Canonfire should be available and fully secure late tonight.
to quote:
"I hacked your site 5 minutes ago.If you want your site back
come on
irc.bolchat.org channel #bugojno
and search for me
my nick is b_o_x_e_r and we will have a deal about your site ?
If you don't find me
i will erase your site.
So hurry find me !!!!!!!!!"
No doubt some lame attempt to extract some blackmail.
Alas, the site is down and will remain so, until we can figure something out. As Abyss has noted, we are working on some leads. We have a backup of the site as current as Sunday, so we haven't lost any significant content.
-G
[email]psmedger@canonfire.com[/email]
We have a backup of the site as current as Sunday, so we haven't lost any significant content.
Well that's good news. I was p*ss*d but never worried. Any hacker worth his salt should know not to mess with D&D players we are the original computer nerds:D
Or we can just make fun of him at GreyChat Thursday. :D
Good luck, Smedger!
-wn
Originally posted by PSmedger
to quote:
"I hacked your site 5 minutes ago.If you want your site back
come on
irc.bolchat.org channel #bugojno
and search for me
my nick is b_o_x_e_r and we will have a deal about your site ?
If you don't find me
i will erase your site.
So hurry find me !!!!!!!!!"
Oh no! You better do what he says! What a dork, he's probably some 40 year old guy who lives in his mom's basement eating chips all day and working on his Diablo character. Oh man, I really needed that laugh.
Bosnian in decent
From: Iz Podruma (?), London, Los Angeles (He claims all 3 in different, seperate instances)
email is [email]boxerr@hotmail.com[/email]
yahoo IM is b_o_x_e_rr
his favorite website is
http://www.bu.now.nu/
his other favorite website is
http://www.bolchat.org
another...
http://bolze.board.dk3.com/2/
and here is what he looks like! (copy/paste into browser)
http://fire.prohosting.com/boxerr/boxer5.jpg
and ofcourse you could always find him at irc.bolchat.org channel #bugojno as b_o_x_e_r
None of which helps. We need his IP adress and unfortunately all of the web he frequents are hacker and bosnian related or he runs himself, so it's doubtfully we'd receive any cooperation in securing an IP adress.
Good luck on getting the site fully operational. This guy is most likely in the USA I doubt he would be so bold as to have his real identity or anything else running around.
Originally posted by abysslin
http://www.bu.now.nu/
whois info for now.nu:
[Querying whois.nic.nu]
[whois.nic.nu]
------------------------------------------------------------------------
.NU Domain Ltd Whois service
Domain Name (ASCII): now.nu
Record ID: 72536
Record last updated on 30-Jan-2003.
Record expires on 08-Jan-2007.
Record created on 08-Jan-2000.
Record status: Active.
Domain servers in listed order:
ns.hostsac.com 64.191.40.221
ns2.hostsac.com 64.191.40.222
Copyright by .NU Domain Ltd - http://www.nunames.nu
------------------------------------------------------------------------
Database last updated: Wed May 12 22:31:48 2004
------------------------------------------------------------------------
his other favorite website is http://www.bolchat.org
whois info for bolchat.org:
Domain ID:D33648006-LROR
Domain Name:BOLCHAT.ORG
Created On:28-Aug-2000 14:59:42 UTC
Last Updated On:17-Mar-2004 02:55:15 UTC
Expiration Date:28-Aug-2004 14:59:42 UTC
Sponsoring Registrar:R48-LROR
Status:OK
Registrant ID:ODN-199658
Registrant Name:Salih Kulic
Registrant Street1:PO BOX M74
Registrant Street2:Manahan
Registrant City:Sydney
Registrant State/Province:NSW
Registrant Postal Code:2200
Registrant Country:AU
Registrant Phone:+61.424061167
Registrant Email:sk@BOLCHAT.NET
Admin ID:ODN-199658
Admin Name:Salih Kulic
Admin Street1:PO BOX M74
Admin Street2:Manahan
Admin City:Sydney
Admin State/Province:NSW
Admin Postal Code:2200
Admin Country:AU
Admin Phone:+61.424061167
Admin Email:sk@BOLCHAT.NET
Tech ID:ODN-199658
Tech Name:Salih Kulic
Tech Street1:PO BOX M74
Tech Street2:Manahan
Tech City:Sydney
Tech State/Province:NSW
Tech Postal Code:2200
Tech Country:AU
Tech Phone:+61.424061167
Tech Email:sk@BOLCHAT.NET
Name Server:NS1.ATHEOSONLINE.COM
Name Server:NS2.ATHEOSONLINE.COM
http://bolze.board.dk3.com/2/
[Querying whois.internic.net]
[Redirected to whois.opensrs.net]
[Querying whois.opensrs.net]
[whois.opensrs.net]
Registrant:
Servage ApS
Oestergade 22
Vejen, 6600
DK
Domain name: DK3.COM
Administrative Contact:
Fallesen, Steffan [email]ssf@servage.com[/email]
Oestergade 22
Vejen, 6600
DK
+45 75367921 Fax: +45 75366924
Technical Contact:
(Network Operations Center), NOC [email]noc@servage.com[/email]
Oestergade 22
Vejen, DK 6600
DK
+45 75367921 Fax: +45 75366924
Registration Service Provider:
Servage.net Hosting, [email]support@servage.net[/email]
+49 46116098359 (fax)
http://www.servage.net/
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 04-Feb-2004.
Record expires on 05-Mar-2005.
Record created on 05-Mar-1999.
Domain servers in listed order:
NS1.SERVAGE.NET 62.214.98.76
NS2.SERVAGE.NET 62.214.98.80
NS4.SERVAGE.NET 62.214.98.71
NS3.SERVAGE.NET 62.214.98.77
NS5.SERVAGE.NET 62.214.98.77
NS6.SERVAGE.NET 62.214.98.77
and here is what he looks like! (copy/paste into browser)
http://fire.prohosting.com/boxerr/boxer5.jpg
Oh, he's quite the intelligent-looking guy-with-a-real-future :rolleyes
We need his IP adress and unfortunately all of the web he frequents are hacker and bosnian related or he runs himself, so it's doubtfully we'd receive any cooperation in securing an IP adress.
I don't know if the whois info will prove to be helpful or not; it's likely forged. I do know that the FBI has a taskforce who track down domestic and international hackers, so we could always call them, too.
195.222.41.192 - 195.222.41.255 (BIHNET-TZ4-POOL-GW) Dial-up and Gateways pool; AS3-1; Srebrenik; BA
EDIT: Added more out of Sarajevo, apparently he gets around.
195.222.35.0 - 195.222.35.63 (BIHNET-MA-POOL) Dial-up pool; Malta; Sarajevo; BA
If you live in Bosnia, using the BIHNET ISP, I'm sorry, but you will no longer be able to access Canonfire.
Regards,
Eric Anondson
Basically, he tricked the database into allowing him to all the admin user names and passwords, proceeded to log-in as the master admin, delete the other admins, create a new master admin and deface the site, attempting to hold it ransom.
We are 100% sure that we can not be hacked again in this manner. However, that doesn't mean there aren't alternate ways avialable to the modern day hacker that would breach our security measures.
We would have never though a lowly fansite would require such security.
Right, after doing a bit of research, here's what I found out ...
@abysslin:
'iz podruma' is Bosnian/Croatian/Serbian for 'from the cellar'.
'#bugojno' : Bugojno is a district in south-west Bosnia, ca. 80km northwest from Sarajevo, mostly Bosnian-muslims, a few Croatians.
He's one of the moderators of the http://www.bu.now.nu/ site, I can't log on since registration is required. (I wonder what kind of info we'd get from reading the boards there ...)
If he really uses bihnet, the most likely address to report abuse is
[email]abuse@bih.net.ba[/email]
I guess they'd take the incident seriously, if there's enough people reporting it.
Regards,
Glorfinden
PS: Learning languages does pay off!
PPS:
http://fire.prohosting.com/boxerr/Biceps.jpg
(copy and paste into browser)
Apparently he's male ... ROFL
Great picture there Glorfinden.