Sign In
Register
Help
This topic is locked
-Dreamhost shuts down Casey's site 4ampro, the host of our boards
-Oracles plan to move to dan-rouse.com and then start over
-Dreamhost gives casey 72 hours to back everything up. Druidz is saved. Me, Aj, neil, and like 10x others make a back up.
-Things are cool. We move over to Ben's hosting services
Part II: MSN and Shoutbox Exploits fuck us Over Twice
-Random Faggot uses [what we believe to be] an MSN bug to take Casey's MSN account and email. slodyy@gmail.com fucks casey over for 3k on paypal (caught by CC company).
-I immedietly back up druidz because I was worried of a conspiracy
-The next day, Jool's MSN/gmail is taken over via the same way as casey's. Neil's account was taken over by an IPB bug tied to the shoutbox. He deletes random shit.
-Luckily, I had that back up from the night before when casey was hacked. Casey teaches me how to restore a forum. I upload the back up. I then immedietly make a back up. Me and ben plan to do daily back ups until the auto back up feature is installed. Druidz dodge a second bullet at this point we still did not know it was a shoutbox hack, we though it was from MSN.
-I go to sleep. The dude sloddy or whoever, then takes over Rick's and Skip's account. He uses the shoutbox exploit to gain control of skip's account. He fucks with our skin settings. Boards taken offline.
-Casey talks to him. He demands RS GP or $$$. Casey tells him to eat shit and die.
-The next day, we allow IPB servies to basically molest our boards. They go through everything with a fine tooth comb. It is then we find out how our boards were taken down:
Quote
Hello,
I was able to pull your logs from your forum, and it very much looks to be that it was done via the Shoutbox.
The user at IP 216.164.25.198 came to the forum, kept accessing and accessing and accessing the shoutbox, then logged onto the ACP.
I have heard rumors of a Live HTTP header exploit with this particular mod that has never been fixed.. It's what it looks like to me, but I am attaching the logs of this user's IP prior to him accessing the ACP so that our Advanced Support can either confirm or deny..
Here's what this guy did.. (Mostly for advanced support)
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /index.php?act=Login&CODE=00
POST /index.php?act=Login&CODE=01
POST /index.php?act=Login&CODE=01
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /index.php?showforum=22
GET /index.php?showtopic=7541
GET /index.php?act=Members
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
POST /index.php?act=Login&CODE=01&CookieDate=1
POST /index.php?act=Login&CODE=01
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /index.php?act=Members
POST /index.php
GET /index.php?act=Members
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /admin.php
POST /admin.php?adsess=&act=login&code=login-complete
Jason
IPS Support
I was able to pull your logs from your forum, and it very much looks to be that it was done via the Shoutbox.
The user at IP 216.164.25.198 came to the forum, kept accessing and accessing and accessing the shoutbox, then logged onto the ACP.
I have heard rumors of a Live HTTP header exploit with this particular mod that has never been fixed.. It's what it looks like to me, but I am attaching the logs of this user's IP prior to him accessing the ACP so that our Advanced Support can either confirm or deny..
Here's what this guy did.. (Mostly for advanced support)
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /index.php?act=Login&CODE=00
POST /index.php?act=Login&CODE=01
POST /index.php?act=Login&CODE=01
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /index.php?showforum=22
GET /index.php?showtopic=7541
GET /index.php?act=Members
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
POST /index.php?act=Login&CODE=01&CookieDate=1
POST /index.php?act=Login&CODE=01
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /index.php?act=Members
POST /index.php
GET /index.php?act=Members
GET /index.php?act=idx
GET /index.php?act=Shoutbox&view=globalshouts
GET /admin.php
POST /admin.php?adsess=&act=login&code=login-complete
Jason
IPS Support
-Casey's guess was right. I begin to restore the boards.
-Boards get restored and Skip, Rick, Jool, and Neil are made guests.
-Casey asks brad to copy the skin settings from another FTP to our current forum.
-Brad does this. When Brad asks what directory to upload them to, casey misunderstands the question and gives Brad the wrong forum.
-Brad's uploading fucks up as it was in the main directory.
-Brad goes to dinner. Casey fixes it.
-Whatever the guy did to our skin settings was so fucked we just stole the default skin from RSC
-Casey has informed Dean (the maker of our shoutbox) that the gibson was nearly hacked. Hopefully we will have a fixed shout box soon.
Basically, we owe casey some thanks for all his work and putting up with teaching me how to restore forums and use IPB. Few rough patches but everything *should* be straight.
Cliffs
1) Pat gets us shut down.
2) Dreamhost loves us and helps us out.
3) Some random fag uses a shoutbox and/or MSN/gmail exploit to fuck up our forums. Twice.
4) Combining Brad's back ups and fast internets, with Casey's knowledge, Druidz were fixed.
5) God apparently loves the druidz somewhat.
6) The Gibson is safe. For now.
MultiQuote
I love you, Brad too. 
1 User(s) are reading this topic
