Posted by mixin
I just got an email from "Ebay" asking for my credit card details because my account was about to be terminated due to outstanding bills. I knew this was obviously a fraudulent email because major companies never ask for details like that in emails.
It got me thinking though. How safe is esato?
If someone sent an email claiming to be from esato, would you click on the link and fill in your login details? I think most would probably fall for it, because there aren't really important details on esato to spread. But you're account could rather easily be hi-jacked by someone whose smart enough to know about faking emails!
This also lead me to thinking how secure is esato itself. I know that esato is still using the original PHPBB, and hasn't upgraded to phpbb2 yet (it would be time consuming to do so). But does this throw up any security concerns? Is the original PHPBB easier to break into so people can take down the whole forum or hack into moderators accounts?
Ultimatly i'd like a reply from Laffen to reasure me on the how safe esato is, cos i wouldn't wanna see it dead when i wake up in the morning
Posted by whizkidd
Thats a scary scenario you're talkin about.
Posted by *Jojo*
Yup! As I just can see some posts abruptly disappearing right in front of my face early this week as I post, and I guess the mods are not doing the deletion back there
. Honestly, speaking there are/is some 'magicians' here who are just so talented that they can penetrate into the system without the mods, (I hope not @laffen included here) knowing it 
@laffen - I guess your site needs more security tightening, Norton anti-virus cannot do the job all by itself here . . .
Posted by plasmadog
its rather easy to get your email address if the spammers/tricksters know who to target. its a good thing you didn't fall for that email fraud, but its only because u are vigilant. and that's what everyone needs to be.
but that apart, since esato doesn't have things like credit card payment gateways and such, i don't think a very high level of security is needed. there is a lot of personal information being exchanged true, but this is a far cry from being a commercial website.
Posted by whizkidd
Plasma, i am least worried about the email thing. What bothers me is a scenario where Esato is hacked by some idiot. Thats what i fear the most.
Posted by Asterix
Cīmon guys, don't panic, let @laffen and the mods manage the situation, they should be aware of the security on esato and they've demostrated that they know what they're doing.
Posted by Johnex
There are mayor bug fixes from phpbb to phpbb2 though. Hopefully laffen has blocked those holes in the system without a mayor update of the forums.
Posted by knight4led
I'm not that sacred. Only my old email and aim are listed
Posted by tranquil
Esato will never question anyones password in any way. If you ever recieve an e-mail questioning the status of your Esato membership/account concider it a scam and report it.
I've asked Laffen the same question a coupple of times.
His reply to me then has been "No way!", with a big grin on his face
Esato is Laffens' "baby" and he is looking after it and making sure it is as safe as it can possibly be.
As far as hacking other users' accounts via e-mail is only possible to do if the reciever of the e-mail gets tricked into answering.
Pretending to having managed to hack in to the moderator facilities is not difficult at all. With a tiny bit of a creative brain it does not take much to figure that one out
(I'm, offcourse, not going to tell how it's done but there is only one way to do it and it's very easily spotted by a moderator.)
I can promise you, on behalf of Laffen, that there is nothing to worry about. Esato will not dissapear because of some idiot who doesn't know the difference between mine and yours.
_________________
Tranquil
Esato Shop
[ This Message was edited by: tranquil on 2004-10-09 08:18 ]
Posted by kimcheeboi
tranquil you will have everyone on esato trying to 'hack' it now!
im watching you!
Posted by Johnex
A little research on google gives a long list on phpbb 1 bugs.
Posted by Ayush
Thou searched google wap? :-D
Posted by Johnex
:D there too....
Posted by Dragonfly_TP
This is just paranoid. You should never give any account details, passwords or creditcard details by mail. Als never post any personal info and other details in online forums. Speaking of being paranoid, google had become very powerful. Leaving any information on the internet and it might be found by a simple goooogle search!
Posted by Johnex
Yes, thats what i'm trying to point out.
Posted by Dragonfly_TP
google even searches through esato posts. Try this: type in as search: "firstname lastname" i.e. "Bill Gates" or any nickname, username and so on.
Posted by Johnex
Yeah, you an pretty much get their full profile.
Posted by knight4led
Nothing on the net will ever be 100% safe. Just have to learn to deal
Posted by shyam335
Thats true .
Posted by methylated_spirit
MixiN voiced some minor concerns because it isnt the latest version, and everyone started screaming "Oh my God, The internet is going to die because of this!" sheesh.
Posted by k4m!k4ze
Cool down guys. There is probably a backup of the esato site and its database (i really hope so). And even if it was hacked, wouldn't you guys wait while it comes back online again ? I certainly would.
Posted by kimcheeboi
if esato is hacked i think that would trigger a major retaliation by lots of esato-addicted geeks!
Kind of like taking a heroin user's heroin away
Posted by tranquil
I agree with methylated_spirit.
No need to make such a big issue out of this, just trust that the Webmaster knows what he is doing.
Posted by Residentevil
It is not like that there are a load of cc numbers or other valuable targets on the Esato server.
Posted by Lynx69
I would only accept emails from the email Laffen has emailed me from before and also the one Tranquil has emailed me through.
Purely because i know that they are 'proper' email addresses
Posted by knight4led
the main point is that its a message board not a site like Amazon. I would be upset if it went down, but I wouldn't be scared that all my info would be in the hands of evil men. Unfortunately technology will never catch up to hackers. Just exercise good judgement here like you would anywhere else.