Is Parallels spamming me???

Discussion in 'Parallels Website and Forum' started by ATXP, Aug 8, 2007.

  1. czenzel

    czenzel

    Messages:
    14
    By members lists I ment the member profile stuff. The member's public information is listed on the web site. The member public profiles should be locked so only members can see them (such as other forums).

    When I googled my nickname my Parallels profile came up as one of the first results. Parallels should not allow profile information to show on search engines as spammers do use search engines for spamming in e-mail and also web site attacks. (they should block search engine bots and other bots from crawling the member profile pages).

    Off-topic: Sorry to be off-topic, but speaking of spamming and attacks: there was an intresting article on MSNBC today about e-mail spamming: http://redtape.msnbc.com/2007/08/if-you-think-a-.html
     
  2. Dave Ruske

    Dave Ruske

    Messages:
    10
    I notice that 74.53.243.34 has stopped responding to pings; apparently, the administrators at theplanet.com took action.

    I can't help but wondering what someone thought they'd accomplish by hacking into a support board that anyone could freely sign up for. Even if the goal was to exploit the vBulletin software somehow, why do an obvious brute force attack when you could slip in quietly? Anyone have a guess?
     
  3. BeyondCloister

    BeyondCloister

    Messages:
    15
    Once logged in as a member they can then get the email address for that member and then use the email address for sending spam to. They could also log on as that user and post spam to the forums.

    If they had a bit more intelligence they could then pair up the password with the user name to try and gain access to other forums as some people use the same everywhere.

    It would have probably been an automated process which just searched the internet for any site running this forum software. Searching for the phrase 'Powered by vBulletin' makes finding such sites very easy.
     
  4. ariell

    ariell

    Messages:
    67
    Great! But now my password is still the eight number code (which I requested), but when I try to manually change it by clicking My Account, I can't change the password to log into the forum. How do I do this?
     
  5. am3n3

    am3n3

    Messages:
    4
    Good of you to mention this. Different forums offer various degrees of privacy in how much of your profile is displayed. I didn't even think about this until now.
     
    Last edited: Aug 9, 2007
  6. Dave Ruske

    Dave Ruske

    Messages:
    10
    I did this by mistake, too. The "My Account" is a different password, the one you might have used to download or purchase Parallels software. Click the "User CP" link instead (in the gray horizontal navigation bar below "Parallels Support Forum," the left-most option). From there you'll get a link to "Edit Email & Password" for the forum account.
     
  7. ariell

    ariell

    Messages:
    67
    Perfect. Thanks.
     
  8. barryw

    barryw

    Messages:
    27
    Great! A user database that can be accessed by search engines! Good work, Parallels. The post by the admin said "We have fixed this attack." What were the results of the attack? How much information was accessed?

    Now - I will repeat one of my questions. How can I get my username deleted from this site?

    Ironically, I got an email from parallels today offering me a whole $5 off the Mac Desktop 3.0 product. Maybe a change in an email address is next.
     
  9. Dave Ruske

    Dave Ruske

    Messages:
    10
    So, there's a public list of user handles, many or most of which could've also been harvested from posts on the board. That's all the attacker likely got, unless someone set their password to "12345" (hey, that's the combination on my luggage!). So all the attacker knows, most likely, is that someone goes by the handle "barryw" on this forum.

    That's all I know about you, right now, and I could perform the same attack by simply attempting to log in as "barryw" 5 times, with 5 wrongly guessed passwords.

    I can't speak to how Parallels fixed the attack, but if I were them, I would've simply blocked the IP address. That puts a quick end to it, unless the attacker starts again from a different address.
     
  10. jvgfanatic

    jvgfanatic

    Messages:
    44
    Members lists for most forums have been public since, well, since I've been posting on forums anyway. If you see it as a problem then please do not associate it with Parallels specifically, rant about the much, much, much bigger issue.
     
  11. Hugh Watkins

    Hugh Watkins

    Messages:
    950
    google is my friend

    I want people to find me because as a genealogist I like to help reunite families

    Hugh W
     

Share This Page