Sciencemadness Discussion Board - Sciencemadness hax0red!

Sciencemadness hax0red!

Polverone - 7-4-2004 at 08:25

Today I went to log in to sciencemadness and I had to give my username/password (normally I stay logged in almost all the time). The login briefly redirected me to http://www.evelin29.com/images/boardscimad.php, which quickly brought me here. Now why would a maker of tea, located in Bulgaria with administrative contacts in Hong Kong, be involved with the login process for Sciencemadness?

I get the feeling that SM may have been the victim of some sort of hack. Passwords may have been compromised. I will let you know more as soon as I learn more.

Quantum - 7-4-2004 at 08:30

The same thing happened to me at 12:28PM eastern time! Could be that all passwords are being sniffed through that server!

God damn hackers runine it for everyone :mad:

Edit: I tried to go to the /images root but nothing happened. No server messages or anything. Then I tried /images/index.php and the only thing it said was

Blah

)))
http://www.evelin29.com/images/index.php
It makes my suspect that some one rooted evenlin and then used it to stage a password sniffing attack on us.

[Edited on 7-4-2004 by Quantum]

The aftermath

Polverone - 7-4-2004 at 17:32

You can still see the progress of my enlightenment at http://www.sciencemadness.org/warning.html. Being the good admin that I am, I redirected all board traffic to that warning page soon after I discovered the problem, using an .htaccess file in the directory. This no doubt saved many people from losing their passwords to the Mysterious Script Kiddie. Still, I would suggest that anyone who logged in during the last day change their password.

I saw the problem at around 9:00 AM Pacific Standard Time. There was no problem as of 8:00 PM last night. I estimate there was about a 12 hour window of vulnerability. Who was the first person to get the forced login?

thunderfvck - 7-4-2004 at 17:40

That really sucked. A whole afternoon without sciencemadness.

I recall having to log in this morning, at about...930 AM pacific.

So, you recommend changing passwords then? Will do. Is there any bad news for the people who use the same password for everything they need access to? Perhaps I shouldn't have said this out loud. So delete this post if I'm a retard.

Thanks a lot Polverone, for all the work you've put into repairing the board. I really appreciate it.

ROCK ON!

BromicAcid - 7-4-2004 at 17:47

Password changed, with such a speedy response and keeping us informed it makes me believe even more we should be paying you for this.

Some aftermath of recent events

The_Davster - 7-4-2004 at 17:57

First off, thanks Polverone for fixing this so quickly. But now that SM is back up and running I've noticed a few problems.
When I try to enter my U2U I get this message "Parse error: parse error in /home/sciencem/public_html/talk/u2u.php on line 35"
And I just noticed as I was posting this but near the top of the page under the box with the logo, where it usually shows your location within the threads here on SM it now says "Mad Science Discussion Board » Post ReplyPost Reply " instead of the usuall Mad Science Discussion Board » [category name] » [thread name] » post reply

Polverone - 7-4-2004 at 18:47

The U2U problem is very strange. You're correct. But this is the code as it was in the download of XMB 1.8 SP3. I copied it over just to make sure I hadn't (badly) manually patched it. I have posted a question about it on the XMB forum. I think I've fixed the double Post Reply message.

Edit: that too is fixed. The file in the download is wrong. So was the first "fix" I downloaded. Have these programmers ever heard of "testing?" :mad:

[Edited on 4-8-2004 by Polverone]

Quantum - 7-4-2004 at 21:45

The "View todays Posts" thing dosn't work at least not for me. All I see it a blank list.

I changed my password to something so long and complex that brute force will never crack it. Unless quantum computers are at the disposale of the crackers.

Polverone - 7-4-2004 at 23:23

It appears that Today's Posts works for me when I'm logged in as Polverone, but not logged in as an ordinary user or completely not-logged-in. There seem to be some sort of restrictions on who can view what in today.php. Let's give the XMB team another round of applause for their thorough testing!

Okay, let's see what happens if I let everyone see what administrators can see (with that tool).

Edit: evidently my PHP-fu is not strong enough to figure out how to let everyone run amok with the Today's Posts tool. It seems to work only for super administrators right now. I will ask the XMB developers how this might be fixed.

[Edited on 4-8-2004 by Polverone]

thunderfvck - 7-4-2004 at 23:33

I'm sorry, but I'm drunk now and quite aggitated as to what had happened earlier.

These tea drinking faggots, I mean really, what do they have to gain aside from PISSING us off? Sure, they get some passwords, and from that what? They can edit out posts, post a few crazy messages, possibly access our email, etc. Unless I'm missing some deeper meaning to all of this, it's quite pointless. These people really have nothing better to do than to make us upset.

And why sciencemadness? Is it simply because they are able to access the server or whatever, and so they can get some passwords? It's not like they're cracking into some pedophilic porno site in which they can make profit off of it or something. It's just information, chemistry.

I am quie angry over this. One reason being that I had posted a question in the beginners section in which I required a response in order to finish my assignment for school. Because of this I may lose 20%. haha. But enough of my self-centeredness, I am extremely grateful for Polverone's work. I mean this guy, seriously, if I had a wife or something, and he was in need of some action, I'd let him sleep with my wife. Honestly. Well maybe NOT....But you know what I mean. Seriously, Polverone, you are the man of men. You make Ghandi look like a herpies infected pedophile. You make Jesus look like a nympho mutant. You are a GOD. Thank you so much for bringing us back on track. And seriously, if you were to enforce a payment for the services you do on this site, I would surely pay. I don't think I could live without this site. Even though I don't post as much as some of the other members, and I don't take part in a lot of discussions, I still read, read, read. The information I gain from this site is priceless. Fuck textbooks. Just sign up to sciencemadness and you'll be a chemistry lord in no time. Well a bit of an exageration but I believe that a few years on this site, reading each post and absorbing it, will provide anyone with a firm knowledge of chemistry.

What I really love about this site is that it's not geared towards explosives/drugs. Much like the explosives & weapons forum, of the hive. This site is chemistry, all levels of it. And that's what I've been searching for ever since I've decided I was going to devote my life to chemistry. You have made my dreams a reality. I thank you and everyone else for making this board what it is. May you forever rock on.

Evil Hacker Makes Appearance

abnormal989 - 8-4-2004 at 01:50

Hello everyone, nice to see you all. This isn't the real abnormal989, it's the infamous hacker you've all been talking about

. He must have missed the whole password-getting hype because he hasn't changed his password yet...please remind him to for me.

First and foremost, I would like to apologize for stirring things up, I didn't really mean any harm, sciencemadness.org was just a test run. Many passwords were gained, but none were used for anything too malicious. However, the fact that several passwords match those of e-mail accounts is very worrying, at the fact that such an exploit could be pulled off in the first place simply shows the huge security problem there is today.

A few parting words of advice: Don't use the same password you use for your e-mail account for your forum subscriptions. There are WAY too many vulnerable forums out there (you have my word on that one). If the forum gets compromised, and the hacker gets your password, the first thing he'll try probably is to see if it matches your e-mail account. Through there he could go on to e-shop accounts, and you know what happens then. Also, and this is for the admins: If there's a security upgrade, or a new version, USE IT for crying out loud! That probably means there is a SECURITY HOLE a hacker could EXPLOIT and potentially gain some PASSWORDS.

Anyway, before I go I must congratulate you all, especially the admins. You're the only forum owners of many (including owners of forums with 10 times your users) who noticed the hole and fixed it, quite quickly I might add. That goes to show there may be hope yet

I must go now, thanks for listening and I apologize again for upsetting you all. If you have any questions just use this thread, I'll be checking in. Oh, and the following users just MIGHT want to change their passwords, if they haven't already...just a hint:

infernico, I am a fish, JDP, T_Pyro, froot, organikum, darkflame89, Pyrovus, Saerynide, abnormal989, basf, ech310n, AngelEyes, esplosivo, ziqquratu, Haggis, Eliteforum, narkar, thunderfvck, quest, Alchemist, ignorantlyintelligent, vulture, Backyard Blaster, Iv4, Tacho, chemoleo, Polverone, Quantum, Jen, Moonmonster

Well, so long

- Evil Hacker

Organikum - 8-4-2004 at 01:51

The "todays posts" doesnt work for me either. It started to be defunkt after I had to log in again yesterday aka after the hack.

I fear that not all problems are solved already.

vulture - 8-4-2004 at 02:32

Trouble is, those damn XMB proggers don't test anything before they release it.

So the patches keep bringing along security flaws and bugs. :mad:

Makes you wonder what you're paying for.

It's probably a huge cashcow for the company, now and then releasing a bad update without much time spent and cashing the revenues in the meanwhile. :mad:

Eliteforum - 8-4-2004 at 03:07

Just out of intrest, the other day there was a FTP brute force attempt and a large port scan.

<IP edited out>

Nothing was done, as the system is secure.

abnormal989, my password is changed daily.

And a test run for what?

[Edited on 8-4-2004 by vulture]

vulture - 8-4-2004 at 03:28

Elite, that portscan originated from:

Neuron
and/or IIP

....

Looks like said user will not have FTP acces for some time.

Revenue?!

Polverone - 8-4-2004 at 09:39

Bwa ha ha, you thought I was paying for XMB? Certainly not! It only costs money if you want to remove references to XMB and the XMB team from your board.

Edit: to those who are having trouble using Today's Posts, try logging out and then using your browser to remove cookies from Sciencemadness. This seemed to fix it for me so I could see Today's Posts whether I was logged in as Polverone or not logged in at all.

[Edited on 4-8-2004 by Polverone]

axehandle - 8-4-2004 at 13:23

Do we know the IP of the script kiddie? If he's in Europe, I volunteer to hunt him down and beat him up. Fucking script kiddies, ruining the life of sysadmins everywhere...

VERY nice and swift work, Polverone. I admire it.

Organikum - 8-4-2004 at 13:31

I would suggest everybody who discovered the "Todays Posts" problem should change his password again after he got this working again. There is some evidence that accounts are still compromised and the "Todays Posts" is a way to check this. A glitch in the hack so to say.

I am not absolutely sure on this, but changing the password once again doesnt hurt.

Today's posts

chemoleo - 8-4-2004 at 15:22

I think the problem is solved.
Indeed, it's about the cookies. You have to delete the SM one, mind though, they are in a different folder for mozilla/netscape. Not in the IE cookies folder. Since then the today's post link is working fine again

...

Abnormal - whoever you are - I am confused by your message. Are you serious or is this a joke?

[Edited on 9-4-2004 by chemoleo]

ech310n - 8-4-2004 at 18:58

That post from Abnormal seems to be real as he/she/it lists my username, and yes I did log in that night. Script kiddies and malicious hackers are the scum of this earth :mad:

[Edited on 9-4-2004 by ech310n]

Not So!

Hermes_Trismegistus - 8-4-2004 at 20:46

I have a not insignificant amount of respect for this particular infonaut.

He's obviously both skilled in his field and intelligent.

But beyond that, he's friendly and polite, helpful and considerate, he is well spoken and above all has a good and gentle sense of humor.

I think that many of us would find him to be a likeable rogue and not unlike us in his quest for knowledge and experience.

Bravo, my good man!

BRAVO.

ech310n - 8-4-2004 at 21:09

Hermes, I agree with your views to a certain extent but after putting up with script kiddies and malicious hackers for years I get very annoyed with them. I have an ADSL modem with a built in router and it is often crashing due to malicious DOS attacks. If I leave my Linux system running for the day processing something while I am at school the IDS goes spastic with the amount of malicious traffic it picks up (note that I am aware of the very high false alerts many IDS's have).

Then there is the computers throughout the rest of the house that my family use. They are often been hacked but that has thankfully become non-existent now that all computers at least run Windows XP Professional and are up to date.

I should stop rambling now but the point is that many of these script kiddies have no real motive other than to peeve other people off. I am also not necessarily saying that this hacker in question is a script kiddie or was malicious in his ways. Sorry for editing this post many times, I should get some more sleep.

[Edited on 9-4-2004 by ech310n]

[Edited on 9-4-2004 by ech310n]

[Edited on 9-4-2004 by ech310n]

Mr. Wizard - 8-4-2004 at 21:58

Did anyone notice the phrase 'e-shops'? He sounds British. Of course many Europeans speak English like the English ;-) I changed my password, which is used only on this board. Write them down rather than use the same one.

madscientist - 8-4-2004 at 23:34

Quote:

Many passwords were gained, but none were used for anything too malicious.

Define "not too malicious" for us.

And by the way, why did you do this? We aren't the ones who wrote the board software, we know it has holes, and there's not much we can do about it. As has been said, the patches are buggy. I highly doubt you did anything more than read about a bug somewhere and start going around messing up forums exploiting it... which is a complete waste of both your time and our time. You can't claim either that you were just benevolently trying to wake us up to the problem, because firstly it would've been far simpler to email us a notice about it, and secondly you said that most of the forums don't seem to find out about what you've done.

[Edited on 9-4-2004 by madscientist]

Me again

abnormal989 - 9-4-2004 at 01:31

As I said before, sciencemadness.org was a test run, I wished to try something out to see if it would work.

madscientist: Simply reading about a bug somewhere would mean me sticking with SQL injection, which is how I obtained the MD5 hash of your password. But it didn't stop there, did it? You're right, simply reading about a hole and trying it out is pointless. But adding to it, making it work for you takes more than that, and that's what happened here.

What I meant by not too malicious was that yes, I did obtain several passwords, but I didn't really use them because that wasn't the point. Also the fact that all the accounts and all the threads are intact contribute to proving the "not too malicious" nature of my "attack". Someone else could've just deleted all the threads and messed up all the accounts.

Organikum - 9-4-2004 at 02:43

Agreed, it could have come worse and probably it would have come worse so I am glad we have an friendly hacker here at work. (friendly to us at least

).
You friendly hacker may please understand that nevertheless you being friendly, most people are not overly enthusiastic about what you performed here, ok?

So lets settle this and realize we have been quite lucky and lets hope we will be as lucky in future.

Its in the nature of these things that a board like this cannot be secured by no means - the only existing workaround is to have always an administrator online who takes the machine from the net as soon something "suspicious" happens (like the HIVE does). But I see no need here at ScienceMadness for this, backups often are sufficent.

And friendly hacker dont forget, there are not only friendly boards and admins out there in this evil jungle named The Internet, so take care not to get stuck in a honeypot. But I guess its "no risk no fun"?

ORG

vulture - 9-4-2004 at 04:37

Hack XMBs own support forum and make a statement. Hacking us just caused trouble and annoyance.

Like XMB cares what happens to Sciencemadness...

Ramiel - 9-4-2004 at 17:58

I notice that the names of the users are typed out manually. Interesting.

I don't know much about h4x0ring and computer security, so just bear with me. I logged in during the magic time period of vunerability via cookies, after arriving directly at http://www.sciencemadness.org/talk/today.php (and yes, I type that into IE each time), but my name doesn't appear on the list. As I said, I'm not too clued up on computer security, so I don't know if this is significant.

Three cheers for the Board admins, Polverone especially it seems.

Sincerely
-Ramiel

chemoleo - 9-4-2004 at 19:38

Something doesn't smell right here.

Indeed, I noticed too that the names were typed in by hand (due to differences in upper/lower cases, i.e. he writes T_Pyro, but it is t_Pyro). Isn't that a remarkable effort in the age of 'copy & paste', particularly where the alleged hacker had it all in a little list, with usernames & PW, in an electronic file?
This could be explained by him checking the memberlist, to see who last visited, and simply typing off names. Would be easy to check out who was online during the hacker period. So maybe he doesn't have our passwords after all (that is, our old ones), and is needlessly taking credit...

Then, I have to question abnormal's posts, too. For one thing, isn't he Quantum's friend, from totse? I am referring to this thread http://www.sciencemadness.org/talk/viewthread.php?tid=1805

Quote:

Glad you took my advise!

I invited abnormal989 over here from the totse forum after he posted a thread similar to this one. Hopefully he will grow into a full fledged chemist

Abnormal989: Its good you came over here as there are many people smarter than me here that can help you by giving you tips and ideas or by you searching old posts.

Quantum, did you not point out to the totse abnormal that his account was compromised? That he may have to register a new account (in case he can't use his old one) to confirm indeed his account was compromised? Of course, this is providing he's not the hacker himself, and the two abnormals are one person...

I am not trying to turn this into a witch hunt, or accuse people needlessly- and from the posting style it seems there are two abnormals.

Nonetheless, maybe the admins could check the IP's of abnormals initial post, and the IP's of the last two posts. I guess they will be different. The hacker IP should be interesting, and maybe the basis for a counter hack attack ... similar to what Mega proposed when roguesci got hacked... not that I think this is a good idea.

At last, to that proud benevolent hacker who means it all so well, and unwillingly of course pissed off a whole load of people, wasted lots of time, and has to get a life-
I hope this is the first and last time you try this (sadly i know it won't).

Unlike others, I don't think how great you are for not doing more to us (and yes I lack gratitude), instead I think you are a FUCKHEAD for disrupting a genuine and great board like this, which in its very character is unique in the internet.
Next time waste your time on a neonazi/similar forum, at least I would accept that as an excuse.

Edit: It's not normally in my character to swear at people, but I couldnt help myself

[Edited on 10-4-2004 by chemoleo]

Quantum - 9-4-2004 at 21:13

I saw Abnormal's post over at Totse in the 'Bad Ideas' forum surrounded by such gems as 'Stealing a chicken A serious question'

Here is his post: http://www.totse.com/bbs/Forum7/HTML/008406.html

I posted a link over here hoping he could ask his question here and not be dragged down by idiots.

I think you(Abnormal) should post a new topic in BB at Totse called "MSDB hacker' and include a sentence if you want. it will get locked but I/others here can see it and know that you here and you there are one in the same.

I did not tell abnormal over at tose because I had forgoten already about posting the link over here. I hope he is not the hacker but an admin can check IPs and logs I guess.

Quanutum

Edit: This gave me a good excuse to get my 100th post without post whoring!

[Edited on 10-4-2004 by Quantum]

Different account today

Alchemist - 9-4-2004 at 21:44

chemoleo, you mentioned me "typing in things by hand". Well I didn't. They were indeed all in a neat little list, but due to the length I decided not to flood my post with usernames. Also, since I had to delete the passwords beside them, it wasn't much touble to include a comma and a space. The reason some have differences in cases in some usernames is simple, it's because they aren't case sensitive, so even if you type your username, changing a few caps to small and vice versa, it'll still work, and that's exactly what happened here.

Now, why oh why would the real abnormal989 confess to hacking this forum through his own username? I'm not really abnormal989, as I said before I just used his username because he hadn't changed his password yet. Besides, the admins can just check out the login sessinon IP addresses, the last 3 will NOT match the older ones. And as for the use of the new IPs for a "counter hack attack", I am truly sorry chemoleo but you live in a dream world. Anyway, leave it up to the admins, they'll realize what I'm talking about.

Oh, disclosed is something that might interest you:

vulture | VTZUfMdoa
chemoleo | bowle
chemoleo | abspasfrac
Polverone | c1ndy
Quantum | smiley
Quantum | cran28Nix@Oclcok!#

Those are the login attempts of 4 people I'm quite sure have changed their password since the attack. I think that's proof enough I didn't copy this stuff from anywhere. I even included Quantums' extra-lengthy password, cracked via the dual quantum computers sitting in my basement

.

Oh yes, for your information chemoleo, it only took 5 minutes to set things up here, so I didn't waste too much time, but many thanks for your kind concern. I'd really just LOVE to start a swearing match with you, but unfortunately I have better things to do.

Thanks for listening again, and I can explain in detail how the hack worked to the admins, if they'd really like to know.

P.S.: vulture: I very much agree, XMB should be punished for making a good-looking but extremely bugged forum and hardly ever repairing it properly. And we're working on that too, don't worry

The_Davster - 9-4-2004 at 21:49

Why is there 2 different passwords for the same user. Old and new ones?

oh god.

Hermes_Trismegistus - 9-4-2004 at 23:38

I see this has gone from downhill to under ground.

Even old Professor Hardwigg knew when to turn back.

vulture - 10-4-2004 at 01:13

I'm using the adventureMedia black&yellow color scheme for the board, but since yesterday all text except the links gone white. Did I accidently activate a hotkey or is this another bug?

I'm not going to swear at mister hacker, I just advise him to use concentrated nitric acid as a cooling fluid for his überPC.

[Edited on 10-4-2004 by vulture]

Organikum - 10-4-2004 at 02:00

In short:
- this is the friendly hacker who hacked this board.
- this is not a skript kiddie as a skript kiddie would have gone hysteric by now.
- the admins should use the offer to get the hack explained.

regards
ORG

Quantum - 10-4-2004 at 05:37

I hope Mr.Hacker can't get pgp keys this easily!

He can't be cracking the passwords as it would take a loooonnng time for my second one. He must have some sort of way to intercept them before they are md5sumed.

My hat is off to the skill of the benign hacker. Still I wish you would not post my new(er) password. Other people could see it and harm my account while I was away.

Edit: Back hacking wouldn't work for this guy; he is bouncing off a few proxies I bet.

[Edited on 10-4-2004 by Quantum]

Eliteforum - 10-4-2004 at 06:35

Lamer.

All Chemist - 10-4-2004 at 07:42

I already changed my password like you asked. And now u use my account once more. I don't appreciate having to change my password from the origonal to 'Px94sn0Fgi' to some other guf. Now, decist, or i will be forced to unleash my world splitting Super-Sayan Fireball and kill everyone to get you.

Organikum - 10-4-2004 at 08:37

Quote:

He who howls at teh moon.

tis sounds like mei favorit mOOnMoNSTa....

Using poor Orgi to post has much more flair than using Newbie's

Hermes_Trismegistus - 10-4-2004 at 10:00

Hello Mr. Hacker, I'd like to ask you a couple questions if you don't mind.

Would you please U2U with an email addy?

Hermes

Organikum - 10-4-2004 at 10:33

you got something wrong Hermes, up to now my name wasnt (ab)used.

Hermes_Trismegistus - 10-4-2004 at 10:55

Quote:

Originally posted by Organikum
In short:
- this is the friendly hacker who hacked this board.

My mistake, I hadn't seen your sig at the bottom at first glance, and was confused.

Who is the friendly hacker?

Organikum - 10-4-2004 at 11:20

yes thats unclear I admit.

I was referring to chemoleos claim that the person posting here isnt the one who hacked the board - ok?

attention Sir Haxalot

Polverone - 10-4-2004 at 11:20

Quote:

Thanks for listening again, and I can explain in detail how the hack worked to the admins, if they'd really like to know.

This I would like to know.

Do you know of any vulnerabilities in XMB 1.8 SP3, or just what has already been published about 1.8 SP2 and earlier?

[Edited on 4-10-2004 by Polverone]

Alchemist - 11-4-2004 at 12:52

Ok, first off: Who I am doesn't really matter, and I'm only using different usernames to stop people from thinking that the owner of the username is the real hacker. Neither abnormal989 nor Alchemist is the hacker, they just haven't changed their passwords yet. Also, I didn't expect I'd be posting this often, maybe I should just make a new username to rid myself of the trouble...

Anyway, Quantum: You are right, there's no possible way your 18-digit password can be cracked. Trying all possible combinations of a-z, A-Z, 0-9 and only 4 extra symbols for an 8-digit password would take approximately 11.4 years, assuming a brute force speed of 1000000 passwords per second. The admins know I didn't just get the md5 passwords, that would be too hard to trace anyway.

Now, I'll explain briefly what happened so that everyone interested can comprehend how it worked and the admins will be able to recognise such attacks with ease in the future. With some standard SQL injection (injecting sql statements into a php script by fooling the script to run them), you can easily obtain the md5 hash of any users' password. Using that you can spoof your cookie and login as the owner of the username, for instance the administrator. This allows you to do pretty much anything you want within the confines of the forum, but by no means can you learn the password.

However, you can modify the templates that are loaded in specific pages. Specifically, the header template, which is used in all pages, was modified to redirect the user to the misc.php?action=login page, whose template was modified to redirect the user to another page, where a php script stored the username and password and sent the user back to the main forum website, logged in. That is basically how it worked.

Polverone: Funny you should mention that, because XMB 1.8 SP3 DOES have some vulnerabilities, and so does XMB 1.9. Even the version they're using over at the XMB website is vulnerable, but to a different kind of SQL injection we haven't been able to fully exploit yet. But I promise if anything comes up you'll be among the first to know (and by that I mean i'll e-mail you or u2u or whatever, not that I'll hack the forum all over again

Polverone - 11-4-2004 at 15:10

It seems like a much more subtle attack would be possible, if you can execute arbitrary SQL commands. I.E. couldn't you modify the login page to store plaintext usernames/passwords in new entries in the database, and later use another command to retrieve all the stored pairs? An attack like that wouldn't need redirection to another site, and would be very subtle indeed if you just let logins naturally expire and be re-entered. But I don't know exactly what you can accomplish, even after having it explained.

Blind Angel - 11-4-2004 at 15:49

My question is: From where were you able to inject the SQL statement, for the rest it's not a big deal.

warning

axehandle - 12-4-2004 at 07:12

When I tried to enter the profile editing section using mozilla, I got a popup with the text "Select a username to be used entering this forum", and a field with my email adress listed twice.

Is this related to the upgrade or is it another crack?

neither

Polverone - 12-4-2004 at 07:18

It's a Mozilla thing. Delete one of the saved user/password combinations, using Password Manager.

silly me

axehandle - 12-4-2004 at 08:20

Mozilla must have stored both the old and the new password, and instead of behaving logically I became paranoid. Thanks for not saying out loud that I'm an idiot though, Polverone.

There. I said it myself.

Edit: As a side note, I managed to cast aluminum on my charred wooden table, gripping the handle of the crucible with a towel. I was lucky I wore gloves. The towel, as well as the table under the SS mold, caught fire. Big time. *cough* *cough*

[Edited on 2004-4-12 by axehandle]

[Edited on 2004-4-12 by axehandle]

chemoleo - 12-4-2004 at 08:57

On the note of the 'I****' word, didn't someone else say that??
It all goes round in circles...

Organikum - 13-4-2004 at 04:24

Huh? whats the "I******" word ?

Anyways I am astonished nobody asks the REAL IMPORTANT questions here.

For example:
Who is "c1ndy" ?

Eliteforum - 13-4-2004 at 04:30

L word = Lamer.

Edit, thought this might clear up a few things for those not too technically minded.

http://www.4guysfromrolla.com/webtech/061902-1.shtml

[Edited on 13-4-2004 by Eliteforum]

t_Pyro - 13-4-2004 at 18:21

First off... MD5 hashes aren't secure, not by a looong way. Cain can crack them in less than a day.

I myself tried some simple sql injection methods with the login text fields, but with no success..

Mr. Hacker, would you care to explain exactly what type of sql injection method you used?

For everybody else who might be interested in the practical usage of some of the "dark arts", visit www.hackthissite.org.

If_6_was_9 - 13-4-2004 at 18:55

Its probably the FBI

Iv4 here

IvX - 14-4-2004 at 02:09

I changed my password when I saw the hack but tnow it wont take my new password :s

Aw well I was going to requast an admin to get rid of the postcounter on ym account anyway so hey not so bad

Organikum - 23-4-2004 at 02:53

Everybody who was affected by the hack of the board lately may please check his system for an infection with a virus/worm/trojan called "magistr".

NO PANIC!

Information on the virus is to be found here:
http://216.239.59.104/search?q=cache:TGjHFJFQ2CQJ:www.pchell.com/virus/magistr.shtml+trojan+magistr&hl=en
and here:
http://securityresponse.symantec.com/avcenter/venc/data/w32....

A removal tool is also to be found here:
http://securityresponse.symantec.com/avcenter/venc/data/w32....

The virus is only damaging to a machine which seems to belong to a person working in Law Enforcement - funny stuff, perhaps I should spread it further instead of warning?
Eh, forget this please....

It would be important for me to get feedback on this in any case, so please post, or PM me also if the check was negative.

thanks
ORG

[Edited on 23-4-2004 by Organikum]

Quantum - 23-4-2004 at 12:03

Lucky me I run Linux. I am protected from most viruses at least for now while Linux isn't very popular with the general public.

Organikum - 23-4-2004 at 14:35

What distribution? Where are my rootkits?

axehandle - 25-4-2004 at 05:26

Debian GNU/Linux testing/unstable
Kernel 2.6.4

(
Linux debian 2.6.4 #3 Sat Apr 24 12:18:29 CEST 2004 i686 GNU/Linux
)

Shorewall 2.0.0-5
Apache 2.0.49
------------------------

Do your worst.

Quantum - 25-4-2004 at 06:43

Slackware 9.1 Kernel 2.6.2

Organikum - 25-4-2004 at 08:32

Oh! Thanks!
And your IP (not the 127.0.0.1...)
and your root password please and we are done

axehandle - 25-4-2004 at 10:30

Quote:

Oh! Thanks!
And your IP (not the 127.0.0.1...)
and your root password please and we are done

IP: same as my webserver's....
As for the root password, it wouldn't do you much good as sshd is set up to not accept root, you have to login as a user and then su....

Eliteforum - 29-4-2004 at 18:00

Quote:

Return-Path: <tdvkskblmlztdvkskblml@hotmail.com>
Received: from yahoo.com ([210.0.143.111]) by mta06-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040423202425.NTKD29585.mta06-svc.ntlworld.com@yahoo.com>
for <dean.woolley2@ntlworld.com>; Fri, 23 Apr 2004 21:24:25 +0100
From: "Bameth Leedy" <w0z0z2sd@hotmail.com>
Subject: w
To: dean.woolley2@ntlworld.com
Content-Type: text/plain
Date: Fri, 23 Apr 2004 21:27:13 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Message-Id: <20040423202425.NTKD29585.mta06-svc.ntlworld.com@yahoo.com>

do you like being hacked?

Mr. Lamer, stop being so l33t and close your crappy mailbomber!

I only just got your email junk as I on the off-chance checked my mail on the ISP's server. I popped into the junk mail setting and saw it had over 8500 junk emails (Must have got bored masturbating that night huh?). My settings are set to bounce certain email prefixes anyhow.

So grow up, get a shower, brush your teeth, get a job and get some pussy! And stop acting like your some cool l33t lamer 'coz you know how to use a program! Foo'

chemoleo - 29-4-2004 at 18:09

Lol, what the fck is wrong with some people? You summed it up nicely, elite - this monkey should get a life.