G oog le BadWeB | Login/out | Topics | Search | Custodians | Register | Edit Profile

Buell Forum » SacBoard » SACBORG HACKED AGAIN « Previous Next »

  Thread Last Poster Posts Pages Last Post
Archive through February 19, 2008Choptop30 02-19-08  04:51 pm
         

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Choptop
Posted on Tuesday, February 19, 2008 - 04:59 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

If this guy has any nuts at all, he'll call me.

I'm easy to get ahold of:

916-349-2778 home
916-207-4645 cell
Top of pagePrevious messageNext messageBottom of page Link to this message

Rex
Posted on Tuesday, February 19, 2008 - 05:06 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

I thought I used to be number 13? ahahahha

would like number 15 though. REX

Top of pagePrevious messageNext messageBottom of page Link to this message

Spiderman
Posted on Tuesday, February 19, 2008 - 06:33 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

this sucks.

do we need to form a lynchin party there CHopster?
Top of pagePrevious messageNext messageBottom of page Link to this message

Natexlh1000
Posted on Tuesday, February 19, 2008 - 06:41 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Assuming the hacker isn't a member of this forum, a sysop could go through the access logs for this topic and view all of the I.P. addresses that were not owned by valid members.

There are probably not too many people that would regularly visit this thread of this site without being a member, right?
Top of pagePrevious messageNext messageBottom of page Link to this message

Choptop
Posted on Tuesday, February 19, 2008 - 07:40 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

havent heard anything... Please call me.

I'd love to contact you. Come on.
Top of pagePrevious messageNext messageBottom of page Link to this message

Bluzm2
Posted on Tuesday, February 19, 2008 - 07:43 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Hey Chop,
The FBI loves stuff like this.
Drop them a line...
Top of pagePrevious messageNext messageBottom of page Link to this message

Choptop
Posted on Tuesday, February 19, 2008 - 10:37 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

well, the hacker requested that i delete this thread after I talk to him/her/it... I cant do that until I have the talk.

give me call. Perhaps there is job in it for ya doing SacBORG security.
Top of pagePrevious messageNext messageBottom of page Link to this message

Glitch
Posted on Wednesday, February 20, 2008 - 08:47 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Chop, just move to a more secure server, no more needs to be done. Though I'd be on the phone with the FBI.
Top of pagePrevious messageNext messageBottom of page Link to this message

Reepicheep
Posted on Wednesday, February 20, 2008 - 01:03 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

You don't want to hire a criminal to do your security.

Do what Glitch said. Hosting is a commodity market, plenty of cheap and secure alternatives.

Badweb won't screw around with this kind of thing. You attack Badweb, we will go straight to law enforcement. No games and drama. It has already locked down, and can be locked down tighter.

Also, if any of you went to sacborg and registered with a username that can be mapped to one here, and the same password you used here, change the one here ASAP.

If the attacker is using Storm worm type attacks, he might have put malware on the Sacborg site that tried to do driveby malware installs on your PC's. So if you are not running AV software and not keeping your systems up to date with Microsoft patches, you could have a rootkit that will be stealing passwords. Some of the Storm worm rootkits are very good, you won't know you have them. Chop, perhaps the compromised system is your client and not your server, and he is just getting keystrokes and logging on.

Any administrative or shell interface to your web server should be IP restricted if possible. You don't need to administrate it from anywhere on the planet, buy a static IP address, or just open it up to only your local ISP's subnet.
Top of pagePrevious messageNext messageBottom of page Link to this message

Choptop
Posted on Wednesday, February 20, 2008 - 01:15 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

No this guy gets a job with me... all he needs to do is call.
Top of pagePrevious messageNext messageBottom of page Link to this message

Reepicheep
Posted on Wednesday, February 20, 2008 - 02:39 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

I doubt his "l33t skills" are up to it. Peeing on a site is easy, it takes real talent to be able to secure one.

Maybe he is good enough and will call you and help you out, but I doubt he is capable of much more then running metasploit... or some other tool that somebody else with *real* talent wrote.
Top of pagePrevious messageNext messageBottom of page Link to this message

Choptop
Posted on Wednesday, February 20, 2008 - 03:50 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Back up and running beyatches.
Top of pagePrevious messageNext messageBottom of page Link to this message

Rich
Posted on Wednesday, February 20, 2008 - 04:53 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

thumbsup
Top of pagePrevious messageNext messageBottom of page Link to this message

Spiderman
Posted on Wednesday, February 20, 2008 - 05:50 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

No this guy gets a job with me

Notice CHop didn't say the "postion" : )
Top of pagePrevious messageNext messageBottom of page Link to this message

Blake
Posted on Monday, February 25, 2008 - 05:49 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Chop,

It seems like you have to go through a lot of trouble to restore the site. I'm largely ignorant of such things, so forgive my simplistic question... Why not just do a site restore from backup?
Top of pagePrevious messageNext messageBottom of page Link to this message

Cochise
Posted on Monday, February 25, 2008 - 06:51 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

I'll tell you who it was, it was that gosh darned Sasquatch, that's who!!
Top of pagePrevious messageNext messageBottom of page Link to this message

Henry_the_8th
Posted on Monday, February 25, 2008 - 06:55 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

If peeing your pants is cool, consider me Miles Davis!
Top of pagePrevious messageNext messageBottom of page Link to this message

Buellerandy
Posted on Tuesday, February 26, 2008 - 03:48 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

"What are you looking at Swan?"
« Previous Next »

Add Your Message Here
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image

Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Password:
E-mail:
Options: Enable HTML code in message
Automatically activate URLs in message
Action:

Topics | Last Day | Tree View | Search | User List | Help/Instructions | Rules | Program Credits Administration