Important notification

[ENXF NET]

everyone change password, i will update addon and style + vip later, wait me 2-3 hours everything will be fine
Outplayed + Verss leaked with Cookies, they stole my forums data Please be alert eleaks.to

 

[Ayon]

everyone change password, i will update addon and style + vip later, wait me 2-3 hours everything will be fine

enxf netvip Mamber Please Add

 

[ENXF NET]

Give me time, I'll update it, I'm quite busy with external work

 

[Ayon]

ok thanks

 

[kullas]

vip Mamber Please Add

 

[DareSec]

How it's hacked?

 

[ENXF NET]

this is my mistake, i log in ssh and he supports me from afar, he took my database, he is not qualified to hack me

 

[DareSec]

its big mistake . who support you ? . whom you given the Credential ?

 

[ENXF NET]

@DareDevil Cookies by eleaks.to, 1 serious mistake

 

[DareSec]

@ENXF NET u know him from only months .you trusted him . You cannot trust anyone in these type of serious matters .

 

[ENXF NET]

I'm quite busy today, I'll update it all tomorrow

 

[Appmorn]

@ENXF NET i warn everyone in his hosting thread but no one cares. now see the result.

 

[dinhphucv]

Even though it’s almost impossible for them to reverse hashes password, I still recommend you guys to change passwords, including the account you shared through messages as he could read those easily. The website is still being ddos pretty heavy so you may get a challenge when access to the community. When your trust put in the wrong place.

 

[Warfare]

Yes very good advice. I did so as soon as they took the site over when I noticed it.

 

[DareSec]

@Appmorn , Enxf he have to learn something .before anything doing .think or ask whom you know well . Or he don't care about site website data or user privacy . Then do whatever you want ,leak data or sell .know one stopping .

 

[sucre13]

@DareDevil you never finish meeting a person

 

[Pr0fesseur]

So sorry to hear! i am more than willing to help! as you can see ive done a great job with my forum!

 

[Pr0fesseur]

"Even though it’s almost impossible for them to reverse hashes password, I still recommend you guys to change passwords, including the account you shared through messages as he could read those easily. The website is still being ddos pretty heavy so you may get a challenge when access to the community. When your trust put in the wrong place."


This is totally not true!!! reversing hashes is quite easy depending on the type of hashes, if youve stored your password hashes without them being salted then they can be cracked in a matter of minutes especially when using GPU hashing techniques and rainbowtables
Im a digital forensic examiner by trade and this happens all the time to our clients. ther are some great steps you can take to harden your infrastructure to slow down would be attacks and prevent them from getting your passwords!

https://www.mssqltips.com/sqlservertip/3293/add-a-salt-with-the-sql-server-hashbytes-function/
https://project-rainbowcrack.com/table.htm
https://cqureacademy.com/blog/secure-server/extract-hashes-sql-server-logins

 

[dinhphucv]

The one who steal the database may not have the skill to reverse password. As the owner of this site doesn't have much skill on server management, several days ago before he got scam, this site got some problems with VPS provider and I did move this site to a new provider and added php argon2 password hash algorithm. You can see more details about xenforo password here: https://xenforo.com/community/threads/password-formula.32191/#post-367845
So anyone want a copy of this community's source + database can contact me .

 

[Warfare]

I am only speaking for myself. Yes, it was a big issue for the site to be taken. But it happened, and it sucks having to change your passwords but it's a must. I personally would love to see the ENXF community of good people help it to continue and thrive and be a healthy forum. I hope all the rest of you do as well. I enjoy being here.