it appeared we got hacked by a virgin, and i figured it out this morning. I think it/she/he came from Iran by looking at the logs

this is the redirect I found
74-33 - 0/0/174877 . 0.15 28253 699 0.0 0.00 3469.07 204.116.125.188 sim-outhouse.com GET /index.php?lloc=http://217.218.225.2:2082/index.html? HTTP/


this happened last night between 11-12:30 server time

CHANGE YOUR PASSWORD IF YOU TRIED TO LOGIN

Yep, you've been offline all morning.

Thanks for fixing it :medals:

I was sick worried last night, Last time i logged in was about 9pm (EST) I tried to log in again at about 3am, and was unable to... a friend told me not to use my password ever, cause they suspect it is being hacked, locked for some reason... I used my password anyway... now, i have to change password..the hacker might have gotten it somehow!!

Thank God everything's back to normal!!!!

Eli :running:

PS...

Thanks Ickie!! :icon29:

This is really starting to become annoying. Why don't these pimple-faced hackers climb out of their parents' basement and discover women and sports like the rest of us? :angryfir:

yes change your password, if you have given it durning the outage trying to log in, this is what they may have been looking for.

send him/her a trojan for me, will ya? :173go1:

Glad I didn't try to login. It displayed a login popup window, but I thought It was some admin thing and didn't bother LOL.

I changed mine, thanks.

Slimey bastages!! Changed. :sleep:

I suspected it when I saw the Login window, so I didn't attempt to log in. Figured the word would come down eventually.

I wonder if it's just Flight Sim sites or if these people are just working overtime on hacking anything they can?

Jim

This is really starting to become annoying. Why don't these pimple-faced hackers climb out of their parents' basement and discover women and sports like the rest of us? :angryfir:

:icon_lol::icon_lol::icon_lol::icon_lol:

I figured a new configuration -- the first time,
but my second thought was -- not good -- Poor Ickie is going to be losing sleep (again).

It did occur to me that I had used my password but by then . . . .

Changed now.

I and canelo are looking over files and folders, this was just too easy to find and fix. I suspect they were looking for passwords and got them too, but they made it so simple to find, makes me wonder. They ought to have known that we would tell everyone to change their passwords. ...it doesn't make sence...........

more to come.

To be honest, it doesn't necessarily have to make sense. They know, much like a telemarketer making sales calls, that they will indeed get a small percentage of passwords that will indeed work, or that they may be able to utilize these same usernames AND passwords.

What's also to say that they didn't get the e-mail addresses based off the accounts of said users, and now that they have the passwords are not attempting to hack the e-mail addresses as well (Lord knows so many of us for our sanity use the same passwords).

Point is, as I see it, if you used your password like I myself did, then you need to make a round of password changes.

Yeah Ickie... thanks for the head-up!

But, like a moron, I typed-in my password, thinking it was some glitch due to SOH's overhaul...

I'm not getting younger, and getting used to a new password (which I changed per your instructions) won't be easy.

Iran you say? If the hacker is caught - assuming that he's not working for Mahmoud junta - I hope that hand-cutting is still in fashion over there.

they did only get user name and password if you did indeed try to login
the rest was hidden behind the site not working.

if you want to change your email addy dont ask me to do it for you as I have too much to do.

ah man, this sucks. at least i got it changed, so im good. keep the good work up ickie!

Yup, thanks for the hard work. These hackers can be rather annoying.

I made a post here at 11:50 EST last night and was chatting on Teamspeak with another member. He went to check my post and ran into the problem so "right on Midnight" is the time frame.

First reaction was: "This isn't normal, don't do it!" so I never tried to submit name/PW -- whew!

May want to consider forcing ALL to replace theirs, so those that DID fall prey (yeah, me too...:blind:) will be forced to make the change here...

Dumb question dept.: I changed my password, but I was wondering were I to change my email addy to one using Yahoo, would it work? I originally used the ISP provided mailbox because I couldn't join with Yahoo.

Bob

If you tried to log in also and gave them your user name and password there are some other changes you need to make.

If you use the SOH password anywhere else change that as well. Never use the password at this or anyother site as the password for you bank account or email account. They know this is what people do so thats what they are after.

If your email registered with SOH matches the email address you have with your bank (assuming you are doing online banking) change the email address you have registered with your bank to something else. This includes paypal. How many users here have the paypal email address the same as the SOH email address? Of those people somebody is using the same password for both.


Here are some does and don'ts for security reasons.

Forums, Social networking sites, and non financial sites get a unique email address it can be common for the group.
Online banking, sites where you pay your bills get a seperate unique email address. It also can be common.
Passwords for forums, social networking or other non financial sites can have a common password
Passwords for all banking activities and bill payments must be complexed and unique. Never make them the same. Not even from one banking insitution to another.
The definition of a complex password

Lower case letters
Upper case letters
numbers
special characters (some sites do not allow special characters or limit which ones you can use)
My suggestion is make all of your banking and bill pay passwords as complexed as possible.

Never make them related to anything about you. example don't use birthdays, Wedding dates or anything else that relates directly to you or your family. ie names

Yeah Ickie... thanks for the head-up!

But, like a moron, I typed-in my password, thinking it was some glitch due to SOH's overhaul...

I'm not getting younger, and getting used to a new password (which I changed per your instructions) won't be easy.

Iran you say? If the hacker is caught - assuming that he's not working for Mahmoud junta - I hope that hand-cutting is still in fashion over there.

Hell with the hands. Let's cut off the thing his hands play with. I had to change my password too.

thanks for info i changed my login pass just now :kilroy:

had to change my password, I'm sure they got it

well, least everything's back to normal (sort of)

This puzzles me a little...
So they get a lot of login/passwords for SOH, then what?
I had assumed they might be after email addresses (but which Ickie says was safe)

Iran, eh?
Ralph posts this thread (http://www.sim-outhouse.com/sohforums/showthread.php?p=204735#post204735), and within the hour there's a hack.
I do not believe in co-incidence, someone is watching us...

This puzzles me a little...
So they get a lot of login/passwords for SOH, then what?
I had assumed they might be after email addresses (but which Ickie says was safe)

Iran, eh?
Ralph posts this thread (http://www.sim-outhouse.com/sohforums/showthread.php?p=204735#post204735), and within the hour there's a hack.
I do not believe in co-incidence, someone is watching us...

Now don't you think that is a tad paranoïd? That thread was about a flight to different countries, including a few muslim countries... And yes, the redirect was done towards some IP address in Iran, but come on!

Let the admins sort it out, no sense in that sort of thing really.

...
;)