I was a contributor to the GIYUS forum boards and when I initially registered on the forum, the GIYUS forum registration rules imposed the creation of a screenname, submission of an email address, and the creation of a password.
Some days after, the GIYUS administrators posted a message that registration was no longer necessary. This careless and naive administration of the GIYUS forum allowed anonymous arabists to organize themselves and attack en masse. Here's what happened, and let this be a lesson to all of you on security and how low arabist thugs and their cracker/hacker consorts are willing to sink.
Last evening I received a personal email that a personal message was waiting for me on the forum boards.
A few days earlier,I had written to the GIYUS forum administrators, and having never received a response, thought that this email was one. Well, I floated over the link first, saw that it was not really from GIYUS, and prevented my network from receiving a nasty malicious script. Pretty clever those arabist thugs.
With GIYUS not enforcing registration, arabists were able to create a username called adminsupport and that was the name of the "user" who sent me the personal message. I also received hate mail from several IP addresses in Canada, and I'm getting pinged all day from a particularly ornery Canadian server.
Not to worry; my network is fully protected. See, if they can get their game on, so can we.
Here is the email from the GIYUS forum administrators that we received today, informing us of the changes they made. A little too late, GIYUS:
Sorry, GIYUS, but you will always see acts of hatred from arabists. How naive could you be. Folks, I look forward to reading your reactions. And to the arabist fiends in Canada, and all over the world, ma fish falastin, Am Yisrael Chai.« on: Today at 02:04:34 AM »
This morning, August 3rd, we witnessed a massive abuse of our forums by an unknown hate group.The attack came in two parts - the first was a trivial flooding of our forums with Anti-Israeli posts, while the other was far more devious.The spammer registered an account named "adminsupport". He then used the "send personal message" option to send messages to many of our forum members impersonating as the forum admin, asking the receiver to "verify their account" by following a "validation link" or their accounts will be erased. The sample email can be viewed at the bottom of this post.
The site being linked from the email was in fact a "shock site" containing extremely abusive content. This specific site, although annoying and abusive, does not contain Trojans or other viruses and will not attempt to exploit your computer.
You can read more about this site at Wikipedia here.
To prevent further abuse, several security mechanisms were unfortunately needed to be installed, most noticeable are the following -
Users now need to register in order to post new topics or repliesGuests can still view the forums
Registration will now send activation emails, a link in the email must be clicked to validate that his registered email is indeed genuine
Personal messages are now disabled
For future reference, we wish to make it clear that other than the initial registration "Welcome" email, Giyus.Org will never contact you by email unless you specifically requested us to do so.
Emails appearing to arrive from Giyus.Org should be treated as spam and erased.
On a personal note, it saddens us to see such acts of hatred, especially when we have made actual attempts at keeping this forum as open as possible to the public. We hope that the increased security measures will not deter new users from sharing their thoughts and ideas.
We thank you for your patience and hope that we won't see such acts of hatred in the future.
- The Giyus.Org Team
No comments:
Post a Comment