Sciencemadness Discussion Board

The Forum Has Been Hacked

 Pages:  1  2

Polverone - 13-8-2014 at 13:17

You're called a script kiddie because of the script logs left by attempts to guess passwords for Lumen Christie, Facebook, and other organizations.

The vulnerability you exploited here was already public, though I suppose it is possible you discovered it independently: http://secunia.com/community/forum/thread/show/9946/xmb_cros...

Sadly, since XMB has fallen into disuse, there is no central development committee tracking bugs or working on bug fix releases any more. It will be up to me to fix our own copy of XMB.

[Edited on 8-13-2014 by Polverone]

forgotpassword - 13-8-2014 at 13:18

I am not sure where you are getting Kali Linux out of, I didn't even make use of it in this instance.
I do have remorse, perhaps I am not portraying it well within this text.
I was explaining my thought process behind this 'attack'.
I didn't mean any harm in fact I love this forum, it is full of great minds and ideas and the last thing I want is it gone.
Arkoma I have already apologised to you and I have apologised to Polverone in private and have supplied him with the knowledge needed to patch this and I will continue to do so like originally intended.

arkoma - 13-8-2014 at 13:24

Young Man, I sincerely hope that you have learned a valuable life lesson from this. Your credibility is now FOREVER suspect here, whatever your original intentions were.

Texium - 13-8-2014 at 13:25

Quote: Originally posted by forgotpassword  

I do have remorse, perhaps I am not portraying it well within this text.
I was explaining my thought process behind this 'attack'.
I didn't mean any harm in fact I love this forum, it is full of great minds and ideas and the last thing I want is it gone.
Arkoma I have already apologised to you and I have apologised to Polverone in private and have supplied him with the knowledge needed to patch this and I will continue to do so like originally intended.
I don't think that all of this apology after the fact of being caught is going to do you much good. The damage is already done, and you'll just have to accept that you blocked yourself out of this forum that you say you love. That's all on you.

The Volatile Chemist - 13-8-2014 at 13:28

Quote: Originally posted by zts16  
Quote: Originally posted by forgotpassword  

I do have remorse, perhaps I am not portraying it well within this text.
I was explaining my thought process behind this 'attack'.
I didn't mean any harm in fact I love this forum, it is full of great minds and ideas and the last thing I want is it gone.
Arkoma I have already apologised to you and I have apologised to Polverone in private and have supplied him with the knowledge needed to patch this and I will continue to do so like originally intended.
I don't think that all of this apology after the fact of being caught is going to do you much good. The damage is already done, and you'll just have to accept that you blocked yourself out of this forum that you say you love. That's all on you.

I agree. It was fun tracking you, etc. but now that the fun of the mystery is over, the damage must be tallied. And you are lacking. I vote ban... But wait, is forgotten password ACTUALLY manifest?

forgotpassword - 13-8-2014 at 13:29

Well I didn't really bother covering my tracks because I was doing it here and I was going to give myself up anyway, I didn't expect you to be so sharp.
You can also send U2U's on a users behalf.
Click here to see the code used
Click here to see it work to send me a U2U.

EDIT: Polverone has blocked my VPS's IP, it wont work but the code is still there.

No, my name is FORGOTpassword not FORGOTTENpassword.
He is innocent.

[Edited on 13-8-2014 by forgotpassword]

Texium - 13-8-2014 at 13:35

Quote: Originally posted by The Volatile Chemist  
I agree. It was fun tracking you, etc. but now that the fun of the mystery is over, the damage must be tallied. And you are lacking. I vote ban... But wait, is forgotten password ACTUALLY manifest?
As pointed out earlier, forgottenpassword is not an alternate account of Manifest, but an innocent and unrelated member, while forgotpassword is Manifest's alternate account. I would also vote ban, if there was a vote, because as arkoma said, his credibility is now forever in question.

DrAldehyde - 13-8-2014 at 13:42

I suggest doing a Google search of "how to apologize". You seem to be making some classic mistakes. Most people are pretty forgiving if you offer a sincere meaningful apology. Good luck to you.

Quote: Originally posted by forgotpassword  
Well I didn't really bother covering my tracks

forgotpassword - 13-8-2014 at 13:44

I have offered a meaningful apology 1 page ago.
You're taking me out of context I didn't cover my tracks because I was going to inform Polverone it was me anyway.

I sincerely hope it doesn't come to a ban as stated before I love this site.
I am also sincerely sorry for wasting Polverone's time and for wasting yours also.
I'm sure I might have made a few of you fear that your security was at risk so I am also very sorry for that.

[Edited on 13-8-2014 by forgotpassword]

Brain&Force - 13-8-2014 at 13:46

Also vote ban, ESPECIALLY because you deleted my posts and tricked zts16 into thinking I was faking it. And you sockpuppeted Mr_Magnesium - so you've also killed the credibilities of other members, at least temporarily.

forgotpassword - 13-8-2014 at 13:53

Well if that's your opinion I have got to respect that.

arkoma - 13-8-2014 at 13:59

ban

banhammer.jpg - 49kB

Making restitution

Polverone - 13-8-2014 at 14:01

If you want to get your account back, and you want the big page of evidence about what you've done to go away and not show up in search engine results, fix the CSRF vulnerability in XMB:

https://github.com/mattbernst/xmbforum

You write the fixes, I'll do the code reviews and merge your pull requests. Maybe someone has already fixed them in another fork/derivative of XMB I'm unaware of. I don't care if you crib from fixes written elsewhere, but the fixes must be merged into the version I've put up on github, since that's the version we are using on sciencemadness.

You can get a sanitized, virtualized version of the forum to use for populating a test database, and seeing how the configuration works, here: https://www.sciencemadness.org/whisper/viewthread.php?tid=12...

If you aren't fluent with PHP or git now is a great time to learn.

HeYBrO - 13-8-2014 at 14:03

I have my account back. Thanks woelen and Polverone.

forgotpassword - 13-8-2014 at 14:03

Okay, but I feel I am better to this forum unbanned than banned, I am a genuine user, I have 229 posts.
What I feel are high quality posts.
If I came here to hack or be a nuisance I wouldn't post 229 times.

arkoma - 13-8-2014 at 14:06

QUIT JUSTIFYING AND GET BUSY CODING

forgotpassword - 13-8-2014 at 14:06

Will do sir.

gdflp - 13-8-2014 at 14:07

Quote: Originally posted by forgotpassword  
Okay, but I feel I am better to this forum unbanned than banned, I am a genuine user, I have 229 posts.
What I feel are high quality posts.
If I came here to hack or be a nuisance I wouldn't post 229 times.


Obviously the forum, including me, disagrees.

arkoma - 13-8-2014 at 14:08

You obviously have the talent.........use it PRODUCTIVELY as Polv has so graciously allowed

Polverone - 13-8-2014 at 14:12

No, a new backup drive is cheap. I want restitution in kind. And the restitution process will improve Manifest's skills for legal employment in software development, so win/win.

arkoma - 13-8-2014 at 14:13

Quote: Originally posted by Polverone  
No, a new backup drive is cheap. I want restitution in kind. And the restitution process will improve Manifest's skills for legal employment in software development, so win/win.


King Solomon could not do better IMHO

edit--messed up quote

[Edited on 8-13-2014 by arkoma]

WGTR - 13-8-2014 at 14:20

I crafted this exquisite masterpiece of a post, and then realized it was already a page out of date when I posted it. This thread is moving fast (or maybe I'm just slow).

adamsium - 13-8-2014 at 16:14

Given that this is not the first time that Manifest has made a forum-related 'hack', it is rather difficult to accept his explanation.

See the IRC logs for what Manifest likes to do when he feels butthurt. (hint: he likes to launch DoS attacks in a feeble attempt to display some sort of 'superiority').

Regardless, let's hope he actually does something useful now and properly patches the vulnerability.

elementcollector1 - 13-8-2014 at 16:34

Polverone, I hate to give you more work after what you've been through, but I hope you double- and triple-check Manifest's fix - it would not surprise me if he left additional back doors somewhere to cause even worse damage.

APO - 13-8-2014 at 20:48

Seconded, I definitely think that he'll just add security holes, rather than fix any. At most he would just hide them. He doesn't deserve a second chance in my opinion. Ban his IP address and freeze all his accounts.

arkoma - 13-8-2014 at 21:01

Look, I was/am as pissed off as anyone, BUT I BELIEVE IN REDEMPTION. Bored brilliant kids can get themselves in all sorts of trouble without really THINKING ABOUT WHAT THEY ARE DOING.

Ultimately, this board "belongs" to Polverone, and I for one think that he has arrived at a wise decision and it is HIS to make. This could very well be a turning point in that young man's (Manifests) life and I support trying to make it a turn for the better.

I am sure Polv and Woelen have/will make extra backups.

forgotpassword - 13-8-2014 at 21:06

I can assure you I will not balls this opportunity up, besides Polverone knows what he is doing, I have started the 'fix'
I don't know about a turning point in my life, but it will be a start in redeeming my dick actions.

APO - 14-8-2014 at 00:32

You're right arkoma. While I personally have lost all trust in forgotpassword/Manifest, completely banning him is not my decision, though it remains my advice.

Polverone, if you do go forward with your plan for forgotpassword/Manifest, please check his fix carefully.

Forgotpassword/Manifest, please stop being a script kiddie, stop under estimating us, and stop fucking up other peoples day because you're bored.

forgottenpassword - 14-8-2014 at 02:20

Quote: Originally posted by The Volatile Chemist  
I always knew forgottenpassword was was a malicious guy... Now I have proof...

I always knew that you were dyslexic, now I have proof!
To be fair, I do speak about chemistry with malice. :D
Dyslexics of the world, untie! :P

Brain&Force - 14-8-2014 at 09:22

PUBLIC NOTICE

If your account is still locked, contact me or zts16 on the Sciencemadness Wiki with your contact information and we will redirect it to Polverone.

The Volatile Chemist - 14-8-2014 at 12:35

Quote: Originally posted by forgottenpassword  
Quote: Originally posted by The Volatile Chemist  
I always knew forgottenpassword was was a malicious guy... Now I have proof...

I always knew that you were dyslexic, now I have proof!
To be fair, I do speak about chemistry with malice. :D
Dyslexics of the world, untie! :P


I'm so sorry..... :( Didn't mean to falsely accuse you! You just seemed a bit harsh. Sorry...


I don't think we should ban him, but his new design should (if he ever makes it) be held up for checking for three mo. He should certainly comment all his changes for 'why' he made the change.

Tdep - 14-8-2014 at 17:16

Good work Polverone for keeping the order. Most computer stuff goes over my head but I was not really impressed at this attack on basically innocent bystanders.

TheChemiKid - 15-8-2014 at 05:09

Thank you so much Polverone for fixing this huge problem and helping me regain control of my account.

DrAldehyde - 15-8-2014 at 07:10

Since the attack, I can't post to the site from my tablet. It could be something on my end, but there it is. I finally moved over to a regular PC to see if I had the same problem, and here I am posting away. On my tablet, the site seems fine, but when I try to post, I can't move the screen focus into the dialog box. There is also, something I had never noticed and that is a little dialog information box in the lower left corner. It shows page information and ends with the text about "typesetting math". On my PC that box eventually goes away, on tablet it stays, and the screen locks. I have cleared cache and all of that. Like I said, it could very well be something on my end. Messaging works fine.

Brain&Force - 15-8-2014 at 10:53

"Typesetting math" is the LaTeX system attempting to render any math text (such as the one in my mood.) What kind of tablet are you using? I use my (Android) phone sometimes when I post, and I do have issues with the text box not coming into focus.

Dornier 335A - 15-8-2014 at 11:30

Found this thread today. I probably should check other forum parts more regularly.
Anyway, a guy commented on one of my videos saying he wasn't able to register. Is that function blocked?
And are there still frozen members? I know DubaiAmateurRocketry still hasn't answered my U2U sent 11-8-2014; his last is from 10-8-2014. I can likely get his email address by contacting through Youtube or G+.

Loptr - 15-8-2014 at 11:44

Quote: Originally posted by Brain&Force  
"Typesetting math" is the LaTeX system attempting to render any math text (such as the one in my mood.) What kind of tablet are you using? I use my (Android) phone sometimes when I post, and I do have issues with the text box not coming into focus.


PI is wrong! :P

(or at least I think I have seen that formula before)

gdflp - 15-8-2014 at 11:46

Quote: Originally posted by Dornier 335A  
Found this thread today. I probably should check other forum parts more regularly.
Anyway, a guy commented on one of my videos saying he wasn't able to register. Is that function blocked?
And are there still frozen members? I know DubaiAmateurRocketry still hasn't answered my U2U sent 11-8-2014; his last is from 10-8-2014. I can likely get his email address by contacting through Youtube or G+.


His account was hacked, and he hasn't logged on since the attack so I would assume his account is still locked. I would get his e-mail and send it to either Polverone or woelen.

Dornier 335A - 15-8-2014 at 11:55

Yep, I just have to confirm that the email I think he has is indeed correct. I'll send it to an admin as soon as I know.

Zyklon-A - 15-8-2014 at 12:04

Quote: Originally posted by Dornier 335A  

Anyway, a guy commented on one of my videos saying he wasn't able to register. Is that function blocked?
And are there still frozen members?

No, apparently there have been problems with registering for a while.
For instance, I wanted another account, but was enable to register one for some reason.
Also, a member from another forum (that I was messaging) tried to register (I suggested him to) and he was unable as well.
I contacted Polverone, asking if we had done something wrong. He said:
Quote:

No, he didn't do anything wrong, it's just that a lot of mail providers still block all of our outgoing mail as spam since spammers temporarily took over our mail server last year. He will have to wait until the 24 hours are up, then tell him to register using a free account from mailinator.com and switch his password and email address after he's able to log in for the first time. Don't worry, mailinator doesn't require registration.

The member did the above, and it worked, so you could tell the guy who commented on your video that.

ganger631 - 15-8-2014 at 13:02

Thanks guys. I was the guy who commented on Dornier's video.

[Edited on 15-8-2014 by ganger631]

Zyklon-A - 15-8-2014 at 13:03

No problem. Welcome aboard!

ganger631 - 15-8-2014 at 13:08

Is there a section where i can ask general chemistry questions?

Zyklon-A - 15-8-2014 at 13:14

Yes. For general chemistry short questions, use the Short questions thread, for short Energetic materials questions, use The EM short questions thread, for any longer question that you feel deserves it's own thread, create a new thread in any of forums and sub-forums here.
Post in beginnings unless you can provide references.

DrAldehyde - 15-8-2014 at 14:53

Hmm, I disabled Java scripts on my Android tablet and everything is fine. Enable Javascripts causes things to lock up tight. Not just dialog box, full lock.

Polverone - 15-8-2014 at 16:24

DrAldehyde, it sounds like your Android tablet does not get along well with the Javascript MathJax library for rendering mathematical notation. I installed it a while ago and it also caused problems for member IrC, though he was running Windows 2000 and not Android. If you block the script loading from cdn.mathjax.org in your browser, perhaps with an extension (does Android Chrome have those?), you shouldn't experience the problem.

Brain&Force - 15-8-2014 at 16:47

That's weird. I can get the LaTeX to work fine on my Android phone. What version are you using?

The Volatile Chemist - 18-8-2014 at 09:31

Interesting... My old nokia N800 worked a while ago, is there any new scripts that were installed recently?

Brain&Force - 18-8-2014 at 09:52

AFAIK just the MathJax scripts and the openmolecules.org system.

DrAldehyde - 18-8-2014 at 10:03

I'm using Android 4.4.2 on a Samsung Galaxy. I have been using it for a couple of months, I'll search back and see when I last posted without a problem. Until my post mentioning the issue, I have never had a problem. Like I said, disabling Javascript for the site is a work around. I'll see if it works on my phone and will try it on my wifes iPad. Brain&Force, I do notice the equation in your mood, doesn't display properly when I can post, and displays properly when I can't.

MrHomeScientist - 19-8-2014 at 05:26

I got a message on YouTube from someone trying to register a new account here, but is unable to do so. He says he never received a confirmation email after registering. His account name is Trifaziux.

I thought this might be related to the blocking of accounts from the hacking attempt, so I posted this here. Any idea what might be going on?

Zyklon-A - 19-8-2014 at 05:52

MrHomeScientist , did you read this?
Quote: Originally posted by Zyklon-A  
Quote: Originally posted by Dornier 335A  

Anyway, a guy commented on one of my videos saying he wasn't able to register. Is that function blocked?
And are there still frozen members?

No, apparently there have been problems with registering for a while.
For instance, I wanted another account, but was enable to register one for some reason.
Also, a member from another forum (that I was messaging) tried to register (I suggested him to) and he was unable as well.
I contacted Polverone, asking if we had done something wrong. He said:
Quote:

No, he didn't do anything wrong, it's just that a lot of mail providers still block all of our outgoing mail as spam since spammers temporarily took over our mail server last year. He will have to wait until the 24 hours are up, then tell him to register using a free account from mailinator.com and switch his password and email address after he's able to log in for the first time. Don't worry, mailinator doesn't require registration.

The member did the above, and it worked, so you could tell the guy who commented on your video that.

MrHomeScientist - 19-8-2014 at 06:33

I did see that but had forgotten about it, whoops. I'll pass that along.

energetic.material - 19-8-2014 at 08:38

I had some trouble signing in a couple weeks ago. I emailed woolen and he reset my password. No problems since.

DrAldehyde - 19-8-2014 at 13:44

Brain&Force, that equation under your mood crashes my computer. I have been experimenting, with the problem. If you (B&F) have a post on the page I'm on, it locks up my tablet with the "typesetting math 100%" box remaing in the lower left. If there are no B&F posts on the page, all is fine. Just FYI, for the site admin, the workaround for me is simple. Carry on.

Mr_Magnesium - 19-8-2014 at 15:42

It is really nice to be back!

Thank you to everyone that helped me get my account back,

forgotpassword - 22-8-2014 at 04:17

I'm happy you retrieved your account and I'd like to apologise to you aswell, I posted nonsense on your account.
An update, I am still working, I don't know as much PHP as I used to and am learning up on it.
I have a lot of school work that is important, I need to get prepared as it's starting up in a week.

I'd like to take this opportunity to say that Polverone,



[Edited on 22-8-2014 by forgotpassword]

DrAldehyde - 22-8-2014 at 11:19

Quote: Originally posted by DrAldehyde  
Brain&Force, that equation under your mood crashes my computer. I have been experimenting, with the problem. If you (B&F) have a post on the page I'm on, it locks up my tablet with the "typesetting math 100%" box remaing in the lower left. If there are no B&F posts on the page, all is fine. Just FYI, for the site admin, the workaround for me is simple. Carry on.


All of my problems were solved by switching away from Chrome. Equations are displaying, no crashing, java activated, I'm good to go. I should have figured that one out sooner.

The Volatile Chemist - 3-9-2014 at 12:21

Yea, I'm not too fond of chrome. Does anyone know if this is the first time this forum has been attacked/hacked/tested in this manner?

Brain&Force - 3-9-2014 at 12:23

It's been hacked once before by some dude who was sockpuppeting accounts and accessing their passwords. It was a long time ago.

The Volatile Chemist - 3-9-2014 at 13:58

But that's it? Well, that's pretty great for how long this has been here, and how much traffic it gets.

numos - 13-9-2014 at 13:15

Well its nice to be back, but I do have a couple concerns I wish to share.

First, thank you everyone for so quickly finding the problem, I suppose that's the only reason I'm back here.

But while I was hacked I was unaware of it, I thought I had been banned or something of the sorts, and I also realized how difficult it is to contact SM externally. This is just a suggestion but I think SM would benefit from a "contact us" email. maybe a messaging system similar to how some companies get quotes? Like the registration page, give name, email, subject and leave a message.

I'm guessing this was partly realized when ZTS used the wiki as a form of contact, but I didn't find this thread until about a week ago, and for the greater part of the month I thought I had sleepwalked and posted something about psychoactives and then was banned.

arkoma - 17-9-2014 at 13:03

Quote: Originally posted by numos  
I thought I had sleepwalked and posted something about psychoactives and then was banned.


In my experience, that ain't sufficient reason tobe banned here, admonished MAYBE, banned, no.

Anyhow,how is manifest doing on the road to redemption? I've been on a (psychoactive) "vacation" LMFAO

packetforger - 18-9-2014 at 13:58

Just a wild guess, but someone potentially exploited (maliciously) an XSS vulnerability (there are several in the boards software, like the ability to embed <b>html</b> (I was going to use a script tag again there to illustrate the issue, but decided against it to avoid rising tensions. See the "testing forum features" thread where I discuss that threat) to hijack sessions and suchlike.

If the administrators want, someone here could probably arrange to get the site audited sometime for flaws. I would offer, but would need to have a long chat with work about extra-curricular activity and the legalities of all the things.

Anyway, total douchebag move on whomsoevers part that did this.

Brain&Force - 18-9-2014 at 15:10

Polverone noted that it was a CSRF vulnerability exploited by a hidden iframe. The kid who wrote the exploit (Manifest) is currently patching it.

packetforger - 18-9-2014 at 23:50

Quote: Originally posted by Brain&Force  
Polverone noted that it was a CSRF vulnerability exploited by a hidden iframe. The kid who wrote the exploit (Manifest) is currently patching it.


Dare I suggest we disable HTML posting as well as enabling the CSRF protections to prevent this kind of exploit from happening in future? The easiest vector to get a CSRF payload into a users browser is probably to embed an invisible iFrame via a HTML posting sent via forum post or (possibly) U2U message.

Still, at least the kid is helping to fix it. I know when I was an idiotic youngun I probably would have not been so mature as to go help fix the problem!

lullu - 19-9-2014 at 03:15

I would recommend using noscript when browsing this board.

plante1999 - 19-9-2014 at 13:58

I got Hacked (again) My email adresse and birthdate have been changed, or so I think.

The Volatile Chemist - 21-9-2014 at 11:07

Really? Sure about that?

plante1999 - 21-9-2014 at 11:19

Not 100%, I may have forgot to change my info back, but there was a weird email and the famous 1980 birth year.

Argentum - 25-9-2014 at 12:23

Something strange

As I read in a polverone's post, it looks like manifest (the hacker) posted a link in a post in this forum, and that triggered something and the ones who clicked that link were stolen

I just entered in Chemistry in General section and I saw a post with a japanese name. I opened it and I saw a text in japanese too. I translated that text and, well, nothing about chemistry. Google translate did not really helped a lot, but it looks like a story about clocks or something like that. And the text is full of japanese links, that's why I remembered this.

Ah, the user registered yesterday (24-09-2014) and this is his only post is this. His name is "cfgJqLpmNdc", I think it does not mean anything in any language.

Maybe it was a strange joke...

Texium - 25-9-2014 at 13:44

Quote: Originally posted by Argentum  
Something strange

As I read in a polverone's post, it looks like manifest (the hacker) posted a link in a post in this forum, and that triggered something and the ones who clicked that link were stolen

I just entered in Chemistry in General section and I saw a post with a japanese name. I opened it and I saw a text in japanese too. I translated that text and, well, nothing about chemistry. Google translate did not really helped a lot, but it looks like a story about clocks or something like that. And the text is full of japanese links, that's why I remembered this.

Ah, the user registered yesterday (24-09-2014) and this is his only post is this. His name is "cfgJqLpmNdc", I think it does not mean anything in any language.

Maybe it was a strange joke...
That would be a spam post. They don't appear as often as they used to before the automatic deletion code was implemented, but they still slip through occasionally. They're basically harmless. If you see one, report it, and don't click on their links or reply to the post.

NOV:5 - 15-10-2014 at 18:01

That.....was.....flicking......beautiful....

Polverone, to track a guy back to Northern Ireland and expose his entire kit, and come within a hair of getting a picture of his face.. Wow.. Very nicely done.

diddi - 15-10-2014 at 19:02

could this be part of the problem with disappearing member accounts?

is there a lockout policy if password is entered incorrectly? I haven't checked to see. the icloud hack was due to a brute force attack cos there was no lockout policy.

[Edited on 16-10-2014 by diddi]

j_sum1 - 15-10-2014 at 21:27

Disappearing accounts like yours and mine are a separate issue. Malfunctioning script that was supposed to autodelet spam. Polverone said he fixed the bug and apologised.

Registration issues are another. I tried to register several times over a space of a couple of months before I finally got in. Not sure what the issue was then.

Hacking is a third issue and spam a fourth. Nothing much to add here.
 Pages:  1  2