Amazon hack?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Post Reply
J-W43
Registered User
Posts: 71
Joined: Sun Jan 17, 2016 3:38 pm

Amazon hack?

Post by J-W43 »

I run a phpBB forum which is standard in that email addresses are hidden except from three administrators.

A member posted on a topic mentioning an unusual product. He has a username that doesn't include his real name and his email address isn't mentioned in any post.

A week later Amazon email him asking whether he wants to buy the product which is hardly ever mentioned on Google or anywhere else.

He naturally thinks that our forum has divulged his email address and Amazon have connected it with the unusual product in his post.

Administrators haven't published his email address so how has Amazon linked it to the post? Coincidence or some clever hacking?

Only last week I upgraded the forum software to 3.2.3. Has phpBB let in Amazon via some loophole?
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Amazon hack?

Post by david63 »

J-W43 wrote: Sat Oct 06, 2018 2:05 pm his email address isn't mentioned in any post.
Is that email address unique to his board account?

Has he visited Amazon looking for that product? I am always getting emails from Amazon about items I have shown a passing interest in!
J-W43 wrote: Sat Oct 06, 2018 2:05 pm Has phpBB let in Amazon via some loophole?
Very much doubt it - if this was possible there would have been a lot more complaints about it by now.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72329
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Amazon hack?

Post by KevC »

david63 wrote: Sat Oct 06, 2018 2:10 pm Has he visited Amazon looking for that product? I am always getting emails from Amazon about items I have shown a passing interest in!
Same here. If you're logged in to amazon and you look at something they almost always email you a few days later to remind you that you looked and that you might want to buy it. It's standard practice for them. That's by far the most likely explanation.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: Amazon hack?

Post by GanstaZ »

Usually authentic sites don't mail bs (offers) if you arn't their client/member, but if you are then it's as mentioned above or some spam/scam game play.
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
User avatar
Scanialady
Registered User
Posts: 421
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Amazon hack?

Post by Scanialady »

A few days ago I tested the effectiveness of an error page. For this purpose, I entered an address in the browser that does not exist on my page. The server log showed me the same call a minute later. From an address that belongs to Amazon. I did not visit Amazon and I was not logged in. But the start page of this browser offers various links (most browsers do so). For example, Amazon or Ebay. That's simple tracking.
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Amazon hack?

Post by 2600 »

Scanialady wrote: Sat Oct 06, 2018 5:27 pmFrom an address that belongs to Amazon.
Can you post that log entry please?

You say it came from Amazon?

Are you using AWS?

What browser and what add-ons are installed?
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Scanialady
Registered User
Posts: 421
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Amazon hack?

Post by Scanialady »

sure. My call:

Code: Select all

176.xxx.xxx.196 - - [01/Oct/2018:13:52:28 +0200] "GET /rhabarber HTTP/2.0" 404 1466 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0"
and a short while later...

Code: Select all

54.175.74.27 - - [01/Oct/2018:14:05:58 +0200] "GET /rhabarber HTTP/1.1" 404 1502 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25"

Code: Select all

CIDR:           54.160.0.0/12
NetName:        AMAZON-2011L
I don't know what "AWS" means - so I think: no
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Amazon hack?

Post by 2600 »

Now that is very, VERY odd. If you don't know what AWS is, then you aren't obviously using it. AWS is Amazon Web Services and allows you to host a website, a database and a plethora of other things.

But I see you're using Windows 10, and there in lies a possible issue. I'm not too sure about it, but try this once. Let your computer sit idle and run Smartsniff for a while. Do you see any Amazon IPs? https://www.nirsoft.net/utils/smsniff.html

What extensions do you have? Some where between you and the OP there must be a common denominator.

Edit-

The other possibility is that you have been hacked in some way. Especially given that you allow Amazon to connect to you at your site.

Now look here https://www.abuseipdb.com/check/54.175.74.27

You might have a malicious script or something. You're gonna have to get help from some Mod here I think. Also, read my Sig. It may help you.
Last edited by 2600 on Sun Oct 07, 2018 12:27 pm, edited 3 times in total.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Amazon hack?

Post by 2600 »

J-W43 wrote: Sat Oct 06, 2018 2:05 pm I run a phpBB forum which is standard in that email addresses are hidden except from three administrators.

A member posted on a topic mentioning an unusual product. He has a username that doesn't include his real name and his email address isn't mentioned in any post.

A week later Amazon email him asking whether he wants to buy the product which is hardly ever mentioned on Google or anywhere else.

He naturally thinks that our forum has divulged his email address and Amazon have connected it with the unusual product in his post.

Administrators haven't published his email address so how has Amazon linked it to the post? Coincidence or some clever hacking?

Only last week I upgraded the forum software to 3.2.3. Has phpBB let in Amazon via some loophole?

Is your user using Windows 10 by chance?

There are in fact many ways to correlate what you visit with cookies, invisible cookies and HTML5 data. So if the user shared an Amazon product and once the post loaded it fetched that product on his computer. There by triggering Amazon to send him an email. That's my best guess.

"It's a brave new world out there. At least it better be."
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
Post Reply

Return to “phpBB Discussion”