Page 1 of 1
buzzmachines got hacked?
Posted: Thu Mar 10, 2016 9:28 pm
by n3wjack
I know the site has been in zombie mode for a while with all the php error but just today I got an email from haveibeenpwned.com informing me there's a "paste" out with user account info from buzzmachines.
The paste is here: xxx
So to anyone with an account there, make sure the password you're using there isn't used for anything else that matters.
Re: buzzmachines got hacked?
Posted: Fri Mar 11, 2016 2:02 pm
by mcbpete
Jesus, and the [terrible] password encryption took my computer <1 second to decrypt my hashed password
Thankfully that email and password hasn't been used for well over a decade ....
Re: buzzmachines got hacked?
Posted: Fri Mar 11, 2016 5:06 pm
by n3wjack
Yeah, looks like a simple md5 hash oslt.
Problem is the php code is old and old code is often insecure code as technology evolves so quickly.
A good reason to use a random & complex password.
Unfortunately I didn't, but at least I didn't recycle it anywhere else.
Re: buzzmachines got hacked?
Posted: Fri Mar 11, 2016 7:49 pm
by mik82
Judging by my profile information on that hack, it's a long time since I used it. I'm probably a bit more security conscious now!
Re: buzzmachines got hacked?
Posted: Sat Mar 12, 2016 5:03 pm
by oskari
I had this email-exchange with mva:
Code: Select all
Hi Oskari,
Where did you get the word that the site was compromised? Looks to run fine by me.
Best,
Marc
> On 12 Mar 2016, at 00:38, Oskari Tammelin <ot@iki.fi> wrote:
>
>
> Please put the site down. Apparently all user-info got leaked and it might be already serving malware or whatever.
>
I hope it will be resolved soon.
Re: buzzmachines got hacked?
Posted: Mon Mar 14, 2016 11:32 am
by Buzztler
oskari wrote:I had this email-exchange with mva:
Code: Select all
I hope it will be resolved soon.[/quote]
@oskari
I'm glad you took the time to contact mva, 'cause imo buzzmachines dot com is still a very important-site for the "buzzscene". Wikipedia and almost all other articles about buzz refer to the site!
I still don't know how mva comes to the statement the site would be fine. Almost every comment on the titlepage is completely outdated ... some "kabir" gives only hints on some ads in the effects-revision section, the themes section is also broken up with spam and the effects section on the main page has a totally corrupted title section, not really trustworthy ... and the big machine packs still give a virus alert for example with avira ... anyway buzzmachines is an important site (imo) and it would be really fantastic (and many thanks in advance), if mva could fix the errors and will be motivated to have a look at it in the future ... .
Re: buzzmachines got hacked?
Posted: Mon Mar 14, 2016 11:51 am
by mcbpete
oskari wrote:I had this email-exchange with mva:
Code: Select all
Hi Oskari,
Where did you get the word that the site was compromised? Looks to run fine by me.
Best,
Marc
.
Hasn't it been spitting out php error messages for months and months (if not years) now ? Certainly doesn't appear to have been running 'fine' for a very long time !
Re: buzzmachines got hacked?
Posted: Mon Mar 14, 2016 4:33 pm
by oskari
cyan got it fixed quite quickly
the prob is finding a replacement site though. joachip has been working on it but it might still take a while.
Re: buzzmachines got hacked?
Posted: Sun Apr 03, 2016 8:20 pm
by Shytan
Talking about the replacement site.. Well, I could host the machines at
BuzzTunes.org. In a separate subsection or a subdomain or whatever. Provided I get the idea of how much disk space I'll have to dedicate and a DB dump would be useful, I reckon.. Who's in charge of buzzmachines currently, let me know. I'm willing to help. The best I can, of course.
Re: buzzmachines got hacked?
Posted: Thu Jun 02, 2016 1:52 pm
by Joachip
Downloading from my new site works already:
http://buzz.robotplanet.dk/
Logins will be given to developers once the site is more mature, but it's probably not gonna be a community site where every user needs a login.
Re: buzzmachines got hacked?
Posted: Sun Jul 17, 2016 5:01 am
by szaszhareen
Joachip wrote:Downloading from my new site works already:
http://buzz.robotplanet.dk/
Logins will be given to developers once the site is more mature, but it's probably not gonna be a community site where every user needs a login.
looks great, and it is nicely sorted. bet the search is hugely improved as well. many thanks!
