buzzmachines got hacked?

[n3wjack]

I know the site has been in zombie mode for a while with all the php error but just today I got an email from haveibeenpwned.com informing me there's a "paste" out with user account info from buzzmachines.

The paste is here: xxx

So to anyone with an account there, make sure the password you're using there isn't used for anything else that matters.

[mcbpete]

Jesus, and the [terrible] password encryption took my computer <1 second to decrypt my hashed password Thankfully that email and password hasn't been used for well over a decade ....

[n3wjack]

Yeah, looks like a simple md5 hash oslt.
Problem is the php code is old and old code is often insecure code as technology evolves so quickly.
A good reason to use a random & complex password.
Unfortunately I didn't, but at least I didn't recycle it anywhere else.

[mik82]

Judging by my profile information on that hack, it's a long time since I used it. I'm probably a bit more security conscious now!

[oskari]

I had this email-exchange with mva:

Code: Select all

Hi Oskari,

Where did you get the word that the site was compromised? Looks to run fine by me.


Best,

Marc

> On 12 Mar 2016, at 00:38, Oskari Tammelin <ot@iki.fi> wrote:
>
>
> Please put the site down. Apparently all user-info got leaked and it might be already serving malware or whatever.
>

I hope it will be resolved soon.

[Buzztler]

I had this email-exchange with mva:

Code: Select all

I hope it will be resolved soon.[/quote]


@oskari 

I'm glad you took the time to contact mva, 'cause imo buzzmachines dot com is still a very important-site for the "buzzscene". Wikipedia and almost all other articles about buzz refer to the site! 
I still don't know how mva comes to the statement the site would be fine. Almost every comment on the titlepage is completely outdated ... some "kabir" gives only hints on some ads in the effects-revision section, the themes section is also broken up with spam and the effects section on the main page has a totally corrupted title section, not really trustworthy ... and the big machine packs still give a virus alert for example with avira ... anyway buzzmachines is an important site (imo) and it would be really fantastic (and many thanks in advance), if mva could fix the errors and will be motivated to have a look at it in the future ... .

[mcbpete]

I had this email-exchange with mva:

Code: Select all

Hi Oskari,

Where did you get the word that the site was compromised? Looks to run fine by me.


Best,

Marc

.

Hasn't it been spitting out php error messages for months and months (if not years) now ? Certainly doesn't appear to have been running 'fine' for a very long time !

[oskari]

cyan got it fixed quite quickly

the prob is finding a replacement site though. joachip has been working on it but it might still take a while.

[Shytan]

Talking about the replacement site.. Well, I could host the machines at BuzzTunes.org. In a separate subsection or a subdomain or whatever. Provided I get the idea of how much disk space I'll have to dedicate and a DB dump would be useful, I reckon.. Who's in charge of buzzmachines currently, let me know. I'm willing to help. The best I can, of course.

[Joachip]

Downloading from my new site works already:
http://buzz.robotplanet.dk/
Logins will be given to developers once the site is more mature, but it's probably not gonna be a community site where every user needs a login.

[szaszhareen]

Downloading from my new site works already:
http://buzz.robotplanet.dk/
Logins will be given to developers once the site is more mature, but it's probably not gonna be a community site where every user needs a login.

looks great, and it is nicely sorted. bet the search is hugely improved as well. many thanks!