Has PalmTalk been hacked??

[Moose]

I immediately went to my e-mail and deleted the !@#%$^&* sight unseen. I looked at the image John posted and agree the English is stilted and phony.

Meg - I am shocked with your language! Did not think you had a "dark side" LOL * *

[FRITO]

I felt it was funny because off the english. felt 'scamaroony' to me.

I did notice deans email however and wanted my free palm!

[John in Andalucia]

I Googled the link and up came mention of it on PalmTalk, and similarly on another Invision Board forum. Looks like a security flaw with Invision Board, then.

[rozpalm]

I opened it, clicked the link, waiting for the Java to load and nothing happened on the page...

I'm disapointed. I want to play the palm game.

Be careful, as it may be loading one of those fake viruses on your PC where they try to extort your credit card informatioin to fix it.

I got one of those recently while reading a webpage about hotsauce made in a prison... Go figure.

Took me nearly a full day to get all the pieces of the program out of my computer. It spidered into many different locations and it was almost like if all parts weren't removed the remaining parts would rewrite the missing parts on the following reboot. It was a royal PITA.

If that ever happens again, Malwarebytes can remove them 99% of the time and the software is free.

[gyuseppe]

arrived as spam, I saw something no I liked, I have not made any Click, and I eliminated

[freakypalmguy]

i think it was mattyb.he is a known DELATIOR.

It's gotta be him, OFF with his head.

If not for this email, I would have never known, as it was in my Yahoo spam folder.

[Corrosion]

Viva la france. Anyway whatever it is it wont bother my mac thousands of palms,, gee too good to be true.

[PALM MOD]

I've been working on it. No answers yet, just some clues.

[MattyB]

I'm a delatior........ahhhh brings back memories of when I only received death threats, not pesky spam. Those were the good ole days.

[PALM MOD]

For those interested in what happened, this is what I know so far.

The logs show someone logged in as me and gained access to the Admin Control Panel which then allowed a bulk emailing of the email many of you received. It's a simple function that emails all members automatically, so this party never even saw any of your information.

Needless to say, if I am reading the logs correctly and my password was used, I am worried how that occurred. That info is in the DataBase, but that is supposedly secure. But nothing is totally secure, and it is a constant battle to patch security flaws that hackers find in any software.

I have taken some steps to make it almost impossible to access the Admin Control Panel, even if my password is compromised again. However, if someone has discovered a way to access the DataBase through a hole in the Invision Software, then we may still have a problem until it is patched.

So in other words, we may have prevented this from happening again, or we may not have. Unless they gained access directly through the server, I think we will be OK. But as always, never click on links in your emails, unless you are 100% sure they are legit. Always patch your Windows and Mac operating systems regularly. And update your anti-virus software and your malware software every few days.

My computer would not let me access the link in that email. My Mac security said a third party was requesting "unrestricted access" to my computer. That doesn't sound good. So for any of you that clicked on the link without up to date security programs in place, you should update and scan your computers with what ever you are using for security.

But from the very colorful language I have been receiving back from some of you, it appears as if the link contained some offensive material, along with some possibly dangerous software. We apologize, and this is a good example for any of you who have been inconvenienced by the security measures we have in place, and the extra steps and time needed before you are admitted to PalmTalk. Unfortunately, the extra security is needed these days.

[osideterry]

I've been working on it. No answers yet, just some clues.

So you have clues means you're not stumped? :drool:

Edited October 13, 2009 by osideterry

[palmazon]

I don't recall reading anything in the PalmTalk policies and guidelines allowing this sort of behavior

[palman]

DELETE THAT STUFF........

[Morabeza]

Thank you Dean for all the extra work you are putting in to remedy this such a vexing situation.

For me, the most unusual thing is that my hotmail acct didn't recognise the email as spam, possibly because the sender's email address was " d.ouer@mac.com ".

Does this mean that they hacked Dean's personal email account somehow? YIKES. I hope all is okay with your personal email Dean. Then again I am pretty acknowledgeable regarding how spammers and hackers roll, so perhaps sending such emails with to look as if they came from a person's legitimate email address may be an old-school technique.

Boa sorte para ti e ao resto dos membros de PalmTalk .

[Palmy]

Wondered what that was... Didn't open it up. Make sure you have your anti-virus software up to date whenever opening emails.

[steve 9atx]

Dean

I feel your pain; and, I know you know I'm serious because you remember my

point of reference.

The reason I was dumb enough to click on the attachment was (first of all, I was

asleep, but) mostly because I trusted your .MAC address. I always heard that

Mac's were invulnerable to this sort of thing..... That's it. From now on I'll only

trust my guns and religion sites. Send me a PM if you want me to forward some

links for your safe surfing pleasure.

Steve

[LauraAnu]

Thanks Dean for the explanation. I did receive this message but thought it was spam and just deleted it.

Laura

[PALM MOD]

To answer a few of your questions. My personal email, or my personal computer, were not affected. This happened totally within the forum software. In other words, my email address is tied to anything sent to or from the forum. So when you, or a new member, or anyone who is having problems contacts the Forum Administration, the forum in turn contacts me via email. And when I contact someone as the Forum Administration (not via PMs) it ties my email address to it so you can reply to me directly. In this case the "Forum Administration" or the bulk email feature contacted everyone, and automatically attached my email address to it.

The reason for this is that in this manner, I don't have to log on to PalmTalk and navigate to the proper area constantly just to see if there are any messages. All my correspondence is received through my email client, even notification of PMs, new member sign ups, password requests, and general problems with logins, etc.

[peachy]

I am so glad I read this before checking my email. I had a look at the object in question and while I thought someone's english needs improving, I would have fallen for it , hook, line and sinker. Dean, you do a good job as moderator for IPS and this kind of violation really gets my blood boiling. I ask this...dont't these 'richard heads' have anything better to do than interfere with a nice little site that minds it own business and harms nobody. If the guilty party is reading this, get a life idiot. (and a job too)

Peachy

[Kathryn]

I didn't receive the message.

[Bill Schmidt]

Got it too, no clicky.

BTW Steve, all machines have a MAC address. It has nothing to with being a PC or Mac (like me).

Bill

Dean

I feel your pain; and, I know you know I'm serious because you remember my

point of reference.

The reason I was dumb enough to click on the attachment was (first of all, I was

asleep, but) mostly because I trusted your .MAC address. I always heard that

Mac's were invulnerable to this sort of thing..... That's it. From now on I'll only

trust my guns and religion sites. Send me a PM if you want me to forward some

links for your safe surfing pleasure.

Steve

[PALM MOD]

I am so glad I read this before checking my email. I had a look at the object in question and while I thought someone's english needs improving, I would have fallen for it , hook, line and sinker. Dean, you do a good job as moderator for IPS and this kind of violation really gets my blood boiling. I ask this...dont't these 'richard heads' have anything better to do than interfere with a nice little site that minds it own business and harms nobody. If the guilty party is reading this, get a life idiot. (and a job too)

Peachy

Thanks Peachy,

What many of you don't realize, nor would you have any way of knowing, is this forum and all forums/web sites, are really under constant attack 24/7. At any given time, 3-6 of the "guests" viewing the forum are from IPs based in Russia, or other hot spots of hacker activity. They are trying to register, or otherwise probe the software trying to find vulnerabilities in order to carry out certain nefarious scripts, or to gain control.

[PALM MOD]

Got it too, no clicky.

BTW Steve, all machines have a MAC address. It has nothing to with being a PC or Mac (like me).

Bill

Dean

I feel your pain; and, I know you know I'm serious because you remember my

point of reference.

The reason I was dumb enough to click on the attachment was (first of all, I was

asleep, but) mostly because I trusted your .MAC address. I always heard that

Mac's were invulnerable to this sort of thing..... That's it. From now on I'll only

trust my guns and religion sites. Send me a PM if you want me to forward some

links for your safe surfing pleasure.

Steve

Bill,

In order to clarify, Steve was referring to my email address - which is a .mac address, with a .mac extension - a service offered for Mac users. But you are right, all computers have a MAC address (something different), although not usually visible.

[Rafael]

Well, everybody was hoping this game was real!

So, why not create this game?

Does the Palm society want to make sucess?

And you John, who inicialized this topic, why dont you suggest it to the society?

Greetings

[Rafael]

Can you explain to me how do you inset this blue part of your message, with your identification and other stuff?

Thanks

[John in Andalucia]

Well, everybody was hoping this game was real!

So, why not create this game?

Does the Palm society want to make sucess?

And you John, who inicialized this topic, why dont you suggest it to the society?

Greetings

I think to be honest, everyone was just glad that they weren't the only ones to receive a potential virus threat, and that security at PalmTalk hadn't been seriously compromised.

[Ciczi in Sweden]

I got the mesage too and sent it to PalmMod. But have anyone of you had problems logging on? I had loads. I don't know if it got anything to do with the "hacking".

//Ciczi

[John in Andalucia]

I got the mesage too and sent it to PalmMod. But have anyone of you had problems logging on? I had loads. I don't know if it got anything to do with the "hacking".

//Ciczi

Ciczi, when you log in, un-check the "Remember me" check box, then clear you Internet files and cookies. It worked for me when I had problems logging in. You only need to clear your files if you have already tried to log in and got an error message. In future, you have to remember to un-check the box first, before you log in. I have to do this every time now.

[palmcurry]

What is funny to me is that someone wants to hack palmtalk!! A website for gardeners

Not exactly a high rolling, cash spending, frivolous crowd to exploit!

[dp0728]

I'm in the same boat as everyone else. I recvd it and deleted it. Dont know how it happen.

[Big Tex]

Yes, I got one. I honestly didn't pay too much attention to it and just deleted it.

[SunnyFl]

I hadn't opened my email in quite awhile. When I got back from S FL today, I went through the emails since I could open it without trouble.

I got the message - appeared to be from Palmtalk and opened the email. It looked damn weird and I went to close it and THE LINK OPENED!

WTH am I paying good $$ for McAfarce Security and putting up with ENDLESS Windows "security" (HAH!) updates? Didn't do much good, did it

Anyway, the link had some french stuff that looked as if the site wasn't working or something - I closed it PDQ. So - has my computer been hacked or what is going on? I'm too old for this.

[Paul The Palm Doctor!]

Ditto here; #@**#!!! I don't even open things that ARE not in SPAM folder but I might never have had contact with before...out it goes into the cyber trash cylinder!

Keep watching out for garbage; it's a big time of year (I don't know why exactly, but statistically, it's way ahead of other 3 Qtrs of the year.)

BTW: 57 F. this AM; no browing noted on my ultra-tropicals like Artocarpus altilis (breadfruit trees) Currently 80 F. Nice recovery; miserable stratus cloudcover pushed in from Atlantic at 3 PM EDT. Very ugly looking! Warmer though tonight due to clouds by 5 F. That's pleasing, of course!

Pablo en western part of Ft. Lauderdale Metro area.

[PALM MOD]

I'll repeat for anyone who may have missed it.

If you are using a Windows machine, especially if you are still using XP, you must run your updates regularly, and update your anti-virus regularly, and your mal and spyware programs as well. Depending on what OS you use, there are other tricks and techniques that you need to be familiar with. Such as not running as an administrator, etc.

There is really no sure way to know if you "infected." It is possible for a good exploit to alter your anti-virus programs in order to hide. And root kits are virtually undetectable. For these reasons, you should know how to update and run your anti-virus programs and OS religiously, and it isn't a bad idea to run some off line virus checkers too, because many say there isn't one that can catch 100%.

Your chances of getting a virus are mostly from other places than PalmTalk. This was the first potential threat that I am aware of.

[SunnyFl]

I'll repeat for anyone who may have missed it.

If you are using a Windows machine, especially if you are still using XP, you must run your updates regularly, and update your anti-virus regularly, and your mal and spyware programs as well. Depending on what OS you use, there are other tricks and techniques that you need to be familiar with. Such as not running as an administrator, etc.

There is really no sure way to know if you "infected." It is possible for a good exploit to alter your anti-virus programs in order to hide. And root kits are virtually undetectable. For these reasons, you should know how to update and run your anti-virus programs and OS religiously, and it isn't a bad idea to run some off line virus checkers too, because many say there isn't one that can catch 100%.

Your chances of getting a virus are mostly from other places than PalmTalk. This was the first potential threat that I am aware of.

Thank you very much, Dean. I'm not sure what some of it meant (as I said - I'm old) such as root kit, but I definitely DO run Windows Updates - hehe Vista makes damn sure I do.

am i the only person on the planet who LOVES Vista.......

I have McAfarce running in the background if that does any good. Sounds as if I need to find a few more anti-virus things, argh. Any recommendations (other than Snorton AntiV)?

Palmdoctor said:

Pablo en western part of Ft. Lauderdale Metro area.

Ah Pablo i wish i did! today more than ever

[bgl]

Sunny,

somewhat unrelated to the main topic, but wanted you to know you're not the only one - I've two computers with Vista. It's only been 6 weeks, but my experience with Vista up to this point has been very positive.

Bo-Göran

[Nigel]

I had the email too, but far more annoying for me is the inability to login, it is 1.45 pm and finally got in after about 20 attempts with DNS error. This problem seems to be getting to the point where the forum is almost unusable.

[John in Andalucia]

I had the email too, but far more annoying for me is the inability to login, it is 1.45 pm and finally got in after about 20 attempts with DNS error. This problem seems to be getting to the point where the forum is almost unusable.

Nigel, there is a fix for this, if you have the same problem that I did. Here is the routine, you might like to try it.

1. Go to "Log In" from the front page

2.

Uncheck "Remember Me"

3. Now clear your Internet files and cookies!

You should be able to log in now. It's the only thing that works for me, and has to be done in this sequence, so give it a try.

[PALM MOD]

It's unfortunate that this stuff is necessary. But as the recent episode has illustrated, any security that can make it harder for the hackers is a friend of mine. It's too bad that some of it causes problems such as this for some members.

[Nigel]

It's unfortunate that this stuff is necessary. But as the recent episode has illustrated, any security that can make it harder for the hackers is a friend of mine. It's too bad that some of it causes problems such as this for some members.

Surely there is a better solution than to have a forum so secure that it is impossible to use. Actually I dont believe this stupid DNS error on login is security related, it is a fault in the software or server.