Sciencemadness Discussion Board
Not logged in [Login ]
Go To Bottom

Printable Version  
 Pages:  1  2    4    6  7
Author: Subject: The Forum Has Been Hacked
gdflp
Super Moderator
*******




Posts: 1320
Registered: 14-2-2014
Location: NY, USA
Member Is Offline

Mood: Staring at code

[*] posted on 13-8-2014 at 09:15


Back in control of my account. Thanks woelen!
View user's profile View All Posts By User
Lambda-Eyde
National Hazard
****




Posts: 860
Registered: 20-11-2008
Location: Norway
Member Is Offline

Mood: Cleaved

[*] posted on 13-8-2014 at 09:30


Quote: Originally posted by elementcollector1  
Alright, thanks for getting me back in on the action. Remind me - what's his IRC name? I'll see if I ever had any contact - which I doubt, but still.

He mostly went under "Manifest" on the channel AFAIK.




This just in: 95,5 % of the world population lives outside the USA
Please drop by our IRC channel: #sciencemadness @ irc.efnet.org
View user's profile View All Posts By User
DrAldehyde
Hazard to Self
**




Posts: 82
Registered: 12-1-2014
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 09:48


It was interesting reading through those chat logs. Really helps develop a sense of personality, what drives people, the chips on their shoulders. Also serves to remind how everything we do online is documented. Glad the admins were able to catch this, hopefully somebody will get a spanking.
View user's profile View All Posts By User
arkoma
Redneck Overlord
*******




Posts: 1763
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline

Mood: украї́нська

[*] posted on 13-8-2014 at 09:58


I see Manifest has a "kewl" shiny new forum title LMFAO.



"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social status, nationality, citizenship, etc" z-lib

View user's profile View All Posts By User
The Volatile Chemist
International Hazard
*****




Posts: 1981
Registered: 22-3-2014
Location: 'Stil' in the lab...
Member Is Offline

Mood: Copious

[*] posted on 13-8-2014 at 10:43


Quote: Originally posted by arkoma  
I see Manifest has a "kewl" shiny new forum title LMFAO.

You got a pretty great one too :) Wish I had a personality or sumptin to put up there, but oh well... :/


[Edited on 8-13-2014 by The Volatile Chemist]

[Edited on 8-13-2014 by The Volatile Chemist]




View user's profile Visit user's homepage View All Posts By User
forgotpassword
Harmless
*




Posts: 47
Registered: 12-8-2014
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 10:56


I'm sorry SM, I am Manifest or that guy from Derry.
/root/ was a way to identify who's account had an email change after a successful bruteforce, unfortunately people caught on...
Believe it or not my intentions were good, my plan was to maybe take over an admin account and on the front page post about the security flaw and then inform Polverone as a joke.
If you don't believe me I have informed Polverone about a security flaw in the past.
View user's profile View All Posts By User
arkoma
Redneck Overlord
*******




Posts: 1763
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline

Mood: украї́нська

[*] posted on 13-8-2014 at 10:58


Quote: Originally posted by forgotpassword  
I'm sorry SM, I am Manifest or that guy from Derry.
/root/ was a way to identify who's account had an email change after a successful bruteforce, unfortunately people caught on...
Believe it or not my intentions were good, my plan was to maybe take over an admin account and on the front page post about the security flaw and then inform Polverone as a joke.
If you don't believe me I have informed Polverone about a security flaw in the past.


Boy, have you got BALLS

Edit--and that is NOT a compliment

[Edited on 8-13-2014 by arkoma]




"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social status, nationality, citizenship, etc" z-lib

View user's profile View All Posts By User
forgotpassword
Harmless
*




Posts: 47
Registered: 12-8-2014
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 11:05


It is what it is.
This really did backfire on me, I wasn't planning anything malicious, I was just going to have fun before telling Polverone.
I really, really really must commend Polverone, he is a fantastic admin and his detective work regarding that server and everything else, the IRC logs is just brilliant, I wanted to see how long it would go on before he got me.
I must emphasise that I did not mean any malice by this, I was just dicking about.
I'm sorry arkoma.
View user's profile View All Posts By User
Loptr
International Hazard
*****




Posts: 1348
Registered: 20-5-2014
Location: USA
Member Is Offline

Mood: Grateful

[*] posted on 13-8-2014 at 11:09


Quote: Originally posted by forgotpassword  
I'm sorry SM, I am Manifest or that guy from Derry.
/root/ was a way to identify who's account had an email change after a successful bruteforce, unfortunately people caught on...
Believe it or not my intentions were good, my plan was to maybe take over an admin account and on the front page post about the security flaw and then inform Polverone as a joke.
If you don't believe me I have informed Polverone about a security flaw in the past.


The intention of white/grey hat hacking is not to cause embarrassment to the staff and administrators. If you find something, it is not responsible for you to go making changes to members accounts, or the site. If you were in the USA, you could be brought under charges of computer misuse and fraud.

I used to be a staff member at GSO, but have since moved on to bigger and better things, and a family.

[Edited on 13-8-2014 by Loptr]

[Edited on 13-8-2014 by Loptr]
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 13-8-2014 at 11:20


Where/how did you hide the iframe? I have scoured recent posts looking for suspicious iframes and turned up nothing. Was the iframe sandbox code on a third party site, or right here in a post on the forum? If you had a clever way of obfuscating the iframe sandbox loading that is worth knowing as much as how the attack itself worked (which I think I have sussed out by now -- and it also explains why certain habits of mine made me invulnerable to your implementation).



PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
arkoma
Redneck Overlord
*******




Posts: 1763
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline

Mood: украї́нська

[*] posted on 13-8-2014 at 11:26


Quote: Originally posted by forgotpassword  
It is what it is.

I'm sorry arkoma.


Accepted.

Think of the WORK it caused--Polverone has a REAL JOB, earning money to live on, and had to muck around figuring this out.




"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social status, nationality, citizenship, etc" z-lib

View user's profile View All Posts By User
DrAldehyde
Hazard to Self
**




Posts: 82
Registered: 12-1-2014
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 11:26


Round of forum applause for Polverone, for fending off the attack and then flushing the culprit out. As to the guilty party pleading mercy, hmm, if you ever watch sentencing in court, you would know that the guilty are always the most repentant once they are caught.
View user's profile View All Posts By User
The Volatile Chemist
International Hazard
*****




Posts: 1981
Registered: 22-3-2014
Location: 'Stil' in the lab...
Member Is Offline

Mood: Copious

[*] posted on 13-8-2014 at 11:42


So Manifest, I recommend changing your SSH port... 22 is NOT a good place for it. And I always knew forgottenpassword was was a malicious guy... Now I have proof...



View user's profile Visit user's homepage View All Posts By User
elementcollector1
International Hazard
*****




Posts: 2684
Registered: 28-12-2011
Location: The Known Universe
Member Is Offline

Mood: Molten

[*] posted on 13-8-2014 at 11:45


While I appreciate the intention? Don't hack my account. It ain't fun or fair to be blocked from the forum for a few days after returning from a trip.



Elements Collected:52/87
Latest Acquired: Cl
Next in Line: Nd
View user's profile View All Posts By User
forgotpassword
Harmless
*




Posts: 47
Registered: 12-8-2014
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 11:53


Quote: Originally posted by The Volatile Chemist  
So Manifest, I recommend changing your SSH port... 22 is NOT a good place for it. And I always knew forgottenpassword was was a malicious guy... Now I have proof...


Sorry elementcollector, your account wasn't hacked, just the email and location changed but I am sorry.

Port 22 is the default port and if changed a port scanner will pick up a new port anyway.
Forgottenpassword is innocent, he's not malicious(that I know of) he isn't me.
I am 'forgotpassword'
You can't bruteforce that IP address, you will be blocked out after 5 failed attempts and have your IP banned.
That's not my router btw that's a VPS.

[Edited on 13-8-2014 by forgotpassword]
View user's profile View All Posts By User
Texium
Administrator
********




Posts: 4583
Registered: 11-1-2014
Location: Salt Lake City
Member Is Offline

Mood: PhD candidate!

[*] posted on 13-8-2014 at 11:57


Quote: Originally posted by The Volatile Chemist  
I always knew forgottenpassword was was a malicious guy... Now I have proof...
That isn't forgottenpassword, that's FORGOTpassword, which was an account created yesterday. Not the same person. So good job Volatile, you just insulted an innocent member of the forum! :P



Come check out the Official Sciencemadness Wiki
They're not really active right now, but here's my YouTube channel and my blog.
View user's profile Visit user's homepage View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 13-8-2014 at 12:03


After you have finished initial server configuration, use public key authentication for SSH and disable password based authentication altogether. Any password that's strong enough to trust is too hard to memorize anyway, so you might as well resign yourself to needing a stored key instead of a memorized word to log in.

I'm still waiting to hear about where the iframe sandbox was hidden, if you're really contrite and want to help clean up the mess you made.




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
arkoma
Redneck Overlord
*******




Posts: 1763
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline

Mood: украї́нська

[*] posted on 13-8-2014 at 12:03


Quote: Originally posted by zts16  
Quote: Originally posted by The Volatile Chemist  
I always knew forgottenpassword was was a malicious guy... Now I have proof...
That isn't forgottenpassword, that's FORGOTpassword, which was an account created yesterday. Not the same person. So good job Volatile, you just insulted an innocent member of the forum! :P


Emotions are understandably running a bit high, zts. Why I already said I figured I owed Mr_Magnesium an apology--I flamed him pretty good in the now deleted acetone peroxide thread.




"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social status, nationality, citizenship, etc" z-lib

View user's profile View All Posts By User
Brain&Force
Hazard to Lanthanides
*****




Posts: 1302
Registered: 13-11-2013
Location: UW-Madison
Member Is Offline

Mood: Incommensurately modulated

[*] posted on 13-8-2014 at 12:16


Manifest, if you really did just "expose a security flaw" why were my posts regarding the matter deleted? And why was Mr_Magnesium's account sockpuppeted?

[Edited on 13.8.2014 by Brain&Force]




At the end of the day, simulating atoms doesn't beat working with the real things...
View user's profile View All Posts By User
forgotpassword
Harmless
*




Posts: 47
Registered: 12-8-2014
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 12:19


I deleted your posts because you were exposing me early so I deleted your posts and locked your account to attempt to stop more people noticing.
Mr_Magnesium's account was sockpuppeted to spread the hack basically.
View user's profile View All Posts By User
Dany
Hazard to Others
***




Posts: 482
Registered: 3-8-2013
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 12:28


After all, all this mess was caused by a school boy... wait until he gets his university degree :)

Dany.
View user's profile View All Posts By User
elementcollector1
International Hazard
*****




Posts: 2684
Registered: 28-12-2011
Location: The Known Universe
Member Is Offline

Mood: Molten

[*] posted on 13-8-2014 at 12:48


If, as you say, it was just my email and location, why couldn't I log in? Sounds like you changed my password as well.
Also, if your intentions were as good as you say, you could have privately contacted Polverone, and saved both yourself and the rest of us the trouble.




Elements Collected:52/87
Latest Acquired: Cl
Next in Line: Nd
View user's profile View All Posts By User
forgotpassword
Harmless
*




Posts: 47
Registered: 12-8-2014
Member Is Offline

Mood: No Mood

[*] posted on 13-8-2014 at 13:08


You could not login because Polverone froze your account to prevent more damage.
I could have done that but I was bored and when I reported a flaw in the past I didn't even get a thanks, so I decided to have more fun before informing Polverone, it was the wrong thing to do, I'm sorry, I was just bored to be honest, why am I called a script kiddie when I did not use scripts, in fact a google search will not show you the exploit I used.
I am very impressed with Polverone's detective skills, my intentions while not exactly great were not malicious.
View user's profile View All Posts By User
arkoma
Redneck Overlord
*******




Posts: 1763
Registered: 3-2-2014
Location: On a Big Blue Marble hurtling through space
Member Is Offline

Mood: украї́нська

[*] posted on 13-8-2014 at 13:10


Take your Kali Linux disc and insert it in your rectum

Edit--you seem to have ABSOLUTELY NO REMORSE. Here in the US of A we tell people like you to "Fuck Off", but since you are in the UK "Bugger Off" seems more appropriate.



[Edited on 8-13-2014 by arkoma]




"We believe the knowledge and cultural heritage of mankind should be accessible to all people around the world, regardless of their wealth, social status, nationality, citizenship, etc" z-lib

View user's profile View All Posts By User
Brain&Force
Hazard to Lanthanides
*****




Posts: 1302
Registered: 13-11-2013
Location: UW-Madison
Member Is Offline

Mood: Incommensurately modulated

[*] posted on 13-8-2014 at 13:12


And you could have foregone the signature wiping. Mine is loaded with BBCode and HTML, and I was lucky to have saved it somewhere.



At the end of the day, simulating atoms doesn't beat working with the real things...
View user's profile View All Posts By User
 Pages:  1  2    4    6  7

  Go To Top