Status - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: General (/forumdisplay.php?fid=11)
+---- Forum: Forum & Website (/forumdisplay.php?fid=13)
+----- Thread: Status (/showthread.php?tid=21480)
Status by WDZ on 02-16-2004 at 08:33 AM
Well, I decided to open the board again... as many of you know, we were hacked today. I'm not going to go into detail about it at this time.
No serious damage or loss was suffered, probably because of wj's quick action. I was off watching TV when this happened, and didn't get online until a few hours ago. 
We're trying our best to restore the forums back to normal and prevent something like this from happening again. 
RE: Status by kao on 02-16-2004 at 08:43 AM
finally 
gj to all who fix0rd it all up, i saw the forums in all glory and it was.. errr.. faily f00ked 
RE: Status by fluffy_lobster on 02-16-2004 at 08:46 AM
Dunno whether it was fixed in the first place but when you were changing things like Poll dancer: to Poll: did you change Announcement: to Announcment:?
That would be a logical thing to happen if you just reverted to the mybb defaults...
Anyway, well done wj 
RE: Status by Chrono on 02-16-2004 at 09:42 AM
Yep, we gotta give special thx to wj who acted very quickly 
And lets not forget kaslo 
who helped a lot too
And the temp admins (
)
RE: Status by GiantSpider on 02-16-2004 at 09:51 AM
Well done wj. Nobodys safe on the internet nemore..........
RE: Status by Stigmata on 02-16-2004 at 10:08 AM
quote:
Originally posted by Chrono
kaslo
* Stigmata still feels left out ....who are all these people
RE: Status by fluffy_lobster on 02-16-2004 at 10:15 AM
kaslo is quite similar to chromo 
he's actually laslo, who is one of the mybb developers... he used to come here under another name but afaik that won't be mentioned here.
RE: Status by surfichris on 02-16-2004 at 10:17 AM
Yes, wj and Laslo's quick action is what prevented anything more disasterous from occuring.
Right now, its still being looked into, and we are tracing back the hacking.
RE: RE: Status by Anubis on 02-16-2004 at 10:40 AM
quote:Was anyone dafe on the internet? If you have a good AV and Firewall you're safe or dafe for your average joe...Who wants to start a betting poll on what happened? My bet's on a possible mass-ping...but meh I doubt it was that...
Originally posted by GiantSpider
Well done wj. Nobodys dafe on the internet nemore..........
oh and well done wj
RE: Status by fluffy_lobster on 02-16-2004 at 10:51 AM
quote:Do you even know what happened?
Originally posted by anubis_kree_
Was anyone dafe on the internet? If you have a good AV and Firewall you're safe or dafe for your average joe...Who wants to start a betting poll on what happened? My bet's on a possible mass-ping...but meh I doubt it was that...
oh and well done wj
They didn't take down the forums, they got themselves admined and screwed around with the settings from there. There's 2 ways they could have done it... either they found an exploit in mybb, or they found a way to access the database. The second one's more likely, because the IRC server was also hit, and it's possible that whatever exploit they used on there led them to get root access to this server too.
Only time will tell though
RE: Status by Choli on 02-16-2004 at 12:17 PM
Well done, wj and Laslo. It was really annoying (all those 'ssssss...', the 200+ users online, etc...) Anyway, I'm happy all is back to the normality.
btw, now there are the texts: "(Users Browsing this Forum: Choli , and 1 Guests )". Look nice
RE: Status by fluffy_lobster on 02-16-2004 at 12:20 PM
quote:I think wdz probably disabled them because of server load, and the hacker put them back... so don't get your hopes up
Originally posted by Choli
btw, now there are the texts: "(Users Browsing this Forum: Choli , and 1 Guests )". Look nice
They turned birthdays back on at the index too, but i guess that's been set right.
RE: Status by lizard.boy on 02-16-2004 at 12:58 PM
isnt the irc servers someware in the states and the baoard servers in aus? i thought they were totally independant.. good job bringing it back and the poll and moved texts were funny... but one question what was with the blue * on the hot new replys image? (wait i didnt see that 
)
1 things still missing but i dont think anybody cares. The Moderated by: test_user is gone from t&at
RE: Status by DXtremz on 02-16-2004 at 01:13 PM
Both servers are in the same place actually.
RE: Status by reisyboy on 02-16-2004 at 01:22 PM
Oki well atleast not too much damage occured. Thats good news 
Few
RE: Status by fluffy_lobster on 02-16-2004 at 01:32 PM
quote:The hacker enabled all the mybb features (or many of them) that wdz disabled for the sake of server load, and one of them was that... the blue * means that you haven't read the latest post of the thread. He also re-enabled birthdays on the main page, and who's viewing each forum view (still enabled) and a bunch of other stuff
Originally posted by lizard.boy
but one question what was with the blue * on the hot new replys image? (wait i didnt see that
RE: Status by KeyStorm on 02-16-2004 at 01:41 PM
Huh, didn't notice, was doing my final German exam 
Well, I'm happy anyway it was fixed quickly
Good job!
RE: Status by Choli on 02-16-2004 at 03:08 PM
quote:Yep. The forums were down only for less than 13 hours: about from 00:10 to 12:50, spanish times (gmt+1)
Originally posted by KeyStorm
Well, I'm happy anyway it was fixed quickly
RE: Status by KeyStorm on 02-16-2004 at 03:10 PM
quote:Well, at least quicklier than mess.be
Originally posted by Choli
about from 00:10 to 12:50
* KeyStorm wondering about Dwergs arriving today...
RE: Status by fluffy_lobster on 02-16-2004 at 03:20 PM
quote:
Originally posted by Choli
Yep. The forums were down only for less than 13 hours: about from 00:10 to 12:50, spanish times (gmt+1)
They've been up since 9:30 spanish time at least.
RE: Status by KeyStorm on 02-16-2004 at 03:23 PM
you know, Evil Telefonica Proxy 
huh... maybe
RE: Status by Choli on 02-16-2004 at 04:01 PM
quote:Well, I've tried to sign in from the Uni at about 12:30 and they were down, as well as http://www.mybboard.com/ A bit later, I noticed they went up. It was about 1 pm.
Originally posted by fluffy_lobster
quote:nah. The Uni uses Ono and and Rediris networks.
Originally posted by KeyStorm
you know, Evil Telefonica Proxy
RE: Status by KeyStorm on 02-16-2004 at 04:04 PM
quote:Look the time WDZ's posted this new thread
Originally posted by Choli
nah. The Uni uses Ono and and Rediris networks.
Today 09:33 AM (GMT+1)
RE: Status by fluffy_lobster on 02-16-2004 at 04:09 PM
And my reply was posted at 8:43 GMT... so i guess your ISP must have had a problem.
RE: Status by GiantSpider on 02-16-2004 at 04:14 PM
Maybe related (probably not) y is fraise only a senior member now?
RE: Status by fluffy_lobster on 02-16-2004 at 04:18 PM
Her password was stolen and the staff wants to be sure the hacker doesn't have control of her account before they make her super mod again.
RE: Status by wj on 02-16-2004 at 04:29 PM
The first thing done was to de-admin/mod every user that had the power to do anything. From there passwords were reset, the db was locked down and the source files were moved. I believe I've isolated the cause of the accident and locked out the cause, But I need to finish my examination of the logs before I tell others.
RE: Status by Huuf on 02-16-2004 at 04:34 PM
IF it is a mybbug and it gets out how the exploit works, most forums will have a huge problem,
Lucky WJ was fast
With the forumssssssss I first thought this was a joke from wdz () or to check what happens, then saw the users online and I knew it was totaly wrong what had happend =/
[EDiT]
i Just saw that Users browsing this forum if you go into a sub forum is still enabled thought that this was disabled first before the attacks
RE: Status by fluffy_lobster on 02-16-2004 at 04:40 PM
quote:It was... I imagine WDZ will disable it when he gets on, or leave it because it looks so cool
Originally posted by Huuf
[EDiT]
i Just saw that Users browsing this forum if you go into a sub forum is still enabled thought that this was disabled first before the attacks
RE: Status by wj on 02-16-2004 at 04:54 PM
I noticed that it said WDZ was logged in as a super mod, Then I thought, oh, WDZ changed the style for admins, Then I saw they were super mods, Then I flipped out.
BTW, Thanks to Chrono and Johnny for there help making sure the forums got properly reset and to DX for his help in tracking down the cause of this problem though it wasnt what we thought it was.
RE: Status by GiantSpider on 02-16-2004 at 05:03 PM
Fluffy. How do u no so much about this? Its quite scary scene as it was wj who sorted it
RE: Status by fluffy_lobster on 02-16-2004 at 05:06 PM
I was there, and I was on IRC, where we were all talking about it.
It's a bit of a coincidence really... I'd just finished reading/answering posts and had left the forums, but wanted to say something in IRC, so I joined, which was a couple of minutes after the chaos in there had started - a minute later someone said something about the forums, and when I'd looked back they'd gone crazy. This morning I logged on just as WDZ had reopened the forums. The rest is just common sense working out what the hacker musta done.
RE: Status by CookieRevised on 02-16-2004 at 06:02 PM
Thanks for the quick response on this. I was there also on IRC when the fan got hit by the shit... and DX, you see, you did the good thing, no worries
The only question I have left is: Were the passwords comprimised? As in: many users will use the same password for there subscriptions to boards, email, etc...
RE: Status by WDZ on 02-16-2004 at 06:18 PM
quote:Well, I didn't take the time to set everything back to exactly how it was... I'll leave that enabled if you want...
Originally posted by fluffy_lobster
It was... I imagine WDZ will disable it when he gets on, or leave it because it looks so cool
quote:Some passwords were definitely stolen from the IRC server. As for forum passwords, I believe some could have been taken, but we're not sure yet. Anyway, it really doesn't matter, because all the forum passwords are MD5-encrypted, and it's near impossible to decrypt and use them.
Originally posted by CookieRevised
The only question I have left is: Were the passwords comprimised? As in: many users will use the same password for there subscriptions to boards, email, etc...
RE: Status by fluffy_lobster on 02-16-2004 at 06:24 PM
quote:Yeay
Originally posted by WDZ
Well, I didn't take the time to set everything back to exactly how it was... I'll leave that enabled if you want...
I think it's a nice feature...quote:Why aren't the nickserv passwords encrypted anyway?
Originally posted by WDZ
Some passwords were definitely stolen from the IRC server. As for forum passwords, I believe some could have been taken, but we're not sure yet. Anyway, it really doesn't matter, because all the forum passwords are MD5-encrypted, and it's near impossible to decrypt and use them.
And it's just occured to me - what does the lost password formr do seeing as the passwords are encrypted?
RE: Status by WDZ on 02-16-2004 at 06:33 PM
quote:Generates a new password, sends it to you.
Originally posted by fluffy_lobster
And it's just occured to me - what does the lost password formr do seeing as the passwords are encrypted?
RE: Status by sock on 02-16-2004 at 07:12 PM
quote:Well, there's a precompile option to use MD5, but A. The Services' configuration script said it's an experimental feature, B. passwords can't be retrieved that way, and C. the server shouldn't be getting hacked in the first place!
Originally posted by fluffy_lobster
Why aren't the NickServ passwords encrypted anyway?
RE: Status by Chrono on 02-17-2004 at 12:00 AM
I noticed that this test1 user had admin status, and i thought that it was pretty
Sadly, no admins were online at the time so i could do nothing about it. Luckily wj came online
quote:
Originally posted by wj
BTW, Thanks to Chrono and Johnny for there help making sure the forums got properly reset and to DX for his help in tracking down the cause of this problem though it wasnt what we thought it was.
quote:Really?
Fluffy said:
kaslo is quite similar to chrono
Why?
RE: RE: Status by fluffy_lobster on 02-17-2004 at 10:23 AM
quote:I didn't say that... I said kaslo is similar to chromo... like your proper name is chrono his proper name is laslo.
Originally posted by Chrono
quote:Really?
Fluffy said:
kaslo is quite similar to chrono
Why?
RE: Status by 182fan on 02-17-2004 at 12:52 PM
Well do you have any ideas on who, since you already banned a user who had nothing to do with it with no proof of nothing.
"Innocent till proven guilty" pfft
RE: Status by fluffy_lobster on 02-17-2004 at 01:22 PM
quote:Banning ain't necessarily a punishment... if there's even any remote possibility it was someone it's better to ban them so they can't do any harm than to sit there trying to figure it out with the risk of that person strinking again (if it was them)
Originally posted by 182fan
RE: Status
Well do you have any ideas on who, since you already banned a user who had nothing to do with it with no proof of nothing.
"Innocent till proven guilty" pfft
RE: Status by 182fan on 02-17-2004 at 08:41 PM
I was on irc the whole dam time with you, and tbh i cant hack for shit, he has no proof, he has as much proof on me that he has on you, he just did it cause i dont like mybb imo
RE: Status by dom. on 02-17-2004 at 09:04 PM
quote:how can banned people post?
Originally posted by 182fan
I was on irc the whole dam time with you, and tbh i cant hack for shit, he has no proof, he has as much proof on me that he has on you, he just did it cause i dont like mybb imo
RE: Status by musicalmidget on 02-17-2004 at 09:09 PM
quote:
Originally posted by dom.
how can banned people post?
He posted before he was banned.
RE: Status by dom. on 02-17-2004 at 09:11 PM
quote:ah, thanks for clearing that up
Originally posted by musicalmidget
He posted before he was banned.