Pages:
1
2
3 |
joe69cool
Harmless
Posts: 14
Registered: 31-10-2005
Member Is Offline
Mood: No Mood
|
|
hacked
they hacked the site. shame on them! They probably did it because they couldnt get their reactions to work.
\"Why oh why didn\'t I take the blue pill?\"
|
|
BromicAcid
International Hazard
Posts: 3253
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline
Mood: Rock n' Roll
|
|
Took me a minute to figure out that anything happened. I always just visit the new posts page but the main page for sciencemadness.org has been
defaced though apparently the forum is fine.
|
|
franklyn
International Hazard
Posts: 3026
Registered: 30-5-2006
Location: Da Big Apple
Member Is Offline
Mood: No Mood
|
|
Those of us with some know how or sophistication can find our
way in providing there still is one , but the other folk are going
to be rudely perplexed unless an advisory e-mail is sent out.
.
|
|
chemrox
International Hazard
Posts: 2961
Registered: 18-1-2007
Location: UTM
Member Is Offline
Mood: LaGrangian
|
|
noticed last night
Yeah who are these assholes anyway? Like the little skateboarders that vandalize our offices.. public caning would be perfect
|
|
bereal511
Hazard to Others
Posts: 162
Registered: 9-8-2005
Location: Madison, WI
Member Is Offline
Mood: No Mood
|
|
How ridiculously immature. The kewls of the internet are just as rambuncuous as the kewls of real life.
As an adolescent I aspired to lasting fame, I craved factual certainty, and I thirsted for a meaningful vision of human life -- so I became a
scientist. This is like becoming an archbishop so you can meet girls.
-- Matt Cartmill
|
|
YT2095
International Hazard
Posts: 1091
Registered: 31-5-2003
Location: Just left of Europe and down a bit.
Member Is Offline
Mood: within Nominal Parameters
|
|
Script Kiddies undoubtedly, the hacker Equiv of K3wlz to a serious Chemist!
\"In a world full of wonders mankind has managed to invent boredom\" - Death
Twinkies don\'t have a shelf life. They have a half-life! -Caine (a friend of mine)
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
They changed the ssh/cPanel password so I can't log in. I'm unfortunately spending most of my time today on airplanes and in airports, and my laptop
doesn't have the customer support password stored on it. I've asked for the password to be emailed to me but it seems to be slow in coming. This may
take a bit of time to resolve.
PGP Key and corresponding e-mail address
|
|
joe69cool
Harmless
Posts: 14
Registered: 31-10-2005
Member Is Offline
Mood: No Mood
|
|
I should probably keep my damn mouth shut, but I think I know who did it in an abstact way. I'm sure everything will be resolved soon, and they meant
it as a compliment I'm sure.
\"Why oh why didn\'t I take the blue pill?\"
|
|
guy
National Hazard
Posts: 982
Registered: 14-4-2004
Location: California, USA
Member Is Offline
Mood: Catalytic!
|
|
Their names don't get any kewler than that.
|
|
dennisfrancisblewettiii
Hazard to Self
Posts: 61
Registered: 16-12-2005
Location: Madison, Wisconsin
Member Is Offline
|
|
Quote: | Originally posted by joe69cool
I should probably keep my damn mouth shut, but I think I know who did it in an abstact way. I'm sure everything will be resolved soon, and they meant
it as a compliment I'm sure. |
Idefense?
This stuff is annoying.
|
|
YT2095
International Hazard
Posts: 1091
Registered: 31-5-2003
Location: Just left of Europe and down a bit.
Member Is Offline
Mood: within Nominal Parameters
|
|
Quote: | Originally posted by joe69cool
and they meant it as a compliment I'm sure. |
Huh... How does That work?????
\"In a world full of wonders mankind has managed to invent boredom\" - Death
Twinkies don\'t have a shelf life. They have a half-life! -Caine (a friend of mine)
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
It appears that the hosting machine was not more generally compromised -- the attackers tried to use the tools they downloaded, but mine was the only
account they compromised this time. Micfo (our hosting company) told me that it must have happened because I had 777 permissions set on PHP files or
directories. That's not true -- I don't use 777 permissions on anything, but for $20/month I don't really expect them to do detailed post-intrusion
analysis. I would guess that we were hacked using one of the thousands of holes in the security swiss-cheese that is XMB. In a move that should
protect us from hacking for at least the next 6 hours, I have upgraded the board to the latest and greatest stable version of XMB. This has some side
effects, like different smilies (I can restore the old ones if people really care) and the fact that U2U message preview actually works now.
It's good to be back. I hope we can stay here.
PGP Key and corresponding e-mail address
|
|
Rosco Bodine
Banned
Posts: 6370
Registered: 29-9-2004
Member Is Offline
Mood: analytical
|
|
Has XMB got a wrong password attempted entry counter to defeat random password sniffer / generators ?
Or have they left a few other backdoors open ?
Yeah the old smilies were better , and it seems like you
put 'em back after the last upgrade some time back because the newer ones are muddy .
|
|
12AX7
Post Harlot
Posts: 4803
Registered: 8-3-2005
Location: oscillating
Member Is Offline
Mood: informative
|
|
SMDB is back!
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
I don't think there is a wrong password timeout or block in place. In any case I'm sure that's not how the attackers worked, since gaining my forum
password would only have allowed them to change forum settings. They had shell level access, were able to change the main index page, installed
additional software, changed my shell password... I'm sure they got initial shell access through an exploit, most likely an XMB exploit since it's the
only software package I've installed under this hosting account. I'm still not sure how they were able to change my shell password once they got shell
access -- maybe via the same flaw, since they were obviously able to bypass my password at least once.
I really hope that it was a now-patched XMB flaw, because if it's anything else, there's nothing I can do to improve security.
PGP Key and corresponding e-mail address
|
|
YT2095
International Hazard
Posts: 1091
Registered: 31-5-2003
Location: Just left of Europe and down a bit.
Member Is Offline
Mood: within Nominal Parameters
|
|
Nice works and Thanks for what you`ve done already!
\"In a world full of wonders mankind has managed to invent boredom\" - Death
Twinkies don\'t have a shelf life. They have a half-life! -Caine (a friend of mine)
|
|
Rosco Bodine
Banned
Posts: 6370
Registered: 29-9-2004
Member Is Offline
Mood: analytical
|
|
It's really one hell of a coincidence for me that when
RS was taken down by idefense ....the topic in open discussion at the time was energetic tetrazoles .
And when MadScience went down ....the exact same
topic was under discussion ...in both cases with some useful information being brought to light , the difference being no data loss this time around ,
due to a CYA backup
being available .
But isn't that one hell of a coincidence that such an obscure topic would be on top in Energetics both times
when two different forums get trashed .....almost like it
was a magic tripwire or something ?
I really hate such coincidences that just don't quite seem like coincidences at all , but more like a two shot group
so well placed on target ....that it is just one neat hole .
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Simple enough hypothesis to test. You could go discuss energetic tetrazoles, and see if everything comes crashing down again.
Of course, everyone might be a tad upset with you for doing that, myself included.
I'm just grateful to Polverone for getting the forum back up quickly (I was braced to wait for the weekend).
|
|
Rosco Bodine
Banned
Posts: 6370
Registered: 29-9-2004
Member Is Offline
Mood: analytical
|
|
Somebody posted the whole echelon watchwords list
one time ....and they probably get saturated with hits
for those keywords from this forum enough to make
it an aggravation for the web watchers . But then
it's got to be like the war on drugs , cops and robbers
need each other for job security . So as they say at
the start of the olympics ....let the games begin .....
what were the rules again ?
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
The rules are this: there are no rules, there's no size, no shape, no color, and the best you can expect is what you least expect.
-- from "The Kremlin Letter", an underappreciated 1970 John Huston film, spoken by Richard Boone.
|
|
Rosco Bodine
Banned
Posts: 6370
Registered: 29-9-2004
Member Is Offline
Mood: analytical
|
|
Sort of like a girl at a Hells Angels convention
worried about doing something naughty that
might offend the chaperones .
[Edited on 7-3-2007 by Rosco Bodine]
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Like what? They might be offended if she didn't want to pull a train. (And then maybe she'd have little choice in the matter.)
Last I heard, Sonny Barger was in the can for dealing meth, I don't even know if he's still alive, he can't be a young man at this point in time.
|
|
Rosco Bodine
Banned
Posts: 6370
Registered: 29-9-2004
Member Is Offline
Mood: analytical
|
|
[13] Pres , leading 600 ministers of truth and justice
to rumble along Pennsylvania Avenue ....
Now that's a parade I'd like to see , with
all the crookedass bureaucrats running
for their hidey holes and bodyguards .
Power to the People ....yeah .
And bring on the big tittied bitches too ,
call it the Anna Nicole Memorial Ride ,
complete with middle of the street ,
spread legged NECROMANCY !
Scary huh ....
that dark side of country boys downtown !
Born to be WILD
|
|
The_Davster
A pnictogen
Posts: 2861
Registered: 18-11-2003
Member Is Offline
Mood: .
|
|
Quote: | Originally posted by Rosco Bodine
It's really one hell of a coincidence for me that when
RS was taken down by idefense ....the topic in open discussion at the time was energetic tetrazoles .
And when MadScience went down ....the exact same
topic was under discussion ...in both cases with some useful information being brought to light , the difference being no data loss this time around ,
due to a CYA backup
being available .
|
I think its more of a cooincidence, we went down in a completly different way than roguesci. But if you are right...Then we know we are geting
somewhere very interesting with the tetrazoles research...perhaps explaining why there is a void of information out there in regards to them.
Thanks for the board back Polv, when you have a chance can you change back the smilies as well?
|
|
quicksilver
International Hazard
Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline
Mood: ~-=SWINGS=-~
|
|
iDefense had an issue with RS that was best described as "political" in nature. I really don't think that they have that issue with this board. Seems
like an exploited element of XMB.....If some jackass got a copy of XMB and set out to find a method of getting in, I'm pretty sure he could do so. The
software is not designed for security, it's designed for communicating. There is no REAL emphasis on security in it's user lay-out. I'll bet some
-=L0W-K3Y C0Ck$uCk3R=- with Gr33t$ going out to other K3WL D00D$ just got a copy of XMB and worked with it for a bit....the fuck needs to get a life.
|
|
Pages:
1
2
3 |