This report, from a Ubuntu forum admin, would disagree with assertions that the forum software was "hacked" or that vBulletin was somehow to blame.
http://ubuntu-discourse.org/t/looks-...defaced/603/65
We now know what happened, it wasn't anything to do with a security hole in VB, all this came about via social engineering and legacy problems left over from when the previous owner was still running the forum. For some reason, some of the loco mods had admin privileges, and it was one of those accounts that was compromised, along with quite a few hooks in pnp that allowed the attacker tp deface the site. Canonical IS is in the process of rectifying the problems.
I'm pretty sure that "Fh7p6mG" is neither my previous forum username, nor is my login.ubuntu.com username. I have no idea where this was picked up from. Suffice to say I've now lost all my subscriptions and post counts. Whilst I fully understand the reasons behind this, it doesn't appear to be working for a significant portion of the users.And yes, I did make sure my main email account in login.ubuntu.com is the same as my old ubuntuforums.org email address.
Okay, I managed to fix it. I had to create a NEW login.ubuntu.account (even though I have one already), with the same email address as my ubuntuforums one, even though I had set my previous ubuntu.com account to have the same preferred email as my forums account. So now I'm using two SSO accounts. Not ideal, but I guess I'll have to live with that.
Trying to create an SSO account was extremely unintuitive to say the least. But there is an issue I find much more annoying. When I receive an email notification of a thread I'm following and I click on the link, it does take me to the page. However, if I don't log in I will not receive further notifications. If I do log in, instead of taking me back to the page I was on, it takes me to the home page of the forums. The other problem is, apparently you can't stay logged in as you could before. So every time I get a new email notification I have to relog in. This all seems more trouble than it's worth.
"I've asked you a million times not to exaggerate!"
iMac 3.4 GHz Intel Core i7 32GB NVIDIA GeForce GTX 680MX 2048 MB
If you ask nicely perhaps someone will make the salt and the hash of your old password available to you. Then you can test the various passwords that you think it might be.
It goes without saying that you should just never ever do this.There is some chance that it is the same as some of my current passwords for various online accounts and such.
If you think that any of your passwords is strong enough to survive MD5 brute forcing then you can take a punt and not change that password.Now I have little option but to ...
The only person who can get you your old password is the hacker, as Canonical IS overwrote all passwords and randomised them.
If you feel that you might have used the same password on any other site, or system, then change them.
In fact, for good measure, change all your passwords.
Splat Double Splat Triple Splat
Earn Your Keep
Don't mind me, I'm only passing through.
Once in a blue moon, I'm actually helpful.
Just happy it's back. Very happy.
Severe withdrawal symptoms exacerbated by a broken machine and only being able to operate in Windows until I build another one were made even worse by not being able to experience Ubuntu vicariously.
First world problems eh?
OK, so I was on of the lucky ones who got the same account after registering on SSO
IMHO the whole thing is a bit overboard. As long as I am not moderator or admin, there is no need for a really secure forum access. Using a trivial password exposes yourself to what? Someone who masquerades as you to troll people? Big deal... When I received the mail from UF about hacked accounts, I didn't raise an eyebrow... even the mail userid isn't the main one so it cannot be used to log in on my mail box.
Now the very down-to-earth and practical question: in the former life of Ubuntu forum, I could have a bookmark on http://ubuntuforums.org/usercp.php and the userid and password kept by Firefox so checking out new stuff on UF was a one click operation. Now it takes me through several pages and leaves me in UF home. So what can I do to get back to the original? What id should I use to login? the UF one? My name on U1? My mail for U1?
Bookmarks