More Awesome Than You!
Welcome,
Guest
. Please
login
or
register
.
2024 November 21, 23:01:16
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search:
Advanced search
SUPPORT THE MUNICIPALITY!
Have you destroyed a paysite today?
"Jelenedra" is the new "gay".
All Lythdans are stupid and suck!
DEATH TO ALL STUPID HAIRY-BELLIED NESSES!
All Kewians are stupid and suck! Accept no Kewian-based substitutes!
Clearly, BlueSoup has failed us! You must not! BlueSoup has a fat head!
Hobbsee has a
scrawny pencil neck.
Rohina the Ugly Butted is a Horny Turkey
540287
Posts in
18067
Topics by
6545
Members
Latest Member:
cincinancy
More Awesome Than You!
TS3/TSM: The Pudding
The World Of Pudding
GSC has been hacked
0 Members and 1 Chinese Bot are viewing this topic.
« previous
next »
Pages:
1
2
3
[
4
]
Author
Topic: GSC has been hacked (Read 50483 times)
Zazazu
Fuzzy Pumpkin
Whiny Wussy
Posts: 8583
Potiron flou
Re: GSC has been hacked
«
Reply #75 on:
2010 January 17, 05:26:47 »
Nah, that's on my totally for real minister certificate from the Universal Church of Whatever or Such.
Logged
Capitalism, Ho!
"Continue to beat it in masturbatory ecstasy if you like, but only Pescado can make it go away." - Lemmiwinks
My Urinal
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: GSC has been hacked
«
Reply #76 on:
2010 January 17, 08:40:26 »
Quote from: Inge on 2010 January 15, 09:08:14
But Pescado, what you're not seeing is that TSR don't *want* these hacking attacks that could look like TSR-related-originated-assisted to happen as it is bad publicity. So why would they do them?
e-Peen? It's a surprisingly common motivation for seemingly illogical and counterproductive acts.
Quote from: Inge on 2010 January 15, 09:08:14
It's not like they're getting rid of pirate content, as everyone knows the hacked site owner simply restores the site immediately. The anti-TSR brigade have far more motive to be doing this - "false flag" you call it?
Except for the catch: Assuming that TSR is NOT responsible, there is no plausible way an anti-TSR faction could acquire the technical data needed to carry out the attacks AND frame TSR for providing the data, without the complicity of at least one agent inside TSR. So even if they wanted to, they couldn't. In order to catch a large number of usable passwords like this, someone would either need to run a highly sophisticated phishing operation AND a means of verifying that the passwords stolen are shared WITHOUT simply trying them on TSR and thus setting off alarms.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Inge
Round Mound of Gray Fatness
Senator
Posts: 4320
Senator Emeritus. Oh hold on, I am still a senator
Re: GSC has been hacked
«
Reply #77 on:
2010 January 17, 08:58:28 »
Well, all this theorising on what errors of judgement may have taken place and what loose cannons they may have fired is still firmly in the realms of speculation. The perp is as unlikely to be brought to justice as PMBD is, and for similar reasons.
What is the desired outcome, and how can this speculation help to bring it about?
Sysadmins - never use the same password on sites you have authority over, or investment in, as you do on ones where you are merely a visitor. Always change your password and other system details after falling out with a fellow admin, and ensure the ex-admin is removed from *all* his membergroups - or delete his account and ask him to make a new one as a regular user.
Logged
\"They\'re here, on the forum. A question riddled, spoiler giving, speculative cancer of sim evil\" -- redearth, Snooty Sims, 2009
Johan
Asinine Airhead
Posts: 20
Re: GSC has been hacked
«
Reply #78 on:
2010 January 17, 22:50:27 »
Quote from: DrNerd on 2010 January 17, 01:01:21
The simsecret hacking over at LiveJournal has also been linked to Atwa/TSR, mainly because of IP similarities and the fact that the only posts that were deleted were ones with anti-TSR secrets.
Do we know who had the account and if that person had an account on TSR with the same password?
Logged
DrNerd
Lipless Loser
Posts: 677
Re: GSC has been hacked
«
Reply #79 on:
2010 January 17, 23:05:54 »
Quote from: Johan on 2010 January 17, 22:50:27
Quote from: DrNerd on 2010 January 17, 01:01:21
The simsecret hacking over at LiveJournal has also been linked to Atwa/TSR, mainly because of IP similarities and the fact that the only posts that were deleted were ones with anti-TSR secrets.
Do we know who had the account and if that person had an account on TSR with the same password?
I don't recall which of the former admins it was (sinthe, maybe), but she did admit at the time that she'd used the same username and password on TSR.
The IP info is here.
Simsecret posts regarding the hacking are
here
and
here.
«
Last Edit: 2010 January 17, 23:17:43 by DrNerd
»
Logged
The Vetinari Dualegacy
The Little Bastard gets an Asylum! A sexy, sexy Asylum.
Johan
Asinine Airhead
Posts: 20
Re: GSC has been hacked
«
Reply #80 on:
2010 January 17, 23:34:14 »
Quote from: J. M. Pescado on 2010 January 17, 02:26:52
The latter seems more likely. If a true vulnerability existed, it would not have been easy to selectively target data using an SQL or PHP vulnerability, and your attacker would have simply deleted everything. Similarly, admin-level password compromise is thus unlikely, as if someone had an admin password, they would have been able to do far more damage.
Yeah i think i'm leaning towards that option too. One strange detail though was that there had been some falied login attempts on some accounts using the wrong random passwords.
Quote from: J. M. Pescado on 2010 January 17, 02:26:52
Is there a technical reason, other than possibly sheer size, that would have made this impossible?
Yeah the technical reason being that he wouldn't be able to dump the member table even if he had a GUI db client and the all necessary information to connect to the database, Thomas is a pixel pusher and he doesn't know how that stuff works.
We don't have any functionality to get a list of passwords in admin so he would have had to pick the one by one to compile a list, which due to sheer size is next to impossible.
Quote from: J. M. Pescado on 2010 January 17, 02:26:52
This does sound excessively laborious, but not impossible, if he selectively compiled anti-paysite activists. The more likely scenario is still whole or partial membertable dumping.
Theoretically possible but then again i have a lot of reason to believe he wouldn't do that. Membertable dump is definitely more likely than that but just as scary.
Quote from: J. M. Pescado on 2010 January 17, 02:26:52
Of the known attacks, the Buggybooz, Shanow, and Scotty attacks are the ones known to me to have confirmed the TSR-password link. There may be others I don't recall offhand, and in none of the unconfirmed cases has this been ruled out as an possibility.
Has there been attacks where it has been confirmed that the password was not the same as a TSR account?
Logged
Johan
Asinine Airhead
Posts: 20
Re: GSC has been hacked
«
Reply #81 on:
2010 January 18, 00:06:09 »
Quote from: DrNerd on 2010 January 17, 23:05:54
I don't recall which of the former admins it was (sinthe, maybe), but she did admit at the time that she'd used the same username and password on TSR.
The IP info is here.
Simsecret posts regarding the hacking are
here
and
here.
I've done some digging and from what i can tell it was Sinthe and a shared account (secret poster or something like that) that was compromised.
Some further digging got me to a post on PMBD where Delphy showed a screenshot from Sinthe with the logins, which i assume was for when simsecret got hacked (not sure about that though):
http://phorum.mustnotbenamed.com/index.php/topic,2399.msg141367.html#msg141367
The combination of IP's and useragent defenitley points to the same perpetrator as in the Buggybooz incident.
Logged
Witchboy
Blathering Buffoon
Posts: 53
Re: GSC has been hacked
«
Reply #82 on:
2010 January 18, 04:52:41 »
The user agent for the IP that hacked into SV & GSC is as follows...
IP:
83.170.113.97
User Agent:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: GSC has been hacked
«
Reply #83 on:
2010 January 18, 05:15:24 »
Quote from: Johan on 2010 January 17, 23:34:14
Yeah i think i'm leaning towards that option too. One strange detail though was that there had been some falied login attempts on some accounts using the wrong random passwords.
That doesn't mean anything. Random people randomly rattle doors on accounts all the time. This would only be a concern if there was a systemic pattern of door-rattling. Given that you run a paysite, it's entirely reasonable to expect that random people will attempt to rattle the doors on accounts simply to see if they can get any free swag, and people also lose their passwords and try to guess which of the set of usual passwords was the right one. Given the sheer size of your site, hundreds if not thousands of such attempts are probably made every week. The SUSPICIOUS thing would be when a strange IP logged into an account, then did nothing with it, and that account was subsequently attacked elsewhere, meaning that someone was trying to probe for a TSR commonality before attempting an attack.
Quote from: Johan on 2010 January 17, 23:34:14
Yeah the technical reason being that he wouldn't be able to dump the member table even if he had a GUI db client and the all necessary information to connect to the database, Thomas is a pixel pusher and he doesn't know how that stuff works.
I dunno about that. I mean, Spilt Pee Soup, a thoroughly nontechnical user, managed to figure out how to use phpmyadmin just fine. Also, there is no guarantee it was Thomas who personally did it. Thomas is the most likely suspect purely based on motives and opportunity, but he isn't the only one who could have done it.
Quote from: Johan on 2010 January 17, 23:34:14
We don't have any functionality to get a list of passwords in admin so he would have had to pick the one by one to compile a list, which due to sheer size is next to impossible.
Or, he could dump the entire thing and do a CRTL-F...
Quote from: Johan on 2010 January 17, 23:34:14
Theoretically possible but then again i have a lot of reason to believe he wouldn't do that. Membertable dump is definitely more likely than that but just as scary.
The exact methodology by which the information was acquired from the database is really less important than the fact that it clearly had to have been.
Quote from: Johan on 2010 January 17, 23:34:14
Has there been attacks where it has been confirmed that the password was not the same as a TSR account?
No. There have been no negative confirmations where a password-attack was conclusively NOT a TSR account password, only cases where confirmation could not be acquired due to either the user not remembering, or not being present. All other hacking attacks not related or suspected to be related to TSR account passwords have all been dismissed as common vandalism and bear no connection to any community politics.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Inge
Round Mound of Gray Fatness
Senator
Posts: 4320
Senator Emeritus. Oh hold on, I am still a senator
Re: GSC has been hacked
«
Reply #84 on:
2010 January 18, 07:34:44 »
Quote from: J. M. Pescado on 2010 January 18, 05:15:24
Spilt Pee Soup, a thoroughly nontechnical user, managed to figure out how to use phpmyadmin just fine.
If you're talkign about Brynne, I don't think she did. Every time she wanted to look at something she asked someone to do it for her, handing out temporary admin access if necessary. Lol long after she thought she'd banned me I could have got in the back door. Fortunately for her I wasn't the shady character she thought I was.
Logged
\"They\'re here, on the forum. A question riddled, spoiler giving, speculative cancer of sim evil\" -- redearth, Snooty Sims, 2009
Pages:
1
2
3
[
4
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
TS4: The Pee-ening
-----------------------------
=> Insert Amusing Name Here
=> Facts and Strategery
-----------------------------
TS3/TSM: The Pudding
-----------------------------
=> The World Of Pudding
=> Facts & Strategery
=> Pudding Factory
===> World of Puddings
===> Pudding Plots
-----------------------------
TS2: Burnination
-----------------------------
=> The Podium
===> Oops! You Broke It!
=> The War Room
=> Planet K 20X6
===> Building Contest of Awesomeness
=> Peasantry
===> Taster's Choice
-----------------------------
The Bowels of Trogdor
-----------------------------
=> The Small Intestines of Trogdor
=> The Large Intestines of Trogdor
-----------------------------
Awesomeware
-----------------------------
=> TS4 Stuff
=> Armoire of Invincibility
===> AwesomeMod!
=> The Armory
===> Playsets & Toys
===> The Scrapyard
-----------------------------
Darcyland
-----------------------------
=> Lord Darcy Investigates
-----------------------------
Ye Olde Simmes 2 Archives: Dead Creators
-----------------------------
=> Ye Olde Crammyboye Archives
=> Ye Olde Syberspunke Archives
-----------------------------
Serious Business
-----------------------------
===> Spore Discussions
Loading...