Pages:
1
2
3 |
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Sciencemadness hax0red!
Today I went to log in to sciencemadness and I had to give my username/password (normally I stay logged in almost all the time). The login briefly
redirected me to http://www.evelin29.com/images/boardscimad.php, which quickly brought me here. Now why would a maker of tea, located in Bulgaria with
administrative contacts in Hong Kong, be involved with the login process for Sciencemadness?
I get the feeling that SM may have been the victim of some sort of hack. Passwords may have been compromised. I will let you know more as soon as I
learn more.
PGP Key and corresponding e-mail address
|
|
Quantum
Hazard to Others
Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline
Mood: Interested
|
|
The same thing happened to me at 12:28PM eastern time! Could be that all passwords are being sniffed through that server!
God damn hackers runine it for everyone
Edit: I tried to go to the /images root but nothing happened. No server messages or anything. Then I tried /images/index.php and the only thing it
said was
Blah )))
http://www.evelin29.com/images/index.php
It makes my suspect that some one rooted evenlin and then used it to stage a password sniffing attack on us.
[Edited on 7-4-2004 by Quantum]
What if, what is isn\'t true?
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
The aftermath
You can still see the progress of my enlightenment at http://www.sciencemadness.org/warning.html. Being the good admin that I am, I redirected all board traffic to that warning page soon after I
discovered the problem, using an .htaccess file in the directory. This no doubt saved many people from losing their passwords to the Mysterious Script
Kiddie. Still, I would suggest that anyone who logged in during the last day change their password.
I saw the problem at around 9:00 AM Pacific Standard Time. There was no problem as of 8:00 PM last night. I estimate there was about a 12 hour window
of vulnerability. Who was the first person to get the forced login?
PGP Key and corresponding e-mail address
|
|
thunderfvck
Hazard to Others
Posts: 347
Registered: 30-1-2004
Location: noitacoL
Member Is Offline
Mood: No Mood
|
|
That really sucked. A whole afternoon without sciencemadness.
I recall having to log in this morning, at about...930 AM pacific.
So, you recommend changing passwords then? Will do. Is there any bad news for the people who use the same password for everything they need access to?
Perhaps I shouldn't have said this out loud. So delete this post if I'm a retard.
Thanks a lot Polverone, for all the work you've put into repairing the board. I really appreciate it.
ROCK ON!
|
|
BromicAcid
International Hazard
Posts: 3245
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline
Mood: Rock n' Roll
|
|
Password changed, with such a speedy response and keeping us informed it makes me believe even more we should be paying you for this.
|
|
The_Davster
A pnictogen
Posts: 2861
Registered: 18-11-2003
Member Is Offline
Mood: .
|
|
Some aftermath of recent events
First off, thanks Polverone for fixing this so quickly. But now that SM is back up and running I've noticed a few problems.
When I try to enter my U2U I get this message "Parse error: parse error in /home/sciencem/public_html/talk/u2u.php on line 35"
And I just noticed as I was posting this but near the top of the page under the box with the logo, where it usually shows your location within the
threads here on SM it now says "Mad Science Discussion Board » Post ReplyPost Reply " instead of the usuall Mad Science Discussion Board
» [category name] » [thread name] » post reply
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
The U2U problem is very strange. You're correct. But this is the code as it was in the download of XMB 1.8 SP3. I copied it over just to make
sure I hadn't (badly) manually patched it. I have posted a question about it on the XMB forum. I think I've fixed the double Post Reply
message.
Edit: that too is fixed. The file in the download is wrong. So was the first "fix" I downloaded. Have these programmers ever heard of
"testing?"
[Edited on 4-8-2004 by Polverone]
PGP Key and corresponding e-mail address
|
|
Quantum
Hazard to Others
Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline
Mood: Interested
|
|
The "View todays Posts" thing dosn't work at least not for me. All I see it a blank list.
I changed my password to something so long and complex that brute force will never crack it. Unless quantum computers are at the disposale of the
crackers.
What if, what is isn\'t true?
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
It appears that Today's Posts works for me when I'm logged in as Polverone, but not logged in as an ordinary user or completely
not-logged-in. There seem to be some sort of restrictions on who can view what in today.php. Let's give the XMB team another round of applause
for their thorough testing!
Okay, let's see what happens if I let everyone see what administrators can see (with that tool).
Edit: evidently my PHP-fu is not strong enough to figure out how to let everyone run amok with the Today's Posts tool. It seems to work only for
super administrators right now. I will ask the XMB developers how this might be fixed.
[Edited on 4-8-2004 by Polverone]
PGP Key and corresponding e-mail address
|
|
thunderfvck
Hazard to Others
Posts: 347
Registered: 30-1-2004
Location: noitacoL
Member Is Offline
Mood: No Mood
|
|
I'm sorry, but I'm drunk now and quite aggitated as to what had happened earlier.
These tea drinking faggots, I mean really, what do they have to gain aside from PISSING us off? Sure, they get some passwords, and from that what?
They can edit out posts, post a few crazy messages, possibly access our email, etc. Unless I'm missing some deeper meaning to all of this,
it's quite pointless. These people really have nothing better to do than to make us upset.
And why sciencemadness? Is it simply because they are able to access the server or whatever, and so they can get some passwords? It's not like
they're cracking into some pedophilic porno site in which they can make profit off of it or something. It's just information, chemistry.
I am quie angry over this. One reason being that I had posted a question in the beginners section in which I required a response in order to finish my
assignment for school. Because of this I may lose 20%. haha. But enough of my self-centeredness, I am extremely grateful for Polverone's work. I
mean this guy, seriously, if I had a wife or something, and he was in need of some action, I'd let him sleep with my wife. Honestly. Well maybe
NOT....But you know what I mean. Seriously, Polverone, you are the man of men. You make Ghandi look like a herpies infected pedophile. You make Jesus
look like a nympho mutant. You are a GOD. Thank you so much for bringing us back on track. And seriously, if you were to enforce a payment for the
services you do on this site, I would surely pay. I don't think I could live without this site. Even though I don't post as much as some of
the other members, and I don't take part in a lot of discussions, I still read, read, read. The information I gain from this site is priceless.
Fuck textbooks. Just sign up to sciencemadness and you'll be a chemistry lord in no time. Well a bit of an exageration but I believe that a few
years on this site, reading each post and absorbing it, will provide anyone with a firm knowledge of chemistry.
What I really love about this site is that it's not geared towards explosives/drugs. Much like the explosives & weapons forum, of the hive.
This site is chemistry, all levels of it. And that's what I've been searching for ever since I've decided I was going to devote my life
to chemistry. You have made my dreams a reality. I thank you and everyone else for making this board what it is. May you forever rock on.
|
|
abnormal989
Harmless
Posts: 4
Registered: 5-4-2004
Member Is Offline
Mood: No Mood
|
|
Evil Hacker Makes Appearance
Hello everyone, nice to see you all. This isn't the real abnormal989, it's the infamous hacker you've all been talking about . He must have missed the whole password-getting hype because he hasn't changed
his password yet...please remind him to for me.
First and foremost, I would like to apologize for stirring things up, I didn't really mean any harm, sciencemadness.org was just a test run. Many
passwords were gained, but none were used for anything too malicious. However, the fact that several passwords match those of e-mail accounts is very
worrying, at the fact that such an exploit could be pulled off in the first place simply shows the huge security problem there is today.
A few parting words of advice: Don't use the same password you use for your e-mail account for your forum subscriptions. There are WAY too many
vulnerable forums out there (you have my word on that one). If the forum gets compromised, and the hacker gets your password, the first thing
he'll try probably is to see if it matches your e-mail account. Through there he could go on to e-shop accounts, and you know what happens then.
Also, and this is for the admins: If there's a security upgrade, or a new version, USE IT for crying out loud! That probably means there is a
SECURITY HOLE a hacker could EXPLOIT and potentially gain some PASSWORDS.
Anyway, before I go I must congratulate you all, especially the admins. You're the only forum owners of many (including owners of forums with 10
times your users) who noticed the hole and fixed it, quite quickly I might add. That goes to show there may be hope yet
I must go now, thanks for listening and I apologize again for upsetting you all. If you have any questions just use this thread, I'll be checking
in. Oh, and the following users just MIGHT want to change their passwords, if they haven't already...just a hint:
infernico, I am a fish, JDP, T_Pyro, froot, organikum, darkflame89, Pyrovus, Saerynide, abnormal989, basf, ech310n, AngelEyes, esplosivo, ziqquratu,
Haggis, Eliteforum, narkar, thunderfvck, quest, Alchemist, ignorantlyintelligent, vulture, Backyard Blaster, Iv4, Tacho, chemoleo, Polverone, Quantum,
Jen, Moonmonster
Well, so long
- Evil Hacker
|
|
Organikum
resurrected
Posts: 2337
Registered: 12-10-2002
Location: Europe
Member Is Offline
Mood: frustrated
|
|
The "todays posts" doesnt work for me either. It started to be defunkt after I had to log in again yesterday aka after the hack.
I fear that not all problems are solved already.
|
|
vulture
Forum Gatekeeper
Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline
Mood: No Mood
|
|
Trouble is, those damn XMB proggers don't test anything before they release it.
So the patches keep bringing along security flaws and bugs.
Makes you wonder what you're paying for.
It's probably a huge cashcow for the company, now and then releasing a bad update without much time spent and cashing the revenues in the
meanwhile.
One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.
|
|
Eliteforum
National Hazard
Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline
Mood: Enjoying the journey
|
|
Just out of intrest, the other day there was a FTP brute force attempt and a large port scan.
<IP edited out>
Nothing was done, as the system is secure.
abnormal989, my password is changed daily. And a test run for what?
[Edited on 8-4-2004 by vulture]
All that glitters isn't gold.
|
|
vulture
Forum Gatekeeper
Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline
Mood: No Mood
|
|
Elite, that portscan originated from:
Neuron
and/or IIP
....
Looks like said user will not have FTP acces for some time.
One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Revenue?!
Bwa ha ha, you thought I was paying for XMB? Certainly not! It only costs money if you want to remove references to XMB and the XMB
team from your board.
Edit: to those who are having trouble using Today's Posts, try logging out and then using your browser to remove cookies from Sciencemadness.
This seemed to fix it for me so I could see Today's Posts whether I was logged in as Polverone or not logged in at all.
[Edited on 4-8-2004 by Polverone]
PGP Key and corresponding e-mail address
|
|
axehandle
Free Radical
Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline
Mood: horny
|
|
Do we know the IP of the script kiddie? If he's in Europe, I volunteer to hunt him down and beat him up. Fucking script kiddies, ruining the life
of sysadmins everywhere...
VERY nice and swift work, Polverone. I admire it.
My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35
\"Verbing nouns weirds the language!\"
|
|
Organikum
resurrected
Posts: 2337
Registered: 12-10-2002
Location: Europe
Member Is Offline
Mood: frustrated
|
|
I would suggest everybody who discovered the "Todays Posts" problem should change his password again after he got this working again. There
is some evidence that accounts are still compromised and the "Todays Posts" is a way to check this. A glitch in the hack so to say.
I am not absolutely sure on this, but changing the password once again doesnt hurt.
|
|
chemoleo
Biochemicus Energeticus
Posts: 3005
Registered: 23-7-2003
Location: England Germany
Member Is Offline
Mood: crystalline
|
|
Today's posts
I think the problem is solved.
Indeed, it's about the cookies. You have to delete the SM one, mind though, they are in a different folder for mozilla/netscape. Not in the IE
cookies folder. Since then the today's post link is working fine again ...
Abnormal - whoever you are - I am confused by your message. Are you serious or is this a joke?
[Edited on 9-4-2004 by chemoleo]
Never Stop to Begin, and Never Begin to Stop...
Tolerance is good. But not with the intolerant! (Wilhelm Busch)
|
|
ech310n
Harmless
Posts: 29
Registered: 18-10-2003
Location: Australia
Member Is Offline
Mood: No Mood
|
|
That post from Abnormal seems to be real as he/she/it lists my username, and yes I did log in that night. Script kiddies and malicious hackers are the
scum of this earth
[Edited on 9-4-2004 by ech310n]
|
|
Hermes_Trismegistus
National Hazard
Posts: 602
Registered: 27-11-2003
Location: Greece, Ancient
Member Is Offline
Mood: conformation:ga
|
|
Not So!
I have a not insignificant amount of respect for this particular infonaut.
He's obviously both skilled in his field and intelligent.
But beyond that, he's friendly and polite, helpful and considerate, he is well spoken and above all has a good and gentle sense of humor.
I think that many of us would find him to be a likeable rogue and not unlike us in his quest for knowledge and experience.
Bravo, my good man!
BRAVO.
|
|
ech310n
Harmless
Posts: 29
Registered: 18-10-2003
Location: Australia
Member Is Offline
Mood: No Mood
|
|
Hermes, I agree with your views to a certain extent but after putting up with script kiddies and malicious hackers for years I get very annoyed with
them. I have an ADSL modem with a built in router and it is often crashing due to malicious DOS attacks. If I leave my Linux system running for the
day processing something while I am at school the IDS goes spastic with the amount of malicious traffic it picks up (note that I am aware of the very
high false alerts many IDS's have).
Then there is the computers throughout the rest of the house that my family use. They are often been hacked but that has thankfully become
non-existent now that all computers at least run Windows XP Professional and are up to date.
I should stop rambling now but the point is that many of these script kiddies have no real motive other than to peeve other people off. I am also not
necessarily saying that this hacker in question is a script kiddie or was malicious in his ways. Sorry for editing this post many times, I should get
some more sleep.
[Edited on 9-4-2004 by ech310n]
[Edited on 9-4-2004 by ech310n]
[Edited on 9-4-2004 by ech310n]
|
|
Mr. Wizard
International Hazard
Posts: 1042
Registered: 30-3-2003
Member Is Offline
Mood: No Mood
|
|
Did anyone notice the phrase 'e-shops'? He sounds British. Of course many Europeans speak English like the English ;-) I changed my
password, which is used only on this board. Write them down rather than use the same one.
|
|
madscientist
National Hazard
Posts: 962
Registered: 19-5-2002
Location: American Midwest
Member Is Offline
Mood: pyrophoric
|
|
Quote: | Many passwords were gained, but none were used for anything too malicious. |
Define "not too malicious" for us.
And by the way, why did you do this? We aren't the ones who wrote the board software, we know it has holes, and there's not much we can do
about it. As has been said, the patches are buggy. I highly doubt you did anything more than read about a bug somewhere and start going around messing
up forums exploiting it... which is a complete waste of both your time and our time. You can't claim either that you were just benevolently
trying to wake us up to the problem, because firstly it would've been far simpler to email us a notice about it, and secondly you said that most
of the forums don't seem to find out about what you've done.
[Edited on 9-4-2004 by madscientist]
I weep at the sight of flaming acetic anhydride.
|
|
abnormal989
Harmless
Posts: 4
Registered: 5-4-2004
Member Is Offline
Mood: No Mood
|
|
Me again
As I said before, sciencemadness.org was a test run, I wished to try something out to see if it would work.
madscientist: Simply reading about a bug somewhere would mean me sticking with SQL injection, which is how I obtained the MD5 hash of your password.
But it didn't stop there, did it? You're right, simply reading about a hole and trying it out is pointless. But adding to it, making it work
for you takes more than that, and that's what happened here.
What I meant by not too malicious was that yes, I did obtain several passwords, but I didn't really use them because that wasn't the point.
Also the fact that all the accounts and all the threads are intact contribute to proving the "not too malicious" nature of my
"attack". Someone else could've just deleted all the threads and messed up all the accounts.
|
|
Pages:
1
2
3 |