Jump to content
Be the first to know! Get our Daily Newsletter! ×

Phuket Gazette Hacked

RedCardinal

By RedCardinal
in Phuket

 Share

Recommended Posts

RedCardinal Advanced Member

RedCardinal

Posted
Posted

Just received this:

Dear Gazetteer,

We regret to have to advise you that your Gazetteer record (for registered Gazette Online members) with us may have been hacked. If so, we can assure you that no financial, credit card, or payment information of any kind is stored on Gazette servers and that you therefore have no financial risk. However, in the unlikely event that your Gazetteer password with us is used for any financial accounts, we would suggest that you now change it.

Last night's attack was stopped at 2am and all Gazetteer accounts are now wholly secure.

Some of the passwords in our Gazetter database have not been changed for 15 years. If you have not changed yours for more than a couple of years, we would suggest that you now do so – even if you have no reason to suspect that your account has been hacked.

One way to know that your record may have been hacked is multiple emails, purporting to be from the Gazette, regarding the posting of two or three news stories on line. If you've received more than one email for any story, then it possible that your record has been hacked.

Advertising accounts (both classified and commercial), Adpower accounts, Gazette Guide listings, Newspaper and Digital Gazette subscriptions, Charge Accounts and Events Listings were not in any way exposed to hacking and all user information in those accounts remains intact.

We would like to assure you that we have taken appropriate measures to strengthen the security of our site where it may have been exposed, including the installation of what many consider to be the 'annoying' Google Captcha human verification system. This means that users wishing to do the following from or in our website:

– 'Send an email to a friend'

– 'Send a letter to the editor'

– 'Comment' on a story in our forum, or

– 'Contact us'

will from now on need to verify that they are 'human' by entering a string of difficult-to-read characters before proceeding. However, given the trade-off of a minor inconvenience for enhanced security, we trust you will agree that the latter is paramount.

If your Gazetteer record was hacked we are most regretful about it and apologise for the inconvenience.

Dean Noble

Webmaster

Phuket Gazette

Quite scary that they think captchas have any implication for security other than spam prevention. If the vector was SQL injection then adding captchas will have no impact at all on a determined hacker. Worse still is that most hacks that grab user tables tend to leave more junk behind to allow future access. Also a shame that they didn't take the simple precaution of hashing or salting passwords...

Link to comment
Share on other sites
Pomthai Silver Member

Pomthai

Posted
Posted

Got same. They ought to be ashamed that they store passwords as plain text. I was very surprised to see this when I just changed mine because of this email. Not even the most basic of security measures implemented - even after this. They ought to have Khun Woody pop round. :)

  • Like 1
Link to comment
Share on other sites
Rickster Advanced Member

Rickster

Posted
Posted (edited)

OMG someone has a huge database of retards

I read Phuket Gazette not Thai Visa !!! 55555 just joking mods giggle.gif

I actually thought, when first reading, it was a hoax e mail and was going to start asking for passwords and CC details....

Edited by Rickster
Link to comment
Share on other sites
keestha Platinum Member

keestha

Posted
Posted (edited)

This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this.

Edited by keestha
Link to comment
Share on other sites
lavender19 Silver Member

lavender19

Posted
Posted

This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this.

Or even print an article in the online paper.Warning people.But nothing

Link to comment
Share on other sites
geriatrickid Star Member

geriatrickid

Posted
Posted

This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this.

Or even print an article in the online paper.Warning people.But nothing

If you were the PG would you want to admit to having been irresponsible?

  • Like 1
Link to comment
Share on other sites
lavender19 Silver Member

lavender19

Posted
Posted

This message landed in my junk mail folder and at first I thought it was a scam, couldn't PG have it sent in such a way that it would pass through the junk mail filters? Any somewhat more sophisticated spammer knows how to do this.

Or even print an article in the online paper.Warning people.But nothing

If you were the PG would you want to admit to having been irresponsible?

OK.Well then TV after all they are partners.

Link to comment
Share on other sites
JetsetBkk Star Member

JetsetBkk

Posted
Posted

I tried to post at the Gazette and got a "Your email is unknown" pop-up, so I had to click on something that caused a "Please Verify Your E-mail" message to be sent to me.

I clicked on the link in the email and it all went OK and I could access the Gazette and post.

But now I get this message:

You are not authorized to view this page

The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.

Please try the following:

  • Contact the Web site administrator if you believe you should be able to view this directory or page.

HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.

Internet Information Services (IIS)

I even changed my email address by turning off the modem for 5 minutes. Still can't get access. Maybe they are playing around with something.

Link to comment
Share on other sites
petercallen Platinum Member

petercallen

Posted
Posted

I tried to post at the Gazette and got a "Your email is unknown" pop-up, so I had to click on something that caused a "Please Verify Your E-mail" message to be sent to me.

I clicked on the link in the email and it all went OK and I could access the Gazette and post.

But now I get this message:

You are not authorized to view this page

The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.

Please try the following:

  • Contact the Web site administrator if you believe you should be able to view this directory or page.

HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.

Internet Information Services (IIS)

I even changed my email address by turning off the modem for 5 minutes. Still can't get access. Maybe they are playing around with something.

I am getting the same message when i try to log on to there site

Maybe they should employ someone who knows what they are doing

I have done nothing for PG to ban me

Link to comment
Share on other sites
lavender19 Silver Member

lavender19

Posted
Posted

I tried to post at the Gazette and got a "Your email is unknown" pop-up, so I had to click on something that caused a "Please Verify Your E-mail" message to be sent to me.

I clicked on the link in the email and it all went OK and I could access the Gazette and post.

But now I get this message:

You are not authorized to view this page

The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.

Please try the following:

  • Contact the Web site administrator if you believe you should be able to view this directory or page.

HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.

Internet Information Services (IIS)

I even changed my email address by turning off the modem for 5 minutes. Still can't get access. Maybe they are playing around with something.

I am getting the same message when i try to log on to there site

Maybe they should employ someone who knows what they are doing

I have done nothing for PG to ban me

I have been trying to post an ad for a brushcutter for sale all day and I am getting the same.

The trouble is getting some one who knows what they are doing would entail employing a farang

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...