Site got hacked
Moderator: Moderators
- otseng
- Savant
- Posts: 20520
- Joined: Thu Jan 15, 2004 1:16 pm
- Location: Atlanta, GA
- Has thanked: 197 times
- Been thanked: 337 times
- Contact:
Site got hacked
Post #1The site experienced its first major hack this morning around 7 AM (EST). All the posts got corrupted and forum settings were modified. I have restored the site to the last monthly backup. So, unfortunately, all posts and new members since Aug 9 are lost. I'm currently trying to figure out how the hacker got in. In the meantime, the site might continue to experience problems until a patch is done.
Last edited by otseng on Thu Sep 20, 2007 4:25 pm, edited 1 time in total.
-
- Newbie
- Posts: 1
- Joined: Sat Sep 08, 2007 12:45 pm
Post #51
cyber-nigger did the damage yesterday, i had nothing to do with it.
all i did was log in through an exploit found on www.milw0rm.com/exploits/4346 (which has now been fixed apparently so well done).
I changed your description to a notice telling you to use a VBulletin forum because the new one does not have any vulnerabilities. I've read the posts people have made and you have been wondering why people are hacking you and not helping to improve the site. Well, that was what I did wasn't it? Suggest a way to improve? And I told you how I got in and you fixed it. As far as I am concerned, I have helped you. As for cyber-nigger, well, I can't speak for him.
If you want more help with your security, unban my ip and we can chat ok?
all i did was log in through an exploit found on www.milw0rm.com/exploits/4346 (which has now been fixed apparently so well done).
I changed your description to a notice telling you to use a VBulletin forum because the new one does not have any vulnerabilities. I've read the posts people have made and you have been wondering why people are hacking you and not helping to improve the site. Well, that was what I did wasn't it? Suggest a way to improve? And I told you how I got in and you fixed it. As far as I am concerned, I have helped you. As for cyber-nigger, well, I can't speak for him.
If you want more help with your security, unban my ip and we can chat ok?
- Vladd44
- Sage
- Posts: 571
- Joined: Mon Jan 03, 2005 10:58 am
- Location: Climbing out of your Moms bedroom window.
- Contact:
Post #52
It is inevitable in any popular option. They often focus on phpbb forums simply because they are incredibly popular...and they are popular bc overall its a really comprehensive package.Otseng wrote:Unfortunately, with the way phpBB (and the mods) are written, there will be a chance of vulnerabilities.
With otseng's admin access he could have easily sent an global email without having useful access to the actual info.katiej49 wrote:i received a threatening email from the hacker....evidently he got access to our email addys....
Phpbb built in backup options have always been subpar, but without knowing exactly what mods etc otseng has in place, it could have been possible for him to get that info as well, hopefully no one used a credit card number as their email address .
When I was a child, I spake as a child, I understood as a child, I thought as a child: but when I became a man, I put away childish things.[GOD] ‑ 1 Cor 13:11
WinMX, BitTorrent and other p2p issues go to http://vladd44.com
WinMX, BitTorrent and other p2p issues go to http://vladd44.com
- Vladd44
- Sage
- Posts: 571
- Joined: Mon Jan 03, 2005 10:58 am
- Location: Climbing out of your Moms bedroom window.
- Contact:
Post #53
yes, it deducted them from my account.Myth wrote:I actually noticed that my token count jumped from 20 or so to over 800, so the token transfer must have occurred.
When I was a child, I spake as a child, I understood as a child, I thought as a child: but when I became a man, I put away childish things.[GOD] ‑ 1 Cor 13:11
WinMX, BitTorrent and other p2p issues go to http://vladd44.com
WinMX, BitTorrent and other p2p issues go to http://vladd44.com
- alexjohnc3
- Student
- Posts: 11
- Joined: Fri Apr 06, 2007 10:38 pm
Re: Hacker emailed me
Post #54That was sent to everyone on the forum, which should be obvious.siriusday wrote:This hacker emailed me so i think he does have personal information on users at your site. I have not used this site that much, nevertheless i do make it a habit not to add much personal information to forum sites.
- otseng
- Savant
- Posts: 20520
- Joined: Thu Jan 15, 2004 1:16 pm
- Location: Atlanta, GA
- Has thanked: 197 times
- Been thanked: 337 times
- Contact:
Post #55
Help me? Right. I had to figure out what you did on my own.Come In Peace wrote:cyber-nigger did the damage yesterday, i had nothing to do with it.
all i did was log in through an exploit found on www.milw0rm.com/exploits/4346 (which has now been fixed apparently so well done).
I changed your description to a notice telling you to use a VBulletin forum because the new one does not have any vulnerabilities. I've read the posts people have made and you have been wondering why people are hacking you and not helping to improve the site. Well, that was what I did wasn't it? Suggest a way to improve? And I told you how I got in and you fixed it. As far as I am concerned, I have helped you. As for cyber-nigger, well, I can't speak for him.
If you want more help with your security, unban my ip and we can chat ok?
For those in the future who do see a vulnerability, send a PM to me and tell me about it privately. If anyone fiddles around with any of the settings, screw up posts, hack into another account, shut down the forum, or any other such nonsense, your IP will get permanently banned and reported to the authorities.
- alexjohnc3
- Student
- Posts: 11
- Joined: Fri Apr 06, 2007 10:38 pm
Post #56
I'd imagine they'd use a proxy server or something else to hide their real IP. I don't know, it just seems far too stupid.
- justifyothers
- Site Supporter
- Posts: 1764
- Joined: Fri May 04, 2007 4:14 pm
- Location: Virginia, US
- Been thanked: 1 time
Re: Site got hacked
Post #57Did anyone else recieve an e-mail from this guy? My husband & I did - but we didn't open them.otseng wrote:The site experienced its first major hack this morning around 7 AM (EST). All the posts got corrupted and forum settings were modified. I have restored the site to the last monthly backup. So, unfortunately, all posts and new members since Aug 9 are lost. I'm currently trying to figure out how the hacker got in. In the meantime, the site might continue to experience problems until a patch is done.
- alexjohnc3
- Student
- Posts: 11
- Joined: Fri Apr 06, 2007 10:38 pm
Re: Site got hacked
Post #58Read the thread before posting. Seriously.justifyothers wrote:Did anyone else recieve an e-mail from this guy? My husband & I did - but we didn't open them.otseng wrote:The site experienced its first major hack this morning around 7 AM (EST). All the posts got corrupted and forum settings were modified. I have restored the site to the last monthly backup. So, unfortunately, all posts and new members since Aug 9 are lost. I'm currently trying to figure out how the hacker got in. In the meantime, the site might continue to experience problems until a patch is done.
- Cathar1950
- Site Supporter
- Posts: 10503
- Joined: Sun Feb 13, 2005 12:12 pm
- Location: Michigan(616)
- Been thanked: 2 times
Post #59
It looks like I might have lost my membership in one of the groups but I think I can get back in when it get back.
I didn't get any funny email, just sites that didn't exist.
I think I have all my token but I don't recall how many I had so some could be missing from the last month for all I know.
I guess I need to take better track of my tokens.
In my demise game I think there has been some stealing going on but I can't prove it.
But I got one good warror and three nutral theives in the group.
Things do happen.
I didn't get any funny email, just sites that didn't exist.
I think I have all my token but I don't recall how many I had so some could be missing from the last month for all I know.
I guess I need to take better track of my tokens.
In my demise game I think there has been some stealing going on but I can't prove it.
But I got one good warror and three nutral theives in the group.
Things do happen.
Post #60
I opened the email, as apparently many others also did. I didn't click on anything in the email though. Can anything bad come from simply opening an email? I've never been sure of that. I don't know too much about computers...