Recent Attack

Could just reset everyone's passwords, would be easier - and put a message on the failed logon attempt advising users to request a new password. That wouldn't result in 100's of thousands of emails - most of the users have probably never posted anything.

Anyway, I'm not kicking up a stink as such, just advising people to change their passwords. The impact should be minimal if people follow proper guidelines and have one password per site and don't repeat it anywhere :)
 
Do you have any idea what happens if you try to send out 375,000 email from a single source?
You get classified as a "Spammer", start showing up on Spam websites, and many ISPs start blocking emails from your IP.
We already have some situations where some ISPs block our emails, as I see it often when people send us emails when they sign up and never receive the confirmation email that we send that contains the link they must click to activate their account.

Actually yes, I have a pretty good idea considering I regularly setup and configure web servers and there are certainly proper ways of going about sending out these emails. If Sony, LinkedIn, Yahoo, Apple etc, can do it, so can you. Ensuring SPF and DKIM is properly configured and knowing your server's SMTP limits for starters. Abiding by legislation also helps to prevent being marked as a spammer (by including un-subscribe links). It would also be ill-advised to send emails to all 374,509 members of this forum. I'm willing to bet at least half of that total member count are dead accounts to begin with. You could have started with the users who've actually logged in within 3 months prior to the security breach.

Upon doing a bit of research, MrExcel.com appears to be hosted by a company called Pair Networks. As per their terms of usage, MrExcel.com cannot:

Send out mail to more than 25 addresses in one batch, whether sequentially or in parallel. Such batches must "sleep" for at least three seconds between each delivery attempt. Please consider using our pairList service for such mailings.

It identifies that should you wish to send out mass emails, do so in batches of 25 with at least three seconds between each delivery attempt. Furthermore, it seems Pair Networks even provides you a tool they call "pairList" for this very purpose.

Look, I'm not trying to incite any arguments, I'm just calling out the facts. There appears to be a lack of concern for security around here (I mean heck, you just got hacked and yet your STILL using the same very out-dated forum software--where's the logic in that?). At the absolute very least, I suggested removing the version number so as not to publicize to the entire world that your using out-dated and bug-riddled software, yet that suggestion was entirely ignored.

Have you guys even actually identified the source of the hack yet? Has anyone even sat down and gone through the Apache logs?

MrExcel.com has grown into a powerful community of 374,510 people. This puts a target on your back for hackers and data thieves. Whether you like it or not, you have an obligation to perform your due diligence to ensure the privacy and security of the members of this community.

I know how to protect myself in an online world, its the other 374,509 people that I worry about. I just don't understand how you can be so non-chalant about the fact that you have a huge number of people who could unknowningly have someone digging about their email inbox as we speak; who knows what else. Hell, the very fact that someone is out there making money of a list of your users. This is okay with you?

You'll have to excuse me because I've grown rather attached to MrExcel.com and it's a little upsetting to hear this happening and to be met with defensive sarcasm and vague information from the leaders of this community.
 
The page for password change is presently not secured. To me, changing the password now over an open link is not much better (and perhaps even worse) than leaving it as is.

J.Ty.
 
I also cannot stress enough the importance of using strong passwords. LastPass is an amazing tool. With it, every single one of my accounts all use a unique 20 character password. (EG: &8y*^Ex4Zvk$&S!7A9nV) The odds of it being brute forced, are so astronomically small, that I have absolutely zero concerns as a result.

Also worth mentioning is that LastPass (presumably other password managing browser extensions such as KeePass) perform the logon for you and makes password changes easy.

Worth noting is there is a 'Security Challenge' tool in LastPass that will rate the strength of the passwords you use. For example, my MrExcel pwd scored 97% (only 12 characters long and contains no special characters). You can filter the 'Security Challenge' results to show compromised passwords. I haven't done mine for a while. I just found five more hacked accounts with passwords that require changing. I thank Mrexcel for indirectly alerting me to those problems.
 
So I can't seem to find how to delete my account from the user control panel and I've contacted a moderator and nothing has happened. Can an administrator please delete my account. I no longer want to remain a member of this forum. I'd appreciate if you can completely remove me from your database.

Can you let me know when this is done because I rarely use this site. Thanks
 
Last edited:
So I can't seem to find how to delete my account from the user control panel and I've contacted a moderator and nothing has happened. Can an administrator please delete my account. I no longer want to remain a member of this forum. I'd appreciate if you can completely remove me from your database.

Can you let me know when this is done because I rarely use this site. Thanks
Likewise. It's been about two years since I've used the forum. I just rather delete it and then I'm also going to delete the email address that's associated with this account.

Please send me an email when the account is deleted.
Thanks!
 
Can you let me know when this is done because I rarely use this site. Thanks

Please send me an email when the account is deleted.Thanks!

Unfortunately, that won't likely happen considering you've both made posts on this forum. Deleting your accounts would to my best knowledge, bork up any thread your account was part of.

CLICK THIS LINK and just change your email to any @mailinator email address and change your password to random nonsense you're never going to remember. You account is as good as deleted.

With that, I bid you adieu.
 
I have received an email allegedly from Bill Jelen of this forum.

I am now reading, via this thread, of an attack on this form which has resulted in obtaining users emails and passwords.

I am very concerned and annoyed to read that this attack happened over a month ago and yet I have only been informed today. Not being a regular visitor I would not have seen the warnings provided and now learn that my details have been in the hands of criminals for over a month.
 

Forum statistics

Threads
1,223,246
Messages
6,170,999
Members
452,373
Latest member
TimReeks

We've detected that you are using an adblocker.

We have a great community of people providing Excel help here, but the hosting costs are enormous. You can help keep this site running by allowing ads on MrExcel.com.
Allow Ads at MrExcel

Which adblocker are you using?

Disable AdBlock

Follow these easy steps to disable AdBlock

1)Click on the icon in the browser’s toolbar.
2)Click on the icon in the browser’s toolbar.
2)Click on the "Pause on this site" option.
Go back

Disable AdBlock Plus

Follow these easy steps to disable AdBlock Plus

1)Click on the icon in the browser’s toolbar.
2)Click on the toggle to disable it for "mrexcel.com".
Go back

Disable uBlock Origin

Follow these easy steps to disable uBlock Origin

1)Click on the icon in the browser’s toolbar.
2)Click on the "Power" button.
3)Click on the "Refresh" button.
Go back

Disable uBlock

Follow these easy steps to disable uBlock

1)Click on the icon in the browser’s toolbar.
2)Click on the "Power" button.
3)Click on the "Refresh" button.
Go back
Back
Top