• OK, it's on.
  • Please note that many, many Email Addresses used for spam, are not accepted at registration. Select a respectable Free email.
  • Done now. Domine miserere nobis.

Forum Hack

ProxyAmenRa

Here to bring back the love!
Local time
Today 12:49 PM
Joined
Sep 30, 2009
Messages
4,668
-->
Location
Australia
Well, that was interesting. Someone tore down a wallpaper.
 

Duxwing

I've Overcome Existential Despair
Local time
Yesterday 10:49 PM
Joined
Sep 9, 2012
Messages
3,783
-->
Indeed. What a strange event. I wonder what they wanted with us.

-Duxwing
 

ProxyAmenRa

Here to bring back the love!
Local time
Today 12:49 PM
Joined
Sep 30, 2009
Messages
4,668
-->
Location
Australia
Indeed. What a strange event. I wonder what they wanted with us.

-Duxwing

This forum is targeted around once per year. Probably some old members pissed off that they were banned.
 

BigApplePi

Banned
Local time
Yesterday 10:49 PM
Joined
Jan 8, 2010
Messages
8,984
-->
Location
New York City (The Big Apple) & State
This forum is targeted around once per year. Probably some old members pissed off that they were banned.
It's a conspiracy with a trigger where the Earth comes 'round to a certain point.
 

Ragnar

A Master From Germany
Local time
Today 2:49 AM
Joined
Jul 8, 2007
Messages
443
-->
Location
Where The Snakes Are
I'm looking into it; and have turned the place back on for now. Not having been here I don't know what the symptoms were, but turning the forum off was absolutely the right thing to do.


There seems no evidence left in the back-end: but it gave us a chance to repair the database.
 

Duxwing

I've Overcome Existential Despair
Local time
Yesterday 10:49 PM
Joined
Sep 9, 2012
Messages
3,783
-->
I'm looking into it; and have turned the place back on for now. Not having been here I don't know what the symptoms were, but turning the forum off was absolutely the right thing to do.


There seems no evidence left in the back-end: but it gave us a chance to repair the database.

Three cheers for the sysadmins!

-Duxwing
 

Architect

Professional INTP
Local time
Yesterday 8:49 PM
Joined
Dec 25, 2010
Messages
6,691
-->
Loved it, but thanks for fixing.
 

Wolf18

a who
Local time
Today 2:49 AM
Joined
Dec 24, 2012
Messages
575
-->
Location
Far away from All This
I've been bored for days on end. Thanks for taking care of this.

Duxwing, I doubt they wanted anything. It was p0wersurge, a hacker group. Then again, I hope no one had any important personal information on here.

SW
 

Duxwing

I've Overcome Existential Despair
Local time
Yesterday 10:49 PM
Joined
Sep 9, 2012
Messages
3,783
-->
I've been bored for days on end. Thanks for taking care of this.

Duxwing, I doubt they wanted anything. It was p0wersurge, a hacker group. Then again, I hope no one had any important personal information on here.

SW

The payoff from a typology forum DoS seems such a tiny bang for so much work. Also, I've tried researching them, but nothing's come up. Do you anything more about them?

-Duxwing
 

TheScornedReflex

(Per) Version of a truth.
Local time
Today 3:49 PM
Joined
Dec 9, 2012
Messages
1,946
-->
And the mighty overlord reveals himself.. What a week.
 

C.Hecker88

Lily of the Valley
Local time
Yesterday 9:49 PM
Joined
Mar 14, 2013
Messages
346
-->
Location
Space
I'm looking into it; and have turned the place back on for now. Not having been here I don't know what the symptoms were, but turning the forum off was absolutely the right thing to do.


There seems no evidence left in the back-end: but it gave us a chance to repair the database.

Hello Ragnar.

Whatever happened, I'm glad that it's all back to normal. I was beginning to go quite mad without my procrastination fix.
 

pjoa09

dopaminergic
Local time
Today 9:49 AM
Joined
Feb 9, 2010
Messages
1,857
-->
Location
th
I'm looking into it; and have turned the place back on for now. Not having been here I don't know what the symptoms were, but turning the forum off was absolutely the right thing to do.


There seems no evidence left in the back-end: but it gave us a chance to repair the database.
@Ragnar

murd3r requested to update the forum and remove ibProArcade or something.

I kinda agree.

I don't know if that was the motive of the hack.
 

Kuu

>>Loading
Local time
Yesterday 8:49 PM
Joined
Jun 7, 2008
Messages
3,409
-->
Location
The wired
murd3r requested to update the forum and remove ibProArcade or something.

Where exactly was this request made, if I may so inquire?

It does seem there's an exploit in the arcade plugin, so I've put it in the rubbish bin. :rip:

Motivation? Probably just because they could. For the lulz.
 

walfin

Democrazy
Local time
Today 10:49 AM
Joined
Mar 3, 2008
Messages
2,436
-->
Location
/dev/null
Anyone made a screenshot of the kitty?
 

Affinity

Active Member
Local time
Yesterday 8:49 PM
Joined
Apr 17, 2011
Messages
319
-->
Location
SLC
Cute dancing kitty and elegant electronic music. It was not a bad sojourn.
 

bartoli

Member
Local time
Today 3:49 AM
Joined
Jan 5, 2013
Messages
70
-->
Location
France
Also, while the forum was down, i found an old version of INTPf on the web still running. Time to close this one? http://199.193.247.39/
I think the cat was just in the javascript of the page if someone still has it in history. Or it is apparently available if you register on the hackers' forum
 

pjoa09

dopaminergic
Local time
Today 9:49 AM
Joined
Feb 9, 2010
Messages
1,857
-->
Location
th
Where exactly was this request made, if I may so inquire?

It does seem there's an exploit in the arcade plugin, so I've put it in the rubbish bin. :rip:

Motivation? Probably just because they could. For the lulz.
@Kuu
Honest.

I made an account at p0wersurge and I pmed murd3r, he then sent me a rather short pm in return. Unfortunately, in the midst of a hastily made complicated password that I forgot and still can't recover even after successfully requesting for it on my email, I can't access that pm anymore.

Yeah, I think it was for the lulz. I made a query search and saw that intpf was on the top 10 or 15 exploitable forums. I believe mostly because its dated.

I am pretty damn sure a couple of INTPs got an account on that website.

So I guess that was the motivation. Cool site though.
 

Cognisant

Prolific Member
Local time
Yesterday 3:49 PM
Joined
Dec 12, 2009
Messages
10,559
-->
I was insulted that their forum called me a noob for not using one of the two operating systems they prefer, I use an ipad for general browsing precisely because they're hard to hack in to, I can't help but wonder what kind of moron would actually take that advice.

Furthermore it's been suggested to me that long outages like this may convince longstanding members who are already thinking of leaving into actually doing so.

Not happy.
(not directed at Ragnar)
 

BigApplePi

Banned
Local time
Yesterday 10:49 PM
Joined
Jan 8, 2010
Messages
8,984
-->
Location
New York City (The Big Apple) & State
Furthermore it's been suggested to me that long outages like this may convince longstanding members who are already thinking of leaving into actually doing so.
Attention:
If you are a longstanding member thinking of leaving, you are to immediately stop thinking. Pour your feelings out to Cognisant first.

If Cognisant is unable to turn you around, your status as a longstanding member will be terminated and you will be demoted to member emeritus.

Intermediate-standing members will be promoted to longstanding members with or without their permission and will replace you. All positions will be filled as vacuums are not to be tolerated.
 

Ragnar

A Master From Germany
Local time
Today 2:49 AM
Joined
Jul 8, 2007
Messages
443
-->
Location
Where The Snakes Are
Also, while the forum was down, i found an old version of INTPf on the web still running. Time to close this one? http://199.193.247.39/


Strange, and slightly peculiar.

Hostspy is down at this moment, so I can't see anything about it; but the ip is nearly the same as this one's. It is as if our hosts have released an old back-up into the wild blue yonder. Which is unlikely --- however I can't see why anyone would waste hosting on a permanently inactive mirror.



Yeah, I think it was for the lulz. I made a query search and saw that intpf was on the top 10 or 15 exploitable forums. I believe mostly because its dated.
I doubt if it is among the most exploitable forums; just that the author of that 35 list ( which is to be seen in Google cache --- note: now to use Google cache, you press the green down button at the end of the url ) targeted it and the others *. And published the hashes. The list includes vBulletin 4.2; however even vBulletin 5.0 released this year has sql exploits. Plenty of bigger sites still run on 3.x.x, such as The Straight Dope.


* I must say they mostly seem innocuous: one of them is this wildlife forum: http://redtailboa.net/forums/


It was probably the Arcade vulnerability; but I am getting more sceptical of php itself every tear...
 

The Gopher

President
Local time
Today 1:49 PM
Joined
Aug 26, 2010
Messages
4,671
-->
Nobody is allowed to leave without telling me first.
 

BigApplePi

Banned
Local time
Yesterday 10:49 PM
Joined
Jan 8, 2010
Messages
8,984
-->
Location
New York City (The Big Apple) & State
Nobody is allowed to leave without telling me first.
If you dare to leave wo notifying Gopher, you may be subject to silencing followed by ostracism.
 

Ragnar

A Master From Germany
Local time
Today 2:49 AM
Joined
Jul 8, 2007
Messages
443
-->
Location
Where The Snakes Are
Well, something went wrong: Five modifications needed updating, but one the translator of yore was long gone: so 4: updated them and added Tapatalk, and I couldn't post...

Uninstalled Tapatalk, same thing. Turned off 2 of them just upgraded ( template modification & advanced user tagging ) and it works again.

So you can't tag if ever you did.



Basically, everyone has the mantra: upgrade; then when you do it stops working. Doesn't stop them telling you to keep the upgrade as anyone ever on a Mozilla or Wordpress help forum can notice.
 
Local time
Today 2:49 AM
Joined
Jan 7, 2012
Messages
5,022
-->
It was for teh lullz/to gain merit.

Specifically, via ProxieZ: http://www.p0wersurge.com/forums/introductions/7662-thd.html

"I know exactly what your problem is, and how it was exploited, PM me and I will be more than happy to help you out, since you asked. I have reverted your index.php back to normal already and deleted the shells/arcade.php which was the exploited file.

There is a known SQLi in the ibProArcade 2.7.1+, that was coded by MrZeropage, however there are updated versions you can get if you have a vBulletin license, which you do. Best luck fixing up your forum!"

vBulletin vulnerability
 
Local time
Today 2:49 AM
Joined
Jan 7, 2012
Messages
5,022
-->
Overall the p0wersurge peeps seem fairly amiable, and I like their functional skillset and collective potential, so... :angel:
 

Ragnar

A Master From Germany
Local time
Today 2:49 AM
Joined
Jul 8, 2007
Messages
443
-->
Location
Where The Snakes Are
Well, thank them for me. Not for the hack; but for being OK afterwards.


:D:D


The Arcade has been updated, but now I don't trust it anyway.
 

Oedipus

Jerk
Local time
Today 2:49 AM
Joined
Jun 13, 2011
Messages
334
-->
Location
Scotland
What was the song that the kitty danced to?
 

Oedipus

Jerk
Local time
Today 2:49 AM
Joined
Jun 13, 2011
Messages
334
-->
Location
Scotland
I had to keep coming here to listen to it.
 

Redfire

and Blood
Local time
Today 2:49 AM
Joined
Jan 10, 2011
Messages
422
-->
But wasn't the cat turning around? I think Jenny posted the same cat with a different dance.

The song is awesome. All in all it was a good experience :P
 

Redfire

and Blood
Local time
Today 2:49 AM
Joined
Jan 10, 2011
Messages
422
-->
That's just the album's six songs all in a row I think.
 

Ink

Well-Known Member
Local time
Today 3:49 AM
Joined
Jan 26, 2012
Messages
926
-->
Location
svealand
So did they get any "vulnerable information" or not?
 

Ragnar

A Master From Germany
Local time
Today 2:49 AM
Joined
Jul 8, 2007
Messages
443
-->
Location
Where The Snakes Are
They already had the vulnerable information, which was a leak in the Arcade software which enabled some person to publish the hashes of admin access on the internet, which meant the hackers could change some stuff temporarily. They weren't interested in member information --- hackers don't target users' accounts for obvious reasons: they target admins' accounts --- and really the only information anyone can gather in any forum, apart from access in the first place, is a member's email address and his/her password. And they can get most email addresses anyway from most people simply by making a post inviting people to email them for some alleged reward. Not that I think email lists have the value they might have had ten years ago, even for spamlords.

The Arcade is now patched, although were I them I would have left a backdoor, and it seems more of a prank than anything vicious. Admin passwords are changed and everyone ought to change their own password; but there is no danger or loss.

However I can say it will happen again: not from the same persons and not through the same leak; but simply because all websites are hackable and all forums will get hacked eventually. A couple of years back in 2011 they hacked the White House, Linux.org, Microsoft and others: in 2012 vbulletin.org was hacked causing members to be locked out awhile.



It's just like power-cuts: they are going to happen and any country's electricity supplier who guarantees there will never ever be interrupted power is lying.






And, of course, sometimes it's the power brokers themselves manipulating the power cuts, as with Enron, of blessed memory.


:angel::angel::angel:
 

Architect

Professional INTP
Local time
Yesterday 8:49 PM
Joined
Dec 25, 2010
Messages
6,691
-->
The best part is that it forced you to update the old forum software and now it supports Tapatalk
 

Duxwing

I've Overcome Existential Despair
Local time
Yesterday 10:49 PM
Joined
Sep 9, 2012
Messages
3,783
-->
The best part is that it forced you to update the old forum software and now it supports Tapatalk

Sounds like somebody was little bit displeased with the old order. :)

-Duxwing
 

Architect

Professional INTP
Local time
Yesterday 8:49 PM
Joined
Dec 25, 2010
Messages
6,691
-->
Sounds like somebody was little bit displeased with the old order.

I had nothing to do with the Forum hack. That's my story and I'm sticking to it.
 

Ragnar

A Master From Germany
Local time
Today 2:49 AM
Joined
Jul 8, 2007
Messages
443
-->
Location
Where The Snakes Are
The vBull remains the same version, just the four mods were updated. And I can't see any point in going to vBull 4 or 5, when it would be cheaper to go to something else such as XenForo --- and prolly a damn sight more secure. A forum conversion is not on the cards right now because of a/ cost and b/ the sorrow of losing installed mods; though I suppose people could live with the latter sadly enough...

It's rather the same with WordPress, each upgrade may make some plugins stop working, and wordpress.org has now begun warning that older plugins are old. The plugin developers stop supporting plugins eventually anyway. It's entropy, I tell you, entropy !




As for Tapatalk, I will make an announcement later, but I don't particularly understand it as I use an old Motorola, and I dunno if anyone actually uses it much; but it looked neat.


Also I think it costs about $3 as an app.







P.S Is that Robert E. Lee ?
 
Top Bottom