"ExclusiveMember" trying to sell me a domain he doesn't own

[Mazkel]

FYI

"ExclusiveMember" sent me a PM yesterday trying to sell me UXH (.) com for 3.5k and asking for an MSN email address. I've already contacted the owner (who is also a member on DNF) who states that she has not sold it.

Mods - please move to appropriate section if needed.

[loscocco]

Thanks Mazkei for letting me know.. I am the real owner of UXH.com and have been so for the past year or so. It still shows as being locked in my account and i have changed all the passwords but if this person contacts anyone else please report the thread to the mods and me.
Glad to have people with a watchful eye out there in the community like yourself.
Erin

---------- Post added at 06:45 AM ---------- Previous post was at 06:42 AM ----------

Edit.. just like the Whois just changed in the past few minutes
this domain is STOLEN.
i am on the phone with Moniker right now.
Erin

[biggedon]

which exclusive member sent the pm?

[NameGuy]

He sent me a pm also trying to trade it. Member name is 'ExclusiveMember'.

[Mazkel]

which exclusive member sent the pm?

His member name is "ExlusiveMember". Has been around since 2006.

[katherine]

That E-mail address is associated with at least one other LLL.com: Sqn.com

Plus, that person appears to have owned teens.us: http://74.125.77.132/search?q=cache:...s&client=opera

---------- Post added at 05:05 PM ---------- Previous post was at 05:01 PM ----------

Owns refund.us too.

[Millering]

Thank you Mazkel,
how come a 2006 member doing this? Or his account was compromised?

[loscocco]

Moniker is currently doing an investigation regarding UXH.com
thanks everyone for noticing this.

[Acro]

Ah, "brilliant".

So by using the moniker "ExclusiveMember" he tried to pull the same trick Odysseas did with Cyclops Polyphemus; when asked what is his name, he said "Nobody". When Odysseas and his mates blinded him, Polyphemus screamed to his brothers that "Nobody was blinding him"

So "ExclusiveMember" is faking his status. With 2 posts since 2006 it looks like a compromised account.

[Seraphim]

So by using the moniker "ExclusiveMember" he tried to pull the same trick Odysseas did with Cyclops Polyphemus; when asked what is his name, he said "Nobody". When Odysseas and his mates blinded him, Polyphemus screamed to his brothers that "Nobody was blinding him"

[Acro]

Odyssey is full of lessons

[Nathan King]

If the account was compromised then dnforum has serious problems. The forum software blocks brute-force attempts so if accounts are being compromised it is most like via sql injection. SQL injection means often times that the hacker has full access to the database. Any information that is not properly encrypted would be available to the hacker.

If the account was compromised via SQL injection, it is most likely because the hacker has acquired the password from the database (md5 or sha1 hashed). A hashed password is not as secure as one that is properly encrypted as it can easily be brute forced if not long/obscure enough.

This is why it is important to have a long password containing numbers and symbols. Short passwords or passwords containing a dictionary word (such as "swordfish" or "mousepad3") can quickly and easily be brute forced. Make sure that your password contains capital letters, numbers, and symbols. The longer the better, but at least 9-10 characters long is necessary to prevent brute-forcing.

Many people use the same password for multiple sites. Think about what kind of damage could be done if this were the case and a hacker got a hold of your password.

[biggedon]

Ah, "brilliant".

So by using the moniker "ExclusiveMember" he tried to pull the same trick Odysseas did with Cyclops Polyphemus; when asked what is his name, he said "Nobody". When Odysseas and his mates blinded him, Polyphemus screamed to his brothers that "Nobody was blinding him"

So "ExclusiveMember" is faking his status. With 2 posts since 2006 it looks like a compromised account.

theo, i like the analogy




one thing i suggested a while back, was that the forum should restrict the use of certain dn forum "user" names.

as such, a user's name can i cases "confuse" others into thinking "what we/i thought" ( as in "exclusivemembers'" level of membership) as well as put members into a state of "assumption" about one's "extertise" in a field when using a "user" name for example "seoexpert"...if you have no proven seo skills ( no offense to seoexpert) or "platinummember or platinumember" etc..


also, this gold member was trying to sell via pm and i'm wondering if it was reported. since gold members aren't allowed to "solicit domains for sale"?

if the seller was legit and was willing to go thru escrow or other secure means, as a gold member, they would never have to upgrade, since they were conducting biz via pm's.

who's going to report a member when they are getting great deals?

maybe no one...until they get scammed!



netsniff.....do i smell a loophole somewhere



if so, how you gonna fill it?

[Acro]

If the account was compromised then dnforum has serious problems.

There is no "need" for a BF attack; your password can be stolen locally - from your machine. Install a good antivirus and never chat with strangers over AIM etc.

[Nathan King]

There is no "need" for a BF attack; your password can be stolen locally - from your machine. Install a good antivirus and never chat with strangers over AIM etc.

If the account was not logged-in to but a couple times a couple years ago, I wouldn't think the password would still be on the computer. And packet sniffing wouldn't work either if the account was never accessed.

[Acro]

The last time I saw BF being used by script kiddies was 10 years ago. Today's commercial products, including vBulletin, have methods in place to prevent the storage of weak passwords to begin with. Never underestimate the ability of trojans though or of social networking.

[Nathan King]

The last time I saw BF being used by script kiddies was 10 years ago. Today's commercial products, including vBulletin, have methods in place to prevent the storage of weak passwords to begin with. Never underestimate the ability of trojans though or of social networking.

The 2nd example of a weak password that I provided would be accepted by vbulletin and this site. vBulletin does use a salt when storing the password which makes it considerably more secure, but don't underestimate sql injection. Some of the biggest sites you've hear of have had major sql injection exploits in recent years.

[Acro]

SQL injection depends on severe flaws of the underlying software; with vBulletin's update cycle there is literally no time for 'zero day' exploits. What I'm trying to say is, that this looks like an isolated incident of an account that was either created a long time ago to create malice when time would come, or an account theft from someone's computer.

[katherine]

Another possibility is the hijacking of the E-mail account of the member. Or his password(s) leaked due to being infected by a keylogger.

[Nathan King]

The account was last logged into 4 years ago and even then only 2 posts were made. So I don't see where people get the idea it was a trojan or keylogger as these require the account owner to log in to be effective. If the account was recent then yes these are likely possibilities but the account has been inactive for 4 years.

---------- Post added at 04:52 PM ---------- Previous post was at 04:46 PM ----------

Most likely the original account owner is the scammer however if the account was compromised it was done via different means than trojans or keyloggers or packet sniffers. I've seen many accounts get hijacked on other major forums via sql injection (even vbulletin, but that was 3-4 years ago) so if you ask me that would be the most likely scenario given the facts. Any plugin or custom coding done could create sql injection vulnerabilities, so it is not limited to vbulletin exploits.