RedCardinal Posted March 28, 2012 Share Posted March 28, 2012 Just received this: Dear Gazetteer,We regret to have to advise you that your Gazetteer record (for registered Gazette Online members) with us may have been hacked. If so, we can assure you that no financial, credit card, or payment information of any kind is stored on Gazette servers and that you therefore have no financial risk. However, in the unlikely event that your Gazetteer password with us is used for any financial accounts, we would suggest that you now change it. Last night's attack was stopped at 2am and all Gazetteer accounts are now wholly secure. Some of the passwords in our Gazetter database have not been changed for 15 years. If you have not changed yours for more than a couple of years, we would suggest that you now do so – even if you have no reason to suspect that your account has been hacked. One way to know that your record may have been hacked is multiple emails, purporting to be from the Gazette, regarding the posting of two or three news stories on line. If you've received more than one email for any story, then it possible that your record has been hacked. Advertising accounts (both classified and commercial), Adpower accounts, Gazette Guide listings, Newspaper and Digital Gazette subscriptions, Charge Accounts and Events Listings were not in any way exposed to hacking and all user information in those accounts remains intact. We would like to assure you that we have taken appropriate measures to strengthen the security of our site where it may have been exposed, including the installation of what many consider to be the 'annoying' Google Captcha human verification system. This means that users wishing to do the following from or in our website: – 'Send an email to a friend' – 'Send a letter to the editor' – 'Comment' on a story in our forum, or – 'Contact us' will from now on need to verify that they are 'human' by entering a string of difficult-to-read characters before proceeding. However, given the trade-off of a minor inconvenience for enhanced security, we trust you will agree that the latter is paramount. If your Gazetteer record was hacked we are most regretful about it and apologise for the inconvenience. Dean Noble Webmaster Phuket Gazette Quite scary that they think captchas have any implication for security other than spam prevention. If the vector was SQL injection then adding captchas will have no impact at all on a determined hacker. Worse still is that most hacks that grab user tables tend to leave more junk behind to allow future access. Also a shame that they didn't take the simple precaution of hashing or salting passwords... Link to comment Share on other sites More sharing options...
Peterocket Posted March 28, 2012 Share Posted March 28, 2012 Yep...plus the fact that most people use the same passwords for most their logins so these hacked accounts can now lead to access to all the most popular online accounts (amazon, hotmail, gmail, elance, banking etc etc) Link to comment Share on other sites More sharing options...
LivinginKata Posted March 28, 2012 Share Posted March 28, 2012 Just received the same message from PG. Link to comment Share on other sites More sharing options...
Popular Post BillR Posted March 28, 2012 Popular Post Share Posted March 28, 2012 OMG someone has a huge database of retards 3 Link to comment Share on other sites More sharing options...
Pomthai Posted March 28, 2012 Share Posted March 28, 2012 Got same. They ought to be ashamed that they store passwords as plain text. I was very surprised to see this when I just changed mine because of this email. Not even the most basic of security measures implemented - even after this. They ought to have Khun Woody pop round. 1 Link to comment Share on other sites More sharing options...
Rickster Posted March 28, 2012 Share Posted March 28, 2012 (edited) OMG someone has a huge database of retards I read Phuket Gazette not Thai Visa !!! 55555 just joking mods I actually thought, when first reading, it was a hoax e mail and was going to start asking for passwords and CC details.... Edited March 28, 2012 by Rickster Link to comment Share on other sites More sharing options...
pete600 Posted March 28, 2012 Share Posted March 28, 2012 Dont think it is related buy my Pay pal Ac got hacked last nyt $500 lighter Link to comment Share on other sites More sharing options...
merijn Posted March 28, 2012 Share Posted March 28, 2012 I had the same e-mail, I think that it is time to change my passwords. Link to comment Share on other sites More sharing options...
keestha Posted March 29, 2012 Share Posted March 29, 2012 (edited) This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this. Edited March 29, 2012 by keestha Link to comment Share on other sites More sharing options...
lavender19 Posted March 29, 2012 Share Posted March 29, 2012 This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this. Or even print an article in the online paper.Warning people.But nothing Link to comment Share on other sites More sharing options...
geriatrickid Posted March 29, 2012 Share Posted March 29, 2012 This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this. Or even print an article in the online paper.Warning people.But nothing If you were the PG would you want to admit to having been irresponsible? 1 Link to comment Share on other sites More sharing options...
lavender19 Posted March 29, 2012 Share Posted March 29, 2012 This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this. Or even print an article in the online paper.Warning people.But nothing If you were the PG would you want to admit to having been irresponsible? OK.Well then TV after all they are partners. Link to comment Share on other sites More sharing options...
JetsetBkk Posted March 31, 2012 Share Posted March 31, 2012 I tried to post at the Gazette and got a "Your email is unknown" pop-up, so I had to click on something that caused a "Please Verify Your E-mail" message to be sent to me. I clicked on the link in the email and it all went OK and I could access the Gazette and post. But now I get this message: You are not authorized to view this page The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. HTTP Error 403.6 - Forbidden: IP address of the client has been rejected. Internet Information Services (IIS) I even changed my email address by turning off the modem for 5 minutes. Still can't get access. Maybe they are playing around with something. Link to comment Share on other sites More sharing options...
JetsetBkk Posted March 31, 2012 Share Posted March 31, 2012 And now I can get back in - looks like they've been tweaking things! Link to comment Share on other sites More sharing options...
JetsetBkk Posted April 1, 2012 Share Posted April 1, 2012 And now I can't: The page cannot be displayed The request cannot be processed at this time. The amount of traffic exceeds the Web site's configured capacity. Link to comment Share on other sites More sharing options...
petercallen Posted April 1, 2012 Share Posted April 1, 2012 I tried to post at the Gazette and got a "Your email is unknown" pop-up, so I had to click on something that caused a "Please Verify Your E-mail" message to be sent to me. I clicked on the link in the email and it all went OK and I could access the Gazette and post. But now I get this message: You are not authorized to view this page The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. HTTP Error 403.6 - Forbidden: IP address of the client has been rejected. Internet Information Services (IIS) I even changed my email address by turning off the modem for 5 minutes. Still can't get access. Maybe they are playing around with something. I am getting the same message when i try to log on to there site Maybe they should employ someone who knows what they are doing I have done nothing for PG to ban me Link to comment Share on other sites More sharing options...
Iolare Posted April 1, 2012 Share Posted April 1, 2012 I've been denied access today also. Link to comment Share on other sites More sharing options...
lavender19 Posted April 1, 2012 Share Posted April 1, 2012 I tried to post at the Gazette and got a "Your email is unknown" pop-up, so I had to click on something that caused a "Please Verify Your E-mail" message to be sent to me. I clicked on the link in the email and it all went OK and I could access the Gazette and post. But now I get this message: You are not authorized to view this page The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. HTTP Error 403.6 - Forbidden: IP address of the client has been rejected. Internet Information Services (IIS) I even changed my email address by turning off the modem for 5 minutes. Still can't get access. Maybe they are playing around with something. I am getting the same message when i try to log on to there site Maybe they should employ someone who knows what they are doing I have done nothing for PG to ban me I have been trying to post an ad for a brushcutter for sale all day and I am getting the same. The trouble is getting some one who knows what they are doing would entail employing a farang Link to comment Share on other sites More sharing options...
Somtamnication Posted April 1, 2012 Share Posted April 1, 2012 Just back on now. Up and down all day. Link to comment Share on other sites More sharing options...
Somtamnication Posted April 2, 2012 Share Posted April 2, 2012 These people must be having major problems for the past 24 hours. Link to comment Share on other sites More sharing options...
george Posted April 2, 2012 Share Posted April 2, 2012 Message form Phuket Gazette webmaster: Link to comment Share on other sites More sharing options...
LivinginKata Posted April 2, 2012 Share Posted April 2, 2012 Might as well close this thread now that on is running in Phuket News Link to comment Share on other sites More sharing options...
Recommended Posts