 

Welcome back Chris

I hope all of this did not put too much of a damper on your holiday :(

This forum will not take too long before it is better than ever. ;)

Just having the forum back online is good enough for me, I am sure that you will continue to recieve the full support of each & every forum member.

Very timely reminder about user names & passwords ;)

Usernames and passwords
 

Cant agree more re using different passwords on various forums,i have only had this problem of hacked accounts once in the 10+ years of using the interweb but once was enough to prompt me to alter my settings.

being an it geek i have allways used different passwords for all things of importance e.g accounts with admin access etc.

what most dont realise is that the poeple who own/run forums can retrieve a users password if they know how to open up the correct table and extract the data.

I suspect the attack was from a person that had full access to another forum database to extract the password that chris used. unfortunatly chris's password was the same on all forums and unfortunatly on this forum it was an admin account.

Not actually true. Most systems use a forward encryption system to ensure passwords are not stored in clear text. The only way to recover would be by brute force, trying every combination, but that could take weeks or even months.

Would that apply to all systems, though, even if they were quite old?

Pretty much every system I've used in the last 10 years does it that way, it's not exactly new technology! In fact, I say 'pretty much', but I can't think of a single exception.

There is at least one forum i'm on that doesn't use the new tech. But yes most of them do encrypt the info.

i have done a lot of work on sql databases in my time and the encryptions are not hard to get around if you know what you are doing. ;)

i run a phpbb forum and have got users passwords out of the tables and decrypted them when they have forgot thir passwords. takes about 5mins if you have the correct tools.

Sorry, that's utter bollocks, written by someone that can't even spell 'encryption', let alone be expected to understand how it works. The whole point of a forward encryption system, for example md5, is that the only way around it. Unfortunately for you, you're picking on my specialist subject as I'm a security analyst contractor working mainly for the high street banks.

Pretty much any PHP+MySQL web application will use either md5 or SHA1 to secure the passwords in the database. Whilst md5 has been shown to be insecure, it's not a trivial job to crack it, and only works in a limited number of cases. For the level of security required for sites like this, I would personally consider it perfectly secure enough, but I wouldn't want to send my credit card number in public view using it. It's also easier on the CPU than SHA1, so on a busy site it could improve performance.

SHA1 again has weaknesses in a tiny number of cases. I've yet to see a hack attempt on any system I've worked on that relied on a weakness in it, and if they guys I have to defend against don't know how to do it, nobody does. It is heavier on the CPU though, which is why most sites will stick with md5.

In short, if you can decode someone's password in a few minutes then your implementation is either stupidly out of date or has been written by a complete idiot.

now now, play nice...

I think it's best that we leave this topic and move on, what's done is done and this discussion is just raking it all up.

Cheers

Chris :)

I like the new Avitar Chris :cool: :cool: :)

Any news on the release date for the new book ;)

Thanks mate, it was taken at Capesthorne hall in 2008.



There is some news about the new book, it's not good though. I'm afraid because of some missed deadlines and Haynes expansion and consequent heavy work load the books been delayed until May/June next year. :(

Cheers

Chris :)

cheers for spotting my spelling mistake the I and Y are very close together.

im guessing you made one on your user name thewinker :D im guessing you have a foreign keyboard as the I and the A are miles apart on an english one.

At least it will give HandyAndy time to complete the Roadster before he starts work on the single seater :D :D

Hmm, havn't heard that one before, lol. :D

Hurdy gurdy.....:confused:

That's a dreadful thing to say, and I think you should withdraw it promptly. It's one thing to disagree with someone, but you have gone well beyond that.


I've quoted that sentence, from your post, in its entirety. There seems to be something missing from it. Let he who is without sin..........

:D
phew, a sigh of relief there Ronnie, yes indeed i,ll get the Roadster finished before i start on the single seater ;)

Chris........are we now able to have avatars on our profiles?
yours looks great:cool:

cheers
andy:)

I don't know mate!

You'll have to check, click "user CP" at the top and then "edit avatar". Then click "use custom avatar" and enter a URL or click "browse" to upload a picture from your computer.

HOWEVER

I don't know if avatars have been enabled for everyone, or just me.

Cheers

Chris :)

ok , Cheers Chris, i,ll have a go at that & if it works i,ll put up my avatar, thats if i can work out how to do it.:eek: :o

cheers
andy

Its only chris thats allowed one... Bummer...

:eek: are you allowed to call him that? :D

No fair! elitism, thats what it is!!!!:p

I'll ask again, it fell on deaf ears last time though ;)

Cheers

Chris :)

BTW "bummer" takes me back, it was the no1 insult when I was at school :D

The saying in Wales was "toooooo baaaaaaad" whilst rubbing yer chin...:D :D How daft is that but at the time it was the "thing" to do and say:rolleyes: