BMFA classified has been hacked

[..]

Still no classifieds ? Wow this is taking some time to fix.

[Masher]

Posted by Justin K. on 19/01/2015 13:13:46:

Still no classifieds ? Wow this is taking some time to fix.

A good thing, it's saved me lots of money

[Stevo]

Well if ebay hacked it would save my relationship...

Perhaps they are rewriting it so it runs faster. Some hope.

[BSR]

I agree! I bet they are refining... looking at their market research and user tracking information and only then improving the site to reflect it's popularity... second surely to paying to get into the NATS? Watch this space!

[Cuban8]

Just as a matter of interest, but what makes a website vulnerable? Obviously I'm not suggesting we start a 'beginners guide to hacking' but perhaps someone (talking in the broadest of terms of course) could give us an idea of how these people operate. If I forget the password to a site then I'm stuck and wouldn't have a clue how to circumvent it.

[Dave Hopkin]

Posted by Cuban8 on 20/01/2015 11:12:34:

Just as a matter of interest, but what makes a website vulnerable? Obviously I'm not suggesting we start a 'beginners guide to hacking' but perhaps someone (talking in the broadest of terms of course) could give us an idea of how these people operate. If I forget the password to a site then I'm stuck and wouldn't have a clue how to circumvent it.

Its not specifically the website thats vulnerable, much more commonly its the server/server farm that hosts the website that is targetted - The Server Operaring System and Cluster Control Software are extremely complex and as such always contain weaknesses and flaws even some trapdoor entry points, Operating System get very frequent security updates (patches) applied to close off flaws as they are detected, but its a game of cat and mouse - Most website attacks use hacker programs to try out millions of password combinations one after the other till they find a correct one

[Tomtom39]

I had the occasion to ring the BMFA on another issue and asked about the website. I understand that they are pretty much having to start from scratch and may take some time to get it sorted and working.

This has really cheesed me off as it was the nearest thing to "retail therapy" for me. Ah well, back to shoes and handbags!

[Euan galloway 1]

Still no BMFA ads site , anyone got any idea when it will be up and running ?? as I I have lots to list ?

cheers Euan.

[Matt Jones]

Euan, maybe ask the BMFA themselves? Radical I know....

[Masher]

Why not use the classifieds section on this site if you're desperate?

[Paul Marsh]

I wouldn't - last time I did, I started to get spam from dubious sources and bogus offers. Best thing is put it on ebay, get more coverage and more likely to sell and on ebay, at least buyers/sellers are verified before they can do their wares.

[Andy Green]

Looks like the BMFA have pulled the plug on the old classifieds, and are about to launch a new version.

Scant details here.

Andy

[Dave Hopkin]

I would guess the hosting company were not keeping adequate back ups for recovery purposes - or the SLA the BMFA had in place didnt specify these were to be done at sufficiently timely intervals - hence either no recovery is possible or it would be so far out of date that its not viable

Hence the "new classified section" - wuite possibly hosted by the same company that runs the main BMFA website

[..]

Well found Andy, lets hope its just a new web format & the actual way it works stays the same.

[G-YRUS]

This all sounds like any group of flyers if you observe the characters. Hackers and patchers, some with control group clusters and even trapdoors. Many with server and signal issues. Doesn't it all sound so familiar? Even those who seem to always be the target and cat and mouse in the circuit on busy days.

[Stevo]

Yes it was due a revamp and I guess this has forced their hand. Although Dave Has a point re: backups etc - it should have been restored very quickly if only a few hours out of date!

I wish it well and I look forward to SPEEDY searches, not waiting 25-30s sometimes

[Former Member]

[This posting has been removed]

[Stevo]

So do I -I got some real great bargains from there,Unused Laser 70 (new model) £90, un-run Saito 72, £95...

But 3 weeks? as you say, thankfully it's not a business...

Noodling around, the old BMFA Classifieds website address seems to be hosted in Germany, by 1and1. The current BMFA address traces to Nebraska!

Edited By Stevo on 30/01/2015 17:11:39

[Steve T]

As a bit of a boring nerdy Compooter type, yes this is now far too seriously long enough. I am well aware of the damage caused by this type of hacking but also after it happened to a company in Nigeria of all places, we were back up and running in 72 hours....not days ! This was a lan system with over 15000 profiles.

[Biggles' Elder Brother - Moderator]

Posted by Steve T on 01/02/2015 14:26:03:

we were back up and running in 72 hours....not days !

Erm,....72 hours is,..... 3 days?

BEB

[Paul Marsh]

I think they are making it so only BMFA registered users can buy and sell via the classifieds. This should make it less likely for someone to mess around with it.

I wouldn't bother anyway. Put it ebay, as its more than likely to sell.

[Allan Bowker]

I have just received a 'BMFA Style' email alert, just like the one I used to get from the BMFA Classifieds website, however the URL has changed!

:WARNING:
Be careful people, this could be a further scam and shouldn't be trusted until the official BMFA website has given its official stamp on its use.

www.bmfatraders.co.uk  -  Do not log in to this site with your username and password!

An email to the BMFA has been sent, alerting them to this site, asking them to update their official page to confirm if this site is legitimate or not.

Edited By Allan Bowker on 02/02/2015 22:35:17

[Pete B]

That's wise, I think, Allan. I'd rather hope BMFA will make an announcement on the website, if only to inspire a bit of confidence in visiting that link..

Pete

[Phil Green]

bmfatraders has been registered with its current owner for 7 years, but the Isle of Man address sounds unlikely:

Domain name:
bmfatraders.co.uk

Registrant:
Modelnet

Registrant type:
Other UK Entity (e.g. clubs, associations, many universities)

Registrant's address:
22 Douglas St
Castletown
Isle of Man
IM9 1BD
United Kingdom

Data validation:
Registrant name and address awaiting validation

Registrar:
Webfusion Ltd t/a 123-reg [Tag = 123-REG]
URL: http://www.123-reg.co.uk

Relevant dates:
Registered on: 19-Mar-2008
Expiry date: 19-Mar-2018
Last updated: 01-Dec-2014

[WolstonFlyer]

I think it could be OK. bmfatraders.co.uk and the main bmfa.org and bmfa.co.uk are all registered to the same owner at the same address in the Isle of Man.