Jump to content
The Dark Mod Forums

Public service warning: Forum passwords hacked?

Springheel

By Springheel
in Off-Topic

 Share

Recommended Posts

Springheel

Springheel

Posted
Posted

I got an email last night with my real name and the forum password in the subject header. It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin. I checked where the message came from and it traveled through the thedarkmod.com domain. I have heard from at least one other person with a forum account that they got a similar email. That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it. I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites. I'm not sure whether changing your password on the forums is a good idea yet or not. I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.

TDM Missions:   A Score to Settle  *  A Reputation to Uphold  *  A New Job  *  A Matter of Hours

Video Series:   Springheel's Modules  *  Speedbuild Challenge  New Mappers Workshop  *  Building Traps

demagogue

demagogue

Posted
Posted

Thanks for the update.

 

Cue "This is why we can't have nice things". -_-

What do you see when you turn out the light? I can't tell you but I know that it's mine.

Goldwell

Goldwell

Posted
Posted

Does wordpress support two step verification for login? I would feel more secure knowing we required a code sent to our personal email in order to be able to login. That way even if someone gained our login details they couldn't get very far unless they also had access to our email (which if you have gmail is very hard to do nowadays given the amount of security protection they use).

 

Btw if anyone wants to check if their details have been leaked online a great resource I use is: https://haveibeenpwned.com/

 

It details what leaked databases your email address is apart of and to what extent the information was leaked.

  • Like 1

Shadows of Northdale Campaign
ACT I: A Curious Mind | ACT II: Down The Rabbit Hole

Stand Alone Missions
Accountant 1: Thieves and Heirs | Accountant 2: New In town | Spring Cleaning | Lord Edgar's Bathhouse | Snowed Inn | Noble Affairs

taaaki

taaaki

Posted
Posted

I'm looking into it now. I haven't received anything on my account, so I don't have a sample mail to have a look at. This kind of blackmail message seems to be fairly common at the moment, but I've not seen one where it includes the password. The To address is usually spoofed so it's unlikely that it originated from the TDM servers - the full email headers will show where it came from. If someone is willing to share the headers of such an email with me (removing anything sensitive), I'd appreciate it.

 

I think it's a good idea to reset your password on the forums (and wordpress if you have an account there). And maybe make a more visible notice to the forum users that there may have been a breach and that passwords should be reset.

 

I'd feel a lot more secure if the forum was actually using HTTPS, like almost everything else does these days. Not seeing a green padlock on a URL which is accepting login and password information is very worrying.

I've been planning on doing this for a while for all the services [wiki | bugs | forums | www | etc.] and I already have the certs via Let's Encrypt, but I've been neglecting the TDM admin stuff due to life things. Will see if I can at least get this done soonish. This is also important single Google will start or has already started deranking results from insecure sites.

I am the bat. The night is mine.

HMart

HMart

Posted
Posted

I don't see any email like that on my inbox so should I be worried?

 

Btw my password is unique to this forum and I assume that if they get it, they can't do anything, unless i sign out? I never do. Also going to https://haveibeenpwned.com/ it seems my email is already out there but I always thought so, in this day and age there's no way someone can protect their email 100%.

  • Like 1
Springheel

Springheel

Posted
  • Author
Posted

Given that this scam has been around for a while and there aren't lots of people from the forum reporting this, it probably isn't coming from here.

TDM Missions:   A Score to Settle  *  A Reputation to Uphold  *  A New Job  *  A Matter of Hours

Video Series:   Springheel's Modules  *  Speedbuild Challenge  New Mappers Workshop  *  Building Traps

Aosys

Aosys

Posted
Posted

I too seem to have been spared from this scam, and checking my email on that site yields no results (thankfully!). So I guess we're okay for now? Still, it'll be nice to see the forums moving to HTTPS, if that is indeed in the works.

stumpy

stumpy

Posted
Posted

i get these emails, but I don't have a webcam, so they are obviously not recording anything, the way they know you read the email is usually a white dot hosted on a hacked website that is in the email the software on the hacked website knows when the image has been accessed, but not by who, if you've got your email set to block images, then the dot in the email doesn't work.

  • Like 1
Destined

Destined

Posted
Posted

I have an account on Wordpress as well, but also have not received any e-mails of this kind (or maybe they landed in my spam folder; cannot completely exclude that).

Anderson

Anderson

Posted
Posted

No such mail arrived for the moment.

"I really perceive that vanity about which most men merely prate — the vanity of the human or temporal life. I live continually in a reverie of the future. I have no faith in human perfectibility. I think that human exertion will have no appreciable effect upon humanity. Man is now only more active — not more happy — nor more wise, than he was 6000 years ago. The result will never vary — and to suppose that it will, is to suppose that the foregone man has lived in vain — that the foregone time is but the rudiment of the future — that the myriads who have perished have not been upon equal footing with ourselves — nor are we with our posterity. I cannot agree to lose sight of man the individual, in man the mass."

- 2 July 1844 letter to James Russell Lowell from Edgar Allan Poe.

stumpy

stumpy

Posted
Posted

i haven't as yet recieved an email containing my password for this site.

although I have recieved those blackmail emails due to having an account on linkedin when it was hacked, and carphonewarehouse when they were hacked, and the makers of the witcher games when they were hacked, and some other websites when they were hacked. when those site stored the passwords as plaintext, instead of encrypted.

  • Like 1
Diego

Diego

Posted
Posted

I didn't receive anything from this forum, but I did get this scam from other sites before. Needless to say, although the email is a scam the information leak seems real. It's password changing time.

AluminumHaste

AluminumHaste

Posted
Posted

I got an email last night with my real name and the forum password in the subject header. It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin. I checked where the message came from and it traveled through the thedarkmod.com domain. I have heard from at least one other person with a forum account that they got a similar email. That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it. I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites. I'm not sure whether changing your password on the forums is a good idea yet or not. I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.

 

https://haveibeenpwned.com/

I always assumed I'd taste like boot leather.

 

nbohr1more

nbohr1more

Posted
Posted

I wouldn't presume that anyone seeing this is compromised.

 

I actually work in email defense and this trend is paired with Spammers who are finding loopholes in anti-spoof policies in the Spam Filter servers.

Any company that accidentally white-lists hostnames or IP addresses (without pairing them together and\or using other attributes) to validate authenticity will get these messages.

 

Too many companies are too worried about losing email messages from legitimate senders so they weaken their email filtering security settings

to ludicrously low and obsolete standards. (Allow no SSL or allow SSLv3 etc, no SPF, no DMARC, continue messages from known bad IP addresses, etc).

 

Now this silly stance is bearing it's fruit.

  • Like 1

Please visit TDM's IndieDB site and help promote the mod:

 

http://www.indiedb.com/mods/the-dark-mod

 

(Yeah, shameless promotion... but traffic is traffic folks...)

AluminumHaste

AluminumHaste

Posted
Posted

On the flip side, I'm tired of getting yelled at because some corporate douche can't get his legit emails so we set their reject level to 10 instead of 5 and they get their stuff, and all the spam too.

It's not simple problem, can't just block all of it.

  • Like 1

I always assumed I'd taste like boot leather.

 

OrbWeaver

OrbWeaver

Posted
Posted

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.

DarkRadiant homepageDarkRadiant user guideOrbWeaver's Dark AmbientsBlender export scripts

AluminumHaste

AluminumHaste

Posted
Posted

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.

 

There's an Australian named OrdWeaver? I can't find anything in Google..... :blink:

I always assumed I'd taste like boot leather.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recent Status Updates

    • jivo

      jivo

      I just uploaded a new version of the Visible Player Hands mod. It's been updated for TDM 2.13 and has new animations. Check out the post if you're interested!
      · 0 replies
    • datiswous

      datiswous

      I moved from Manjaro Linux (rolling release) to Linux Mint (LTS). One of the reasons was that I found the updates a bit too often and long. But now on Mint I get updates every day, although they're usually small updates.
      · 3 replies
    • JackFarmer

      JackFarmer

      "Hidden Hands: Vitalic Fever" - new update available including subtitles & compressed briefing video (thanks to @datiswous) and several fixes.
      · 0 replies
    • Wolfmond

      Wolfmond

      🇬🇧

      2025-04-20
      I'd like to track my level design progress a bit more often now, so I'm using the feed in my profile here.
      I've been working intensively on Springheel's YouTube course over the past few days. I'm currently up to lesson 8. There is so much information that needs to be processed and practiced. 
      I have started to create my own house. As I don't have the imagination to create a good floor plan, I grabbed a floor plan generator from Watabou and experimented with it. I chose a floor plan that I will modify slightly, but at least I now have an initial idea. 
      I used two guards as a measuring tape: The rooms are two guards high. It turned out that I can simply double the number of boxes in DarkRadiant in grid size 8 that are drawn in the floor plan. 
      I practiced the simplest things on the floor plan first. Drawing walls, cutting walls, inserting doors, cutting out frames, creating VisPortals, furnishing rooms.
      I have had my first success in creating a book. Creating a book was easier than I thought. I have a few ideas with books. The level I'm creating will be more or less a chill level, just for me, where I'll try out a few things. I don't have an idea for my own mission yet. I want to start small first.
      For the cellar, I wanted to have a second entrance, which should be on the outside. I'm fascinated by these basement doors from the USA, I think they're called Bilco basement doors. They are very unusual in Germany, but this type of access is sometimes used for deliveries to restaurants etc., where barrels can be rolled or lifted into the cellar. 
      I used two Hatch Doors, but they got completely disoriented after turning. I have since got them reasonably tamed. It's not perfect, but it's acceptable. 
      In the cellar today I experimented with a trap door that leads to a shaft system. The rooms aren't practically finished yet, but I want to continue working on the floor plan for now. I'll be starting on the upper floor very soon.

      __________________________________________________________________________________
      🇩🇪

      2025-04-20

      Ich möchte nun mal öfters ein bisschen meinen Werdegang beim Leveldesign tracken, dazu nutze ich hier den Feed in meinem Profil.
      Ich habe mich in den vergangenen Tagen intensiv mit dem Youtube-Kurs von Springheel beschäftigt. Aktuell bin ich bis zu Lektion 8 gekommen. Das sind so viele Informationen, die erstmal verarbeitet werden wollen und trainiert werden wollen. 

      Ich habe mich daran gemacht, ein eigenes Haus zu erstellen. Da mir die Fantasie fehlt, einen guten Raumplan zu erstellen, habe ich mir einen Grundrissgenerator von Watabou geschnappt und damit experimentiert. Ich habe mich für einen Grundriss entschieden, den ich noch leicht abwandeln werde, aber zumindest habe ich nun eine erste Idee. 

      Als Maßband habe ich zwei Wächter genommen: Die Räume sind zwei Wächter hoch. Es hat sich herausgestellt, dass ich in DarkRadiant in Gittergröße 8 einfach die doppelte Anzahl an Kästchen übernehmen kann, die im Grundriss eingezeichnet sind. 

      Ich habe bei dem Grundriss erstmal die einfachsten Sachen geübt. Wände ziehen, Wände zerschneiden, Türen einsetzen, Zargen herausschneiden, VisPortals erstellen, Räume einrichten.

      Ich habe erste Erfolge mit einem Buch gehabt. Das Erstellen eines Buchs ging leichter als gedacht. Ich habe ein paar Ideen mit Bücher. Das Level, das ich gerade erstelle, wird mehr oder weniger ein Chill-Level, einfach nur für mich, bei dem ich ein paar Sachen ausprobieren werde. Ich habe noch keine Idee für eine eigene Mission. Ich möchte erst einmal klein anfangen.

      Beim Keller wollte ich gerne einen zweiten Zugang haben, der sich außen befinden soll. Mich faszinieren diese Kellertüren aus den USA, Bilco basement doors heißen die, glaube ich. Diese sind in Deutschland sehr unüblich, diese Art von Zugängen gibt es aber manchmal zur Anlieferung bei Restaurants etc., wo Fässer dann in den Keller gerollt oder gehoben werden können. 
      Ich habe zwei Hatch Doors verwendet, die allerdings nach dem Drehen vollkommen aus dem Ruder liefen. Inzwischen habe ich sie einigermaßen gebändigt bekommen. Es ist nicht perfekt, aber annehmbar. 
      Im Keller habe ich heute mit einer Falltür experimentiert, die zu einem Schachtsystem führt. Die Räume sind noch quasi nicht eingerichtet, aber ich möchte erstmal am Grundriss weiterarbeiten. In Kürze fange ich das Obergeschoss an.



      · 2 replies
    • JackFarmer

      JackFarmer

      On a lighter note, thanks to my cat-like reflexes, my superior puzzle skills and my perfect memory, I was able to beat the remastered version of "Tomb Raider: The Last Revelation" in a new superhuman record time of 23 h : 35 m, worship me!
      · 5 replies
×
×
  • Create New...