Page 1 of 7 1 2 3 ... LastLast
Results 1 to 10 of 70

Hybrid View

  1. #1
    Administrator
    Join Date
    May 2009
    Posts
    104

    Angry yes - we were hacked, good news and bad news

    Ok,

    So at some point early this morning it appears that someone used a vulnerability in the vbulletin software to takeover our site, exported the user database and replaced our homepage with the most poorly constructed html I've ever seen.

    The situation is this: We've upgraded to vb 4.1.3, so hopefully are now a bit more secure (fingers crossed).

    The Bad News: The database corruption resulted in a loss of about a day and a half's worth of posts, updates etc.. sorry.

    The worse news: All of the information in your forum profile and registration has been stolen by a hacking group calling themselves "pro2leet".

    Before the angry tirade, consider this: We could have said nothing, and let it be, but I feel that would not be a very responsible thing to do, and so we're taking steps to improve security, and hopefully this won't happen again.

    I'm very sorry, and I'm not a happy camper - we are taking special steps to .. find these people in the real world and dump a truckload of manure on their driveways, if you have another punishment in mind, I'm open to suggestions.

    The good news: It is very unlikely that anyone has your password, however it might be a good idea to change it if you use the same password for other things.. like facebook or your email...

    Forums are now reopen.
    "I'm working on it - GAARRR"

  2. #2
    Administrator
    Join Date
    May 2009
    Posts
    104
    Yes - it happened again, Yes we're still working on the how, why etc..

    I miss all the colorful comments that this thread was filling up with - sad.
    "I'm working on it - GAARRR"

  3. #3
    Global Moderator Jaiden's Avatar
    Join Date
    Jul 2007
    Location
    Florida
    Posts
    4,836
    Hacked again today I see. Whoever's doing really must not have anything to do.

    Quote Originally Posted by evileric View Post
    Yes - it happened again, Yes we're still working on the how, why etc..

    I miss all the colorful comments that this thread was filling up with - sad.
    They will be back.

    Manga reading list: Bleach, Naruto, Katekyo Hitman Reborn, One Piece, Code Breaker, Gamaran, Kuroko No Basket, Fairy Tail, The World God Only Knows, Kimi No Iru Machi, Good Ending, Medaka Box, Nisekoi, D.Gray-Man, Ao No Exorcist, Freezing, Magi - Labyrinth of Magic, Soul Eater, Rosario Vampire Season II, Iris Zero, Ubell Blatt, Bloody Cross, Sun-Ken Rock, and Infinite Stratos,

  4. #4
    Administrator
    Join Date
    May 2009
    Posts
    104
    heh - I'm so glad to see it, seriously though, someone must really be "leet" to keep using the same exploit in forum software... over and over and over..

    the genius even uploaded an .exe file as part of his hack this time.. we .. don't run on windows... rofl.
    "I'm working on it - GAARRR"

  5. #5
    Senior Member cross777's Avatar
    Join Date
    Aug 2009
    Location
    USA
    Posts
    10,777
    so true so true. we are not hurting any one. as dysfunctional as we may be, we are still a family and a community, just trying to mind our own bees wax. LOL.
    Quote Originally Posted by evileric View Post
    heh - I'm so glad to see it, seriously though, someone must really be "leet" to keep using the same exploit in forum software... over and over and over..

    the genius even uploaded an .exe file as part of his hack this time.. we .. don't run on windows... rofl.
    so any progress on plugging the holes? like? also are there any other side effects that we might not know about?
    Quote Originally Posted by arisart View Post
    Lol, I bet you argue too much with cross. It's not really healthy you know.
    Quote Originally Posted by Mister Death View Post
    Hey stick to the topic, quit asking nonsense question about other series or if cross777 is thunder luffy which by the way have different IP addresses.... Next person that goes off topic will be infracted...
    [SIGPIC][/SIGPIC]

  6. #6
    Master of Bludging ChaosMaster's Avatar
    Join Date
    Aug 2008
    Location
    Australia
    Posts
    1,003
    These guys must be bored, and other than being annoying, what else have they achieved?

    Hmmm, seems we lost yet some more days worth of posts.

  7. #7
    Mr. Small Fry chomio's Avatar
    Join Date
    Aug 2008
    Location
    I hope on the globe.
    Posts
    72
    Quote Originally Posted by ChaosMaster View Post
    These guys must be bored, and other than being annoying, what else have they achieved?

    Hmmm, seems we lost yet some more days worth of posts.
    People have strange hobby's, I was rather surprised when the stuff turned in a blue screen and re-directed to the hackers site. Well, Mangashare was a bit lucky that the hacker didn't have any evil intentions( even if he took a lot off private data), and the owner did get it back in the same day.
    The hackers that are more dangerous are the ones with revenge intentions, this is a total other story. They take it fully over and demands a randsom, or take it over without letting the owner know. And then they modify the site a bit or place a trojan horse/virus on the site for stealing information. ( their are also people doing it with home computers, I can't image anyone who doesn't have had any trojan horse or a virus in the past.) Anyway he did get 80k off private data, something that happened can not be reverted.

    Also could it be possible to add extra protections like separating the data on different servers, and use more layers off protection?
    Anyway it would be handy to have a back-up server with a back-up adress like mangashare.us or mangashare.eu with a seperated server. When the stuff is hacked again or something breaks down, then it's still possible to communicate on the back-up server. ( Note: the advantage off a back-up server is that they can't steel everything at ones only the part that is in the specific database (splitting up the database). It's also handy to use a software then that a server can detect that the other server is acting weird and then shutting that server down. The only way to stop a hacker when he's almost through the last layer of protection is to shut it down or disconnect the database without power( a direct shut down, then a restart without a network connection and run a recent updated virus scanner.) Well, I'm not a pro with this but that ".exe" file was probably the trojan horse that took the information from the database (all systems can read .exe or I'm wrong).

    Note: half of what I typed is guessing. -_-

  8. #8
    Senior Member joshecalpoly's Avatar
    Join Date
    May 2008
    Location
    Anywhere I want to be
    Posts
    1,605
    Quote Originally Posted by chomio View Post
    People have strange hobby's, I was rather surprised when the stuff turned in a blue screen and re-directed to the hackers site. Well, Mangashare was a bit lucky that the hacker didn't have any evil intentions( even if he took a lot off private data), and the owner did get it back in the same day.
    The hackers that are more dangerous are the ones with revenge intentions, this is a total other story. They take it fully over and demands a randsom, or take it over without letting the owner know. And then they modify the site a bit or place a trojan horse/virus on the site for stealing information. ( their are also people doing it with home computers, I can't image anyone who doesn't have had any trojan horse or a virus in the past.) Anyway he did get 80k off private data, something that happened can not be reverted.

    Also could it be possible to add extra protections like separating the data on different servers, and use more layers off protection?
    Anyway it would be handy to have a back-up server with a back-up adress like mangashare.us or mangashare.eu with a seperated server. When the stuff is hacked again or something breaks down, then it's still possible to communicate on the back-up server. ( Note: the advantage off a back-up server is that they can't steel everything at ones only the part that is in the specific database (splitting up the database). It's also handy to use a software then that a server can detect that the other server is acting weird and then shutting that server down. The only way to stop a hacker when he's almost through the last layer of protection is to shut it down or disconnect the database without power( a direct shut down, then a restart without a network connection and run a recent updated virus scanner.) Well, I'm not a pro with this but that ".exe" file was probably the trojan horse that took the information from the database (all systems can read .exe or I'm wrong).

    Note: half of what I typed is guessing. -_-
    Several correct statements except extra servers can cost money, and the best hackers rarely have ill intent. Still as a target for hackers this site seems like a bad choice. It doesnt display a hackers skill well and it doesnt prvide them with good targets. Which makes these guys abnormal hackers. The PSN provides financial data and it shows a certain level of skill. Some hackers will hack to show the owners the vulnerability.

    .exe does not effect only Windows and DOS it effects many C++ based software so its very possible the site is vulnerable to it.
    Pandaman FOR PRESDIENT

  9. #9
    Mr. Small Fry chomio's Avatar
    Join Date
    Aug 2008
    Location
    I hope on the globe.
    Posts
    72
    Quote Originally Posted by ChaosMaster View Post
    These guys must be bored, and other than being annoying, what else have they achieved?

    Hmmm, seems we lost yet some more days worth of posts.
    And off course this includes all the new series that I've posted in this span too -_- And there it goes a whole evening disappears in thin air....

  10. #10
    LOL, U MAD? Arbitrary's Avatar
    Join Date
    Mar 2008
    Posts
    6,178
    Quote Originally Posted by evileric View Post
    heh - I'm so glad to see it, seriously though, someone must really be "leet" to keep using the same exploit in forum software... over and over and over..

    the genius even uploaded an .exe file as part of his hack this time.. we .. don't run on windows... rofl.
    I was curious as to why I can't see my posts again. Oh well, I guess we have to bring down the hammer on him.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •