Amazon hack?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
Post Reply
J-W43
Registered User
Posts: 49
Joined: Sun Jan 17, 2016 3:38 pm

Amazon hack?

Post by J-W43 » Sat Oct 06, 2018 2:05 pm

I run a phpBB forum which is standard in that email addresses are hidden except from three administrators.

A member posted on a topic mentioning an unusual product. He has a username that doesn't include his real name and his email address isn't mentioned in any post.

A week later Amazon email him asking whether he wants to buy the product which is hardly ever mentioned on Google or anywhere else.

He naturally thinks that our forum has divulged his email address and Amazon have connected it with the unusual product in his post.

Administrators haven't published his email address so how has Amazon linked it to the post? Coincidence or some clever hacking?

Only last week I upgraded the forum software to 3.2.3. Has phpBB let in Amazon via some loophole?

User avatar
david63
Jr. Extension Validator
Posts: 14723
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Amazon hack?

Post by david63 » Sat Oct 06, 2018 2:10 pm

J-W43 wrote:
Sat Oct 06, 2018 2:05 pm
his email address isn't mentioned in any post.
Is that email address unique to his board account?

Has he visited Amazon looking for that product? I am always getting emails from Amazon about items I have shown a passing interest in!
J-W43 wrote:
Sat Oct 06, 2018 2:05 pm
Has phpBB let in Amazon via some loophole?
Very much doubt it - if this was possible there would have been a lot more complaints about it by now.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
KevC
Support Team Member
Support Team Member
Posts: 68307
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Amazon hack?

Post by KevC » Sat Oct 06, 2018 2:19 pm

david63 wrote:
Sat Oct 06, 2018 2:10 pm
Has he visited Amazon looking for that product? I am always getting emails from Amazon about items I have shown a passing interest in!
Same here. If you're logged in to amazon and you look at something they almost always email you a few days later to remind you that you looked and that you might want to buy it. It's standard practice for them. That's by far the most likely explanation.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
GanstaZ
Registered User
Posts: 520
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: Amazon hack?

Post by GanstaZ » Sat Oct 06, 2018 2:48 pm

Usually authentic sites don't mail bs (offers) if you arn't their client/member, but if you are then it's as mentioned above or some spam/scam game play.
"When answer lies in the question,.. question becomes redundant!"

User avatar
Scanialady
Registered User
Posts: 207
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Amazon hack?

Post by Scanialady » Sat Oct 06, 2018 5:27 pm

A few days ago I tested the effectiveness of an error page. For this purpose, I entered an address in the browser that does not exist on my page. The server log showed me the same call a minute later. From an address that belongs to Amazon. I did not visit Amazon and I was not logged in. But the start page of this browser offers various links (most browsers do so). For example, Amazon or Ebay. That's simple tracking.
Webseite, Blog, Wiki
JV-Arcade / phpBB-Arcade / dmzx-Extensions Übersetzungsteam, andere deutsche Übersetzungen - german language files

User avatar
John connor
Registered User
Posts: 1772
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Amazon hack?

Post by John connor » Sun Oct 07, 2018 5:03 am

Scanialady wrote:
Sat Oct 06, 2018 5:27 pm
From an address that belongs to Amazon.
Can you post that log entry please?

You say it came from Amazon?

Are you using AWS?

What browser and what add-ons are installed?

User avatar
Scanialady
Registered User
Posts: 207
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Amazon hack?

Post by Scanialady » Sun Oct 07, 2018 10:21 am

sure. My call:

Code: Select all

176.xxx.xxx.196 - - [01/Oct/2018:13:52:28 +0200] "GET /rhabarber HTTP/2.0" 404 1466 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0"
and a short while later...

Code: Select all

54.175.74.27 - - [01/Oct/2018:14:05:58 +0200] "GET /rhabarber HTTP/1.1" 404 1502 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25"

Code: Select all

CIDR:           54.160.0.0/12
NetName:        AMAZON-2011L
I don't know what "AWS" means - so I think: no
Webseite, Blog, Wiki
JV-Arcade / phpBB-Arcade / dmzx-Extensions Übersetzungsteam, andere deutsche Übersetzungen - german language files

User avatar
John connor
Registered User
Posts: 1772
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Amazon hack?

Post by John connor » Sun Oct 07, 2018 12:14 pm

Now that is very, VERY odd. If you don't know what AWS is, then you aren't obviously using it. AWS is Amazon Web Services and allows you to host a website, a database and a plethora of other things.

But I see you're using Windows 10, and there in lies a possible issue. I'm not too sure about it, but try this once. Let your computer sit idle and run Smartsniff for a while. Do you see any Amazon IPs? https://www.nirsoft.net/utils/smsniff.html

What extensions do you have? Some where between you and the OP there must be a common denominator.

Edit-

The other possibility is that you have been hacked in some way. Especially given that you allow Amazon to connect to you at your site.

Now look here https://www.abuseipdb.com/check/54.175.74.27

You might have a malicious script or something. You're gonna have to get help from some Mod here I think. Also, read my Sig. It may help you.
Last edited by John connor on Sun Oct 07, 2018 12:27 pm, edited 3 times in total.

User avatar
John connor
Registered User
Posts: 1772
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Amazon hack?

Post by John connor » Sun Oct 07, 2018 12:18 pm

J-W43 wrote:
Sat Oct 06, 2018 2:05 pm
I run a phpBB forum which is standard in that email addresses are hidden except from three administrators.

A member posted on a topic mentioning an unusual product. He has a username that doesn't include his real name and his email address isn't mentioned in any post.

A week later Amazon email him asking whether he wants to buy the product which is hardly ever mentioned on Google or anywhere else.

He naturally thinks that our forum has divulged his email address and Amazon have connected it with the unusual product in his post.

Administrators haven't published his email address so how has Amazon linked it to the post? Coincidence or some clever hacking?

Only last week I upgraded the forum software to 3.2.3. Has phpBB let in Amazon via some loophole?

Is your user using Windows 10 by chance?

There are in fact many ways to correlate what you visit with cookies, invisible cookies and HTML5 data. So if the user shared an Amazon product and once the post loaded it fetched that product on his computer. There by triggering Amazon to send him an email. That's my best guess.

"It's a brave new world out there. At least it better be."

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: No registered users and 30 guests