Post/Author/DateTime | Post |
---|---|
#1zombiegleemaxMay 12, 2004 12:07:31 | Apparently some nimrod has decided to hack into Canonfire and mess with it. Just thought the rest of you would like to know so you can be just as ****** off as I am. |
#2zombiegleemaxMay 12, 2004 13:07:36 | We have identified the problem and partially have identified the hacker and are in the process of upgrading software and security. Canonfire should be available and fully secure late tonight. |
#3zombiegleemaxMay 12, 2004 13:21:21 | Yup, I regret to inform everyone, looks like some kid or loser with nothing better to do, has hacked the site. This is the second time in a week, though this time it was more destructive. to quote: "I hacked your site 5 minutes ago.If you want your site back come on irc.bolchat.org channel #bugojno and search for me my nick is b_o_x_e_r and we will have a deal about your site ? If you don't find me i will erase your site. So hurry find me !!!!!!!!!" No doubt some lame attempt to extract some blackmail. Alas, the site is down and will remain so, until we can figure something out. As Abyss has noted, we are working on some leads. We have a backup of the site as current as Sunday, so we haven't lost any significant content. -G [email]psmedger@canonfire.com[/email] |
#4zombiegleemaxMay 12, 2004 13:44:48 | We have a backup of the site as current as Sunday, so we haven't lost any significant content. Well that's good news. I was p*ss*d but never worried. Any hacker worth his salt should know not to mess with D&D players we are the original computer nerds:D |
#5zombiegleemaxMay 12, 2004 15:23:55 | I hope you're able to track down the dofus who's doing this to the site! Maybe this idiot will try WotC next and get tossed in jail. Or we can just make fun of him at GreyChat Thursday. :D Good luck, Smedger! -wn |
#6zombiegleemaxMay 12, 2004 16:04:35 | Originally posted by PSmedger Oh no! You better do what he says! What a dork, he's probably some 40 year old guy who lives in his mom's basement eating chips all day and working on his Diablo character. Oh man, I really needed that laugh. |
#7zombiegleemaxMay 12, 2004 17:45:02 | he is what looks to be a 20 some year old Bosnian in decent From: Iz Podruma (?), London, Los Angeles (He claims all 3 in different, seperate instances) email is [email]boxerr@hotmail.com[/email] yahoo IM is b_o_x_e_rr his favorite website is http://www.bu.now.nu/ his other favorite website is http://www.bolchat.org another... http://bolze.board.dk3.com/2/ and here is what he looks like! (copy/paste into browser) http://fire.prohosting.com/boxerr/boxer5.jpg and ofcourse you could always find him at irc.bolchat.org channel #bugojno as b_o_x_e_r None of which helps. We need his IP adress and unfortunately all of the web he frequents are hacker and bosnian related or he runs himself, so it's doubtfully we'd receive any cooperation in securing an IP adress. |
#8ArgonMay 12, 2004 19:01:02 | A hacker that really sucks! Good luck on getting the site fully operational. This guy is most likely in the USA I doubt he would be so bold as to have his real identity or anything else running around. |
#9zombiegleemaxMay 12, 2004 19:49:18 | Want us to flood his e-mail with hatemail? |
#10grodogMay 12, 2004 21:50:58 | Originally posted by abysslin whois info for now.nu: [Querying whois.nic.nu] his other favorite website is http://www.bolchat.org whois info for bolchat.org: Domain ID:D33648006-LROR http://bolze.board.dk3.com/2/ [Querying whois.internic.net] and here is what he looks like! (copy/paste into browser) http://fire.prohosting.com/boxerr/boxer5.jpg Oh, he's quite the intelligent-looking guy-with-a-real-future :rolleyes We need his IP adress and unfortunately all of the web he frequents are hacker and bosnian related or he runs himself, so it's doubtfully we'd receive any cooperation in securing an IP adress. I don't know if the whois info will prove to be helpful or not; it's likely forged. I do know that the FBI has a taskforce who track down domestic and international hackers, so we could always call them, too. |
#11zombiegleemaxMay 13, 2004 11:27:46 | Ok, we have successfully tracked down his IP and have blocked all IPs from his ISP. 195.222.41.192 - 195.222.41.255 (BIHNET-TZ4-POOL-GW) Dial-up and Gateways pool; AS3-1; Srebrenik; BA EDIT: Added more out of Sarajevo, apparently he gets around. 195.222.35.0 - 195.222.35.63 (BIHNET-MA-POOL) Dial-up pool; Malta; Sarajevo; BA If you live in Bosnia, using the BIHNET ISP, I'm sorry, but you will no longer be able to access Canonfire. |
#12eric_anondsonMay 13, 2004 13:35:07 | I assume that the vulnerability that was exploited has been discovered and filled? If it has been patched over, would you care to explain just what the nimrod did? Regards, Eric Anondson |
#13zombiegleemaxMay 13, 2004 13:52:24 | We use to run Canonfire on an older version of php and have since updated to a newer, more secure version, as well as took addtional security steps such as IP blocks, and adding steps to admin authentication. Basically, he tricked the database into allowing him to all the admin user names and passwords, proceeded to log-in as the master admin, delete the other admins, create a new master admin and deface the site, attempting to hold it ransom. We are 100% sure that we can not be hacked again in this manner. However, that doesn't mean there aren't alternate ways avialable to the modern day hacker that would breach our security measures. We would have never though a lowly fansite would require such security. |
#14zombiegleemaxMay 13, 2004 14:13:13 | Yeah, it was pretty lame to hack a Greyhawk/D&D fansite... |
#15zombiegleemaxMay 13, 2004 14:30:17 | Hi all! Right, after doing a bit of research, here's what I found out ... @abysslin: 'iz podruma' is Bosnian/Croatian/Serbian for 'from the cellar'. '#bugojno' : Bugojno is a district in south-west Bosnia, ca. 80km northwest from Sarajevo, mostly Bosnian-muslims, a few Croatians. He's one of the moderators of the http://www.bu.now.nu/ site, I can't log on since registration is required. (I wonder what kind of info we'd get from reading the boards there ...) If he really uses bihnet, the most likely address to report abuse is [email]abuse@bih.net.ba[/email] I guess they'd take the incident seriously, if there's enough people reporting it. Regards, Glorfinden PS: Learning languages does pay off! PPS: http://fire.prohosting.com/boxerr/Biceps.jpg (copy and paste into browser) Apparently he's male ... ROFL |
#16zombiegleemaxMay 13, 2004 15:41:58 | Great picture there Glorfinden. |
#17zombiegleemaxMay 13, 2004 16:11:29 | Just to disclaim, it is entirely possible that this "b_o_x_e_r" hacker guy is setting up the real "b_o_x_e_r" |