Sciencemadness Discussion Board
Not logged in [Login ]
Go To Bottom

Printable Version  
 Pages:  1    3
Author: Subject: hacked
joe69cool
Harmless
*




Posts: 14
Registered: 31-10-2005
Member Is Offline

Mood: No Mood

[*] posted on 3-3-2007 at 01:16
hacked


they hacked the site. shame on them! They probably did it because they couldnt get their reactions to work.:D



\"Why oh why didn\'t I take the blue pill?\"
View user's profile View All Posts By User
BromicAcid
International Hazard
*****




Posts: 3253
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline

Mood: Rock n' Roll

[*] posted on 3-3-2007 at 01:57


Took me a minute to figure out that anything happened. I always just visit the new posts page but the main page for sciencemadness.org has been defaced though apparently the forum is fine.



Shamelessly plugging my attempts at writing fiction: http://www.robvincent.org
View user's profile Visit user's homepage View All Posts By User
franklyn
International Hazard
*****




Posts: 3026
Registered: 30-5-2006
Location: Da Big Apple
Member Is Offline

Mood: No Mood

[*] posted on 3-3-2007 at 08:00


Those of us with some know how or sophistication can find our
way in providing there still is one , but the other folk are going
to be rudely perplexed unless an advisory e-mail is sent out.

.
View user's profile View All Posts By User
chemrox
International Hazard
*****




Posts: 2961
Registered: 18-1-2007
Location: UTM
Member Is Offline

Mood: LaGrangian

[*] posted on 3-3-2007 at 09:33
noticed last night


Yeah who are these assholes anyway? Like the little skateboarders that vandalize our offices.. public caning would be perfect
View user's profile View All Posts By User
bereal511
Hazard to Others
***




Posts: 162
Registered: 9-8-2005
Location: Madison, WI
Member Is Offline

Mood: No Mood

[*] posted on 3-3-2007 at 09:36


How ridiculously immature. The kewls of the internet are just as rambuncuous as the kewls of real life.



As an adolescent I aspired to lasting fame, I craved factual certainty, and I thirsted for a meaningful vision of human life -- so I became a scientist. This is like becoming an archbishop so you can meet girls.
-- Matt Cartmill
View user's profile View All Posts By User
YT2095
International Hazard
*****




Posts: 1091
Registered: 31-5-2003
Location: Just left of Europe and down a bit.
Member Is Offline

Mood: within Nominal Parameters

[*] posted on 3-3-2007 at 10:08


Script Kiddies undoubtedly, the hacker Equiv of K3wlz to a serious Chemist!



\"In a world full of wonders mankind has managed to invent boredom\" - Death
Twinkies don\'t have a shelf life. They have a half-life! -Caine (a friend of mine)
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 3-3-2007 at 10:14


They changed the ssh/cPanel password so I can't log in. I'm unfortunately spending most of my time today on airplanes and in airports, and my laptop doesn't have the customer support password stored on it. I've asked for the password to be emailed to me but it seems to be slow in coming. This may take a bit of time to resolve.



PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
joe69cool
Harmless
*




Posts: 14
Registered: 31-10-2005
Member Is Offline

Mood: No Mood

[*] posted on 3-3-2007 at 23:53


I should probably keep my damn mouth shut, but I think I know who did it in an abstact way. I'm sure everything will be resolved soon, and they meant it as a compliment I'm sure.



\"Why oh why didn\'t I take the blue pill?\"
View user's profile View All Posts By User
guy
National Hazard
****




Posts: 982
Registered: 14-4-2004
Location: California, USA
Member Is Offline

Mood: Catalytic!

[*] posted on 4-3-2007 at 02:38


Their names don't get any kewler than that.
View user's profile View All Posts By User
dennisfrancisblewettiii
Hazard to Self
**




Posts: 61
Registered: 16-12-2005
Location: Madison, Wisconsin
Member Is Offline


[*] posted on 4-3-2007 at 11:08


Quote:
Originally posted by joe69cool
I should probably keep my damn mouth shut, but I think I know who did it in an abstact way. I'm sure everything will be resolved soon, and they meant it as a compliment I'm sure.


Idefense?

This stuff is annoying.
View user's profile Visit user's homepage View All Posts By User
YT2095
International Hazard
*****




Posts: 1091
Registered: 31-5-2003
Location: Just left of Europe and down a bit.
Member Is Offline

Mood: within Nominal Parameters

[*] posted on 4-3-2007 at 11:34


Quote:
Originally posted by joe69cool
and they meant it as a compliment I'm sure.


Huh... How does That work?????




\"In a world full of wonders mankind has managed to invent boredom\" - Death
Twinkies don\'t have a shelf life. They have a half-life! -Caine (a friend of mine)
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 7-3-2007 at 00:45


It appears that the hosting machine was not more generally compromised -- the attackers tried to use the tools they downloaded, but mine was the only account they compromised this time. Micfo (our hosting company) told me that it must have happened because I had 777 permissions set on PHP files or directories. That's not true -- I don't use 777 permissions on anything, but for $20/month I don't really expect them to do detailed post-intrusion analysis. I would guess that we were hacked using one of the thousands of holes in the security swiss-cheese that is XMB. In a move that should protect us from hacking for at least the next 6 hours, I have upgraded the board to the latest and greatest stable version of XMB. This has some side effects, like different smilies (I can restore the old ones if people really care) and the fact that U2U message preview actually works now.

It's good to be back. I hope we can stay here.




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
Rosco Bodine
Banned





Posts: 6370
Registered: 29-9-2004
Member Is Offline

Mood: analytical

[*] posted on 7-3-2007 at 01:04


Has XMB got a wrong password attempted entry counter to defeat random password sniffer / generators ?
Or have they left a few other backdoors open ?

Yeah the old smilies were better , and it seems like you
put 'em back after the last upgrade some time back because the newer ones are muddy .
View user's profile View All Posts By User
12AX7
Post Harlot
*****




Posts: 4803
Registered: 8-3-2005
Location: oscillating
Member Is Offline

Mood: informative

[*] posted on 7-3-2007 at 01:28


SMDB is back! :D



Seven Transistor Labs LLC http://seventransistorlabs.com/
Electronic Design, from Concept to Layout.
Need engineering assistance? Drop me a message!
View user's profile Visit user's homepage View All Posts By User This user has MSN Messenger
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 7-3-2007 at 01:29


I don't think there is a wrong password timeout or block in place. In any case I'm sure that's not how the attackers worked, since gaining my forum password would only have allowed them to change forum settings. They had shell level access, were able to change the main index page, installed additional software, changed my shell password... I'm sure they got initial shell access through an exploit, most likely an XMB exploit since it's the only software package I've installed under this hosting account. I'm still not sure how they were able to change my shell password once they got shell access -- maybe via the same flaw, since they were obviously able to bypass my password at least once.

I really hope that it was a now-patched XMB flaw, because if it's anything else, there's nothing I can do to improve security.




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
YT2095
International Hazard
*****




Posts: 1091
Registered: 31-5-2003
Location: Just left of Europe and down a bit.
Member Is Offline

Mood: within Nominal Parameters

[*] posted on 7-3-2007 at 01:38


Nice works and Thanks for what you`ve done already!;)



\"In a world full of wonders mankind has managed to invent boredom\" - Death
Twinkies don\'t have a shelf life. They have a half-life! -Caine (a friend of mine)
View user's profile View All Posts By User
Rosco Bodine
Banned





Posts: 6370
Registered: 29-9-2004
Member Is Offline

Mood: analytical

[*] posted on 7-3-2007 at 01:40


It's really one hell of a coincidence for me that when
RS was taken down by idefense ....the topic in open discussion at the time was energetic tetrazoles .

And when MadScience went down ....the exact same
topic was under discussion ...in both cases with some useful information being brought to light , the difference being no data loss this time around , due to a CYA backup
being available .

But isn't that one hell of a coincidence that such an obscure topic would be on top in Energetics both times
when two different forums get trashed .....almost like it
was a magic tripwire or something ?

I really hate such coincidences that just don't quite seem like coincidences at all , but more like a two shot group
so well placed on target ....that it is just one neat hole .
View user's profile View All Posts By User
Sauron
International Hazard
*****




Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline

Mood: metastable

[*] posted on 7-3-2007 at 02:28


Simple enough hypothesis to test. You could go discuss energetic tetrazoles, and see if everything comes crashing down again.

Of course, everyone might be a tad upset with you for doing that, myself included.

I'm just grateful to Polverone for getting the forum back up quickly (I was braced to wait for the weekend).
View user's profile View All Posts By User
Rosco Bodine
Banned





Posts: 6370
Registered: 29-9-2004
Member Is Offline

Mood: analytical

[*] posted on 7-3-2007 at 03:00


Somebody posted the whole echelon watchwords list
one time ....and they probably get saturated with hits
for those keywords from this forum enough to make
it an aggravation for the web watchers . But then
it's got to be like the war on drugs , cops and robbers
need each other for job security . So as they say at
the start of the olympics ....let the games begin .....
what were the rules again ?
View user's profile View All Posts By User
Sauron
International Hazard
*****




Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline

Mood: metastable

[*] posted on 7-3-2007 at 03:08


The rules are this: there are no rules, there's no size, no shape, no color, and the best you can expect is what you least expect.

-- from "The Kremlin Letter", an underappreciated 1970 John Huston film, spoken by Richard Boone.
View user's profile View All Posts By User
Rosco Bodine
Banned





Posts: 6370
Registered: 29-9-2004
Member Is Offline

Mood: analytical

[*] posted on 7-3-2007 at 03:14


Sort of like a girl at a Hells Angels convention
worried about doing something naughty that
might offend the chaperones .

[Edited on 7-3-2007 by Rosco Bodine]
View user's profile View All Posts By User
Sauron
International Hazard
*****




Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline

Mood: metastable

[*] posted on 7-3-2007 at 03:57


Like what? They might be offended if she didn't want to pull a train. (And then maybe she'd have little choice in the matter.)

Last I heard, Sonny Barger was in the can for dealing meth, I don't even know if he's still alive, he can't be a young man at this point in time.
View user's profile View All Posts By User
Rosco Bodine
Banned





Posts: 6370
Registered: 29-9-2004
Member Is Offline

Mood: analytical

[*] posted on 7-3-2007 at 04:21


[13] Pres , leading 600 ministers of truth and justice
to rumble along Pennsylvania Avenue ....
Now that's a parade I'd like to see , with
all the crookedass bureaucrats running
for their hidey holes and bodyguards .
Power to the People ....yeah .

And bring on the big tittied bitches too ,
call it the Anna Nicole Memorial Ride ,
complete with middle of the street ,
spread legged NECROMANCY !

Scary huh ....
that dark side of country boys downtown !

Born to be WILD :cool:
View user's profile View All Posts By User
The_Davster
A pnictogen
*******




Posts: 2861
Registered: 18-11-2003
Member Is Offline

Mood: .

[*] posted on 7-3-2007 at 05:21


Quote:
Originally posted by Rosco Bodine
It's really one hell of a coincidence for me that when
RS was taken down by idefense ....the topic in open discussion at the time was energetic tetrazoles .

And when MadScience went down ....the exact same
topic was under discussion ...in both cases with some useful information being brought to light , the difference being no data loss this time around , due to a CYA backup
being available .



I think its more of a cooincidence, we went down in a completly different way than roguesci. But if you are right...Then we know we are geting somewhere very interesting with the tetrazoles research...perhaps explaining why there is a void of information out there in regards to them.

Thanks for the board back Polv, when you have a chance can you change back the smilies as well?




View user's profile View All Posts By User
quicksilver
International Hazard
*****




Posts: 1820
Registered: 7-9-2005
Location: Inches from the keyboard....
Member Is Offline

Mood: ~-=SWINGS=-~

[*] posted on 7-3-2007 at 06:40


iDefense had an issue with RS that was best described as "political" in nature. I really don't think that they have that issue with this board. Seems like an exploited element of XMB.....If some jackass got a copy of XMB and set out to find a method of getting in, I'm pretty sure he could do so. The software is not designed for security, it's designed for communicating. There is no REAL emphasis on security in it's user lay-out. I'll bet some
-=L0W-K3Y C0Ck$uCk3R=- with Gr33t$ going out to other K3WL D00D$ just got a copy of XMB and worked with it for a bit....the fuck needs to get a life.




View user's profile View All Posts By User
 Pages:  1    3

  Go To Top