Jump to content



Recommended Posts

I sincerely hope that it's just coincidence, only recently signed up here and being a good little vegemite, I complied with the no free e-mail instruction and registered with my main address. Well lo and behold, for the first time in 2.5 years, I have a string of spam ads all promising to make me a red hot lover etc.088_censored.gif.2b71e8da9d295ba8f94b998d0f2420b4.gif


Anyone else had this happen or am I just unlucky?



Link to comment
Share on other sites

While I completely sympathize with your problem, I am sure it is not our site that is responsible. No one else has reported any problem. I have a similar spam-free record with my current email address. Our security is very tight and is constantly monitored and improved.


We will investigate.




Tech Support



Link to comment
Share on other sites

Spin - I would think that it is just coincidence or somewhere else you have been to on the internet.


The email addresses are stored in a database and are encrypted - in other words an email address of [email protected] is stored in the database as something like "gxsj56hgfk678dm5jf7". This encryption is based on a group of characters that I personally created and no one in the world, even my own wife, know what those characters are. Software on the server takes your email address and then applies a formula to it using my encryption characters that are stored in a different place.


Furthermore the forum software doesn't make any calls on your email address to the front end (the screen) but rather pushes information out through the mail server based only on any threads that you have subscribed to - in other words information is pushed through and not pulled out to ascertain any email address information. I don't allow forum members to email each other as that would mean initiating the pulling out of an email address which could then be open to exploits. This is why I am looking into the recreational flying email addresses.


As most people that have been here for some time would know I am so hell bent on security so i am sure it can simply be that you have gone to some website that has got your email address by looking into your computer and then on-sold it to spamming companies - it only takes one site and bang, your email address is known everywhere. Forums that offer emailing facilities are a security risk, phpBB forums are a security risk, cookies are a security risk and much much more. Your email address is stored on your computer in many places like favourites for webmail, internet history etc.



Link to comment
Share on other sites

I must be lucky. My server,(Westnet), offers an anti-spam screen - which works tolerably well. But, I spend over $100 pa on a good Norton program as well, and have had nil problems since using it.


happy days....without spam!!



Link to comment
Share on other sites

This has been troubling me all night so I thought I would let everyone know how serious I take security of these forums and your personal information.


Every night some software that I have randomly selects 5 users and does a security check on them. It uses a point score and alerts me if it doesn't come up to 10/10 - anything below 6/10 I will delete them immediately, anything between 6/10 and 9/10 get a please explain PM. No doubt some forum members who have received a please explain can vouch for this.


Every IP address is checked for its location. If an IP address location isn't around the location that has been placed in the location field of the user then a bell rings and further analysis happens to ascertain its validity such as ISP name (Optus, Bigpond etc are ok). One user recently was suspended because their IP address was from Sydney yet their location was in Brisbane. I then phoned the user with the phone number that they provided in their registration and found it was a fax machine - USER SUSPENDED until some true identity is ascertained. The user complained to some RA Board Members but lucky another user was able to vouch for the person so the suspension was lifted.


If two people log in to the forums from the same computer I am sent a warning email. This is investigated to find out why and if needed a phone call is made to find out more. if things don't add up then DELETE. Naturally members like Matt/Kazz, David/Marilyn, Darren/Emma etc ring bells but we know they are partners, husband/wife etc but every other one is investigated. Like all the security that is used in this website can be vouched for by those members that have received a please explain.


What I can't protect is any email address that a user puts in a post in these forums:


1. Announcements/NOTAMS


2. The Recreational Flying Flyin


3. Aircraft ADs & ANs List


4. Kit Building


The above forums are unlocked and Public - the posts in those forums can be viewed by the public and therefore by spam robots etc that search the internet for email addresses. All other forums are locked to viewing by the public but any email address placed in a post in the other forums should still be considered as being made public.


All user's ISPs are checked and non known ISPs like Optus, Bigpond etc are checked that they don't offer the use of a free email address. If they do then the user is advised that we don't allow the use of free email address providers. However, in just a few cases where the user has had no other alternative and we have ascertained without any doubt the true identity of the user then we have allowed it - but as I said there are just a couple.


A back-door is purposely left open at a x% hack difficulty level. If anyone tries to hack into the forums they will find that back-door but they are then led up a garden path. While they are being led up the garden path an application is collecting as much information about them as possible and then sent to me. The back-door is then slammed shut but I can then try and find out who tried to hack in. This has only happened once in the 3 years the forums have been operating.


There are a couple of suspect forum members that are watched (I know who they really are but they have tried to be anon) and an application tracks their movements in the forums whenever they visit them. I don't want to stop people from using the forums especially for the safety learning aspect but I need to protect the honest members.


These forums use paid for professional software so their security integrity is always being checked. Forums that use software like phpBB are very dangerous when it comes to protecting your information. phpBB is the most hacked software in the world. For example one aviation forums that use phpBB recently locked their forums that only registered users can read all the posts in a thread and guests can only read the first post of the thread. I am not registered in those forums (I won't register in any phpBB forum unless I use my laptop which doesn't have any personal information and only my hotmail email address anywhere on it) but I easily hacked into their forums and I am able to read every post that is made. I looked at phpBB for these forums but when I tested them I found that a person of my knowledge could hack into them pretty easily in various places.


When you go to some web sites they have software that will look into your computer and harvest any email address that they can find. For example find out yourself how protected your PC is by:


Firstly a warning - be careful in this area of your computer and don't change anything


1. Click Start - Run


2. In the popup box enter regedit - click OK


3. In the window that opens click Edit and then Find from the menu bar


4. Enter your email address or even a part of it in the find box and click Find Next


If it finds your email address then there you have it - don't forget to exit out of that window WITHOUT CHANGING ANYTHING. Your email address can be stored in many places on your computer.


Everyone here that has had a problem with their password will confirm that even I am unable to find out what your password is - I can change it but I can't read it as it is one way encryption like also your email address. What one way encryption is, is that abc is changed through code to end up being stored like xyz. When you put your password in the software doesn't read your password and checks it but it applies the same code to what you have entered and then compares the result with what has been stored i.e. it applies the code to your abc entry to get xyz and then checks that the stored value is also xyz. Here is an example of an encryption procedure in Visual basic that I wrote for an old application that I developed encrypting a text value into a numerical value (I now use alphanumeric):


On Error GoTo HandleErr


Dim N As Integer


Dim countn As Integer


Dim letter As String


Dim lockn As String


N = 1


If ID = "" Then


MsgBox "This error is ""Fatal"" No 6.", vbCritical + vbOKOnly, "Fatal Error - 6"


StandardError Err, Err.Description, "FATAL ERROR - 6"


DoCmd.Quit acQuitSaveNone


End If


If Len(ID)


countn = Len(ID)


lockn = 21659


Do Until N = countn + 1


letter = Mid(ID, N, 1)


lockn = Val(lockn) * (CLng(Asc(letter)) * DatePart("m", Date))


If Len(lockn) > 12 Then lockn = Right(Fix(lockn * 0.21659), 12)


lockn = Val(lockn) * (CLng(Asc(letter)) * (DatePart("yyyy", Date) * 0.0001))


If Len(lockn) > 12 Then lockn = Right(Fix(lockn * 0.12198), 12)


N = N + 1




If DLookup("Key1", "USysAccessKey") = "235147427207" And _


DLookup("Key2", "USysAccessKey", "ID=" & DatePart("m", Date)) = lockn Then


CheckUnlockCodeMonthly = True




CheckUnlockCodeMonthly = False


End If


The ID value is say your password.


If your password is less then 8 characters it adds the words Caitlin Emily to your password and then changes the ID text


It then counts the number of characters in your password as this will be used to perform that number of iterations of the code.


It also remembers a secret number - in this case 21659


It also looks up the date of registration as it is also a variable


it then loops some code the number of times that equals the number of characters in the newly created ID


Each time the number of characters in the looping code is greater then 12 then it drops off the last number - when it drops off it is gone for good so the number keeps changing.


At the end of the many number of times it loops it then checks the number that it has got to with the number that is stored in the database (key2 in this case) and says True if they match and lets you in. If it says False then it doesn't let you in. To find out what your password really is then you would need to know what that number is that was dropped off every single time it went through an iteration. If I put [email protected] with a registration date of Feb 2008 into the above code the email address is stored as 011595338260 or if I put the same email address in but with a registration date of Mar 2008 then 829021357492 is stored in the database.


There are also so many more different security things implemented like a time limit between PMs, number of PMs sent within a set time that I am notified on immediately that anything untoward happens plus many more other security things that I won't mention (for security reasons offcourse) but a lot of my time is spent on security ensuring that you, your information and these forums are so strongly protected and I am always looking for new ways to even protect them further. However, security is an ever evolving thing and I can never guarantee 101% that some breach may ever happen hence why in the registration rules it says to always consider the information as public - this is just to cover myself.





Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...