Sciencemadness Discussion Board - Sciencemadness hax0red!


	Not logged in [Login ]

FAQ

Member List

Today's Posts Forum Stats

Stats

Back to:

Sciencemadness Discussion Board » Non-science » Forum Matters » Sciencemadness hax0red!

Printable Version

Pages: 1 2 3

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 7-4-2004 at 08:25

Sciencemadness hax0red!

Today I went to log in to sciencemadness and I had to give my username/password (normally I stay logged in almost all the time). The login briefly redirected me to http://www.evelin29.com/images/boardscimad.php, which quickly brought me here. Now why would a maker of tea, located in Bulgaria with administrative contacts in Hong Kong, be involved with the login process for Sciencemadness?

I get the feeling that SM may have been the victim of some sort of hack. Passwords may have been compromised. I will let you know more as soon as I learn more.

PGP Key and corresponding e-mail address

Quantum

Hazard to Others

Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline

Mood: Interested

posted on 7-4-2004 at 08:30

The same thing happened to me at 12:28PM eastern time! Could be that all passwords are being sniffed through that server!

God damn hackers runine it for everyone :mad:

Edit: I tried to go to the /images root but nothing happened. No server messages or anything. Then I tried /images/index.php and the only thing it said was

Blah

)))
http://www.evelin29.com/images/index.php
It makes my suspect that some one rooted evenlin and then used it to stage a password sniffing attack on us.

[Edited on 7-4-2004 by Quantum]

What if, what is isn\'t true?

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 7-4-2004 at 17:32

The aftermath

You can still see the progress of my enlightenment at http://www.sciencemadness.org/warning.html. Being the good admin that I am, I redirected all board traffic to that warning page soon after I discovered the problem, using an .htaccess file in the directory. This no doubt saved many people from losing their passwords to the Mysterious Script Kiddie. Still, I would suggest that anyone who logged in during the last day change their password.

I saw the problem at around 9:00 AM Pacific Standard Time. There was no problem as of 8:00 PM last night. I estimate there was about a 12 hour window of vulnerability. Who was the first person to get the forced login?

PGP Key and corresponding e-mail address

thunderfvck

Hazard to Others

Posts: 347
Registered: 30-1-2004
Location: noitacoL
Member Is Offline

Mood: No Mood

posted on 7-4-2004 at 17:40

That really sucked. A whole afternoon without sciencemadness.

I recall having to log in this morning, at about...930 AM pacific.

So, you recommend changing passwords then? Will do. Is there any bad news for the people who use the same password for everything they need access to? Perhaps I shouldn't have said this out loud. So delete this post if I'm a retard.

Thanks a lot Polverone, for all the work you've put into repairing the board. I really appreciate it.

ROCK ON!

BromicAcid

International Hazard

Posts: 3227
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline

Mood: Rock n' Roll

posted on 7-4-2004 at 17:47

Password changed, with such a speedy response and keeping us informed it makes me believe even more we should be paying you for this.

Shamelessly plugging my attempts at writing fiction: http://www.robvincent.org

The_Davster

A pnictogen

Posts: 2861
Registered: 18-11-2003
Member Is Offline

Mood: .

posted on 7-4-2004 at 17:57

Some aftermath of recent events

First off, thanks Polverone for fixing this so quickly. But now that SM is back up and running I've noticed a few problems.
When I try to enter my U2U I get this message "Parse error: parse error in /home/sciencem/public_html/talk/u2u.php on line 35"
And I just noticed as I was posting this but near the top of the page under the box with the logo, where it usually shows your location within the threads here on SM it now says "Mad Science Discussion Board » Post ReplyPost Reply " instead of the usuall Mad Science Discussion Board » [category name] » [thread name] » post reply

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 7-4-2004 at 18:47

The U2U problem is very strange. You're correct. But this is the code as it was in the download of XMB 1.8 SP3. I copied it over just to make sure I hadn't (badly) manually patched it. I have posted a question about it on the XMB forum. I think I've fixed the double Post Reply message.

Edit: that too is fixed. The file in the download is wrong. So was the first "fix" I downloaded. Have these programmers ever heard of "testing?" :mad:

[Edited on 4-8-2004 by Polverone]

PGP Key and corresponding e-mail address

Quantum

Hazard to Others

Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline

Mood: Interested

posted on 7-4-2004 at 21:45

The "View todays Posts" thing dosn't work at least not for me. All I see it a blank list.

I changed my password to something so long and complex that brute force will never crack it. Unless quantum computers are at the disposale of the crackers.

What if, what is isn\'t true?

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 7-4-2004 at 23:23

It appears that Today's Posts works for me when I'm logged in as Polverone, but not logged in as an ordinary user or completely not-logged-in. There seem to be some sort of restrictions on who can view what in today.php. Let's give the XMB team another round of applause for their thorough testing!

Okay, let's see what happens if I let everyone see what administrators can see (with that tool).

Edit: evidently my PHP-fu is not strong enough to figure out how to let everyone run amok with the Today's Posts tool. It seems to work only for super administrators right now. I will ask the XMB developers how this might be fixed.

[Edited on 4-8-2004 by Polverone]

PGP Key and corresponding e-mail address

thunderfvck

Hazard to Others

Posts: 347
Registered: 30-1-2004
Location: noitacoL
Member Is Offline

Mood: No Mood

posted on 7-4-2004 at 23:33

I'm sorry, but I'm drunk now and quite aggitated as to what had happened earlier.

These tea drinking faggots, I mean really, what do they have to gain aside from PISSING us off? Sure, they get some passwords, and from that what? They can edit out posts, post a few crazy messages, possibly access our email, etc. Unless I'm missing some deeper meaning to all of this, it's quite pointless. These people really have nothing better to do than to make us upset.

And why sciencemadness? Is it simply because they are able to access the server or whatever, and so they can get some passwords? It's not like they're cracking into some pedophilic porno site in which they can make profit off of it or something. It's just information, chemistry.

I am quie angry over this. One reason being that I had posted a question in the beginners section in which I required a response in order to finish my assignment for school. Because of this I may lose 20%. haha. But enough of my self-centeredness, I am extremely grateful for Polverone's work. I mean this guy, seriously, if I had a wife or something, and he was in need of some action, I'd let him sleep with my wife. Honestly. Well maybe NOT....But you know what I mean. Seriously, Polverone, you are the man of men. You make Ghandi look like a herpies infected pedophile. You make Jesus look like a nympho mutant. You are a GOD. Thank you so much for bringing us back on track. And seriously, if you were to enforce a payment for the services you do on this site, I would surely pay. I don't think I could live without this site. Even though I don't post as much as some of the other members, and I don't take part in a lot of discussions, I still read, read, read. The information I gain from this site is priceless. Fuck textbooks. Just sign up to sciencemadness and you'll be a chemistry lord in no time. Well a bit of an exageration but I believe that a few years on this site, reading each post and absorbing it, will provide anyone with a firm knowledge of chemistry.

What I really love about this site is that it's not geared towards explosives/drugs. Much like the explosives & weapons forum, of the hive. This site is chemistry, all levels of it. And that's what I've been searching for ever since I've decided I was going to devote my life to chemistry. You have made my dreams a reality. I thank you and everyone else for making this board what it is. May you forever rock on.

abnormal989

Harmless

Posts: 4
Registered: 5-4-2004
Member Is Offline

Mood: No Mood

posted on 8-4-2004 at 01:50

Evil Hacker Makes Appearance

Hello everyone, nice to see you all. This isn't the real abnormal989, it's the infamous hacker you've all been talking about

. He must have missed the whole password-getting hype because he hasn't changed his password yet...please remind him to for me.

First and foremost, I would like to apologize for stirring things up, I didn't really mean any harm, sciencemadness.org was just a test run. Many passwords were gained, but none were used for anything too malicious. However, the fact that several passwords match those of e-mail accounts is very worrying, at the fact that such an exploit could be pulled off in the first place simply shows the huge security problem there is today.

A few parting words of advice: Don't use the same password you use for your e-mail account for your forum subscriptions. There are WAY too many vulnerable forums out there (you have my word on that one). If the forum gets compromised, and the hacker gets your password, the first thing he'll try probably is to see if it matches your e-mail account. Through there he could go on to e-shop accounts, and you know what happens then. Also, and this is for the admins: If there's a security upgrade, or a new version, USE IT for crying out loud! That probably means there is a SECURITY HOLE a hacker could EXPLOIT and potentially gain some PASSWORDS.

Anyway, before I go I must congratulate you all, especially the admins. You're the only forum owners of many (including owners of forums with 10 times your users) who noticed the hole and fixed it, quite quickly I might add. That goes to show there may be hope yet

I must go now, thanks for listening and I apologize again for upsetting you all. If you have any questions just use this thread, I'll be checking in. Oh, and the following users just MIGHT want to change their passwords, if they haven't already...just a hint:

infernico, I am a fish, JDP, T_Pyro, froot, organikum, darkflame89, Pyrovus, Saerynide, abnormal989, basf, ech310n, AngelEyes, esplosivo, ziqquratu, Haggis, Eliteforum, narkar, thunderfvck, quest, Alchemist, ignorantlyintelligent, vulture, Backyard Blaster, Iv4, Tacho, chemoleo, Polverone, Quantum, Jen, Moonmonster

Well, so long

- Evil Hacker

Organikum

resurrected

Posts: 2329
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: busy and in love

posted on 8-4-2004 at 01:51

The "todays posts" doesnt work for me either. It started to be defunkt after I had to log in again yesterday aka after the hack.

I fear that not all problems are solved already.

Irgendwas is ja immer

vulture

Forum Gatekeeper

Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline

Mood: No Mood

posted on 8-4-2004 at 02:32

Trouble is, those damn XMB proggers don't test anything before they release it.

So the patches keep bringing along security flaws and bugs. :mad:

Makes you wonder what you're paying for.

It's probably a huge cashcow for the company, now and then releasing a bad update without much time spent and cashing the revenues in the meanwhile. :mad:

One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.

Eliteforum

National Hazard

Posts: 571
Registered: 18-11-2002
Location: United Kingdom
Member Is Offline

Mood: Enjoying the journey

posted on 8-4-2004 at 03:07

Just out of intrest, the other day there was a FTP brute force attempt and a large port scan.

<IP edited out>

Nothing was done, as the system is secure.

abnormal989, my password is changed daily.

And a test run for what?

[Edited on 8-4-2004 by vulture]

All that glitters isn't gold.

vulture

Forum Gatekeeper

Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline

Mood: No Mood

posted on 8-4-2004 at 03:28

Elite, that portscan originated from:

Neuron
and/or IIP

....

Looks like said user will not have FTP acces for some time.

One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.

Polverone

Now celebrating 21 years of madness

Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

posted on 8-4-2004 at 09:39

Revenue?!

Bwa ha ha, you thought I was paying for XMB? Certainly not! It only costs money if you want to remove references to XMB and the XMB team from your board.

Edit: to those who are having trouble using Today's Posts, try logging out and then using your browser to remove cookies from Sciencemadness. This seemed to fix it for me so I could see Today's Posts whether I was logged in as Polverone or not logged in at all.

[Edited on 4-8-2004 by Polverone]

PGP Key and corresponding e-mail address

axehandle

Free Radical

Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline

Mood: horny

posted on 8-4-2004 at 13:23

Do we know the IP of the script kiddie? If he's in Europe, I volunteer to hunt him down and beat him up. Fucking script kiddies, ruining the life of sysadmins everywhere...

VERY nice and swift work, Polverone. I admire it.

My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35

\"Verbing nouns weirds the language!\"

Organikum

resurrected

Posts: 2329
Registered: 12-10-2002
Location: Europe
Member Is Offline

Mood: busy and in love

posted on 8-4-2004 at 13:31

I would suggest everybody who discovered the "Todays Posts" problem should change his password again after he got this working again. There is some evidence that accounts are still compromised and the "Todays Posts" is a way to check this. A glitch in the hack so to say.

I am not absolutely sure on this, but changing the password once again doesnt hurt.

Irgendwas is ja immer

chemoleo

Biochemicus Energeticus

Posts: 3005
Registered: 23-7-2003
Location: England Germany
Member Is Offline

Mood: crystalline

posted on 8-4-2004 at 15:22

Today's posts

I think the problem is solved.
Indeed, it's about the cookies. You have to delete the SM one, mind though, they are in a different folder for mozilla/netscape. Not in the IE cookies folder. Since then the today's post link is working fine again

...

Abnormal - whoever you are - I am confused by your message. Are you serious or is this a joke?

[Edited on 9-4-2004 by chemoleo]

Never Stop to Begin, and Never Begin to Stop...
Tolerance is good. But not with the intolerant! (Wilhelm Busch)

ech310n

Harmless

Posts: 29
Registered: 18-10-2003
Location: Australia
Member Is Offline

Mood: No Mood

posted on 8-4-2004 at 18:58

That post from Abnormal seems to be real as he/she/it lists my username, and yes I did log in that night. Script kiddies and malicious hackers are the scum of this earth :mad:

[Edited on 9-4-2004 by ech310n]

Hermes_Trismegistus

National Hazard

Posts: 602
Registered: 27-11-2003
Location: Greece, Ancient
Member Is Offline

Mood: conformation:ga

posted on 8-4-2004 at 20:46

Not So!

I have a not insignificant amount of respect for this particular infonaut.

He's obviously both skilled in his field and intelligent.

But beyond that, he's friendly and polite, helpful and considerate, he is well spoken and above all has a good and gentle sense of humor.

I think that many of us would find him to be a likeable rogue and not unlike us in his quest for knowledge and experience.

Bravo, my good man!

BRAVO.

ech310n

Harmless

Posts: 29
Registered: 18-10-2003
Location: Australia
Member Is Offline

Mood: No Mood

posted on 8-4-2004 at 21:09

Hermes, I agree with your views to a certain extent but after putting up with script kiddies and malicious hackers for years I get very annoyed with them. I have an ADSL modem with a built in router and it is often crashing due to malicious DOS attacks. If I leave my Linux system running for the day processing something while I am at school the IDS goes spastic with the amount of malicious traffic it picks up (note that I am aware of the very high false alerts many IDS's have).

Then there is the computers throughout the rest of the house that my family use. They are often been hacked but that has thankfully become non-existent now that all computers at least run Windows XP Professional and are up to date.

I should stop rambling now but the point is that many of these script kiddies have no real motive other than to peeve other people off. I am also not necessarily saying that this hacker in question is a script kiddie or was malicious in his ways. Sorry for editing this post many times, I should get some more sleep.

[Edited on 9-4-2004 by ech310n]

[Edited on 9-4-2004 by ech310n]

[Edited on 9-4-2004 by ech310n]

Mr. Wizard

International Hazard

Posts: 1042
Registered: 30-3-2003
Member Is Offline

Mood: No Mood

posted on 8-4-2004 at 21:58

Did anyone notice the phrase 'e-shops'? He sounds British. Of course many Europeans speak English like the English ;-) I changed my password, which is used only on this board. Write them down rather than use the same one.

madscientist

National Hazard

Posts: 962
Registered: 19-5-2002
Location: American Midwest
Member Is Offline

Mood: pyrophoric

posted on 8-4-2004 at 23:34

Quote:

Many passwords were gained, but none were used for anything too malicious.

Define "not too malicious" for us.

And by the way, why did you do this? We aren't the ones who wrote the board software, we know it has holes, and there's not much we can do about it. As has been said, the patches are buggy. I highly doubt you did anything more than read about a bug somewhere and start going around messing up forums exploiting it... which is a complete waste of both your time and our time. You can't claim either that you were just benevolently trying to wake us up to the problem, because firstly it would've been far simpler to email us a notice about it, and secondly you said that most of the forums don't seem to find out about what you've done.

[Edited on 9-4-2004 by madscientist]

I weep at the sight of flaming acetic anhydride.

abnormal989

Harmless

Posts: 4
Registered: 5-4-2004
Member Is Offline

Mood: No Mood

posted on 9-4-2004 at 01:31

Me again

As I said before, sciencemadness.org was a test run, I wished to try something out to see if it would work.

madscientist: Simply reading about a bug somewhere would mean me sticking with SQL injection, which is how I obtained the MD5 hash of your password. But it didn't stop there, did it? You're right, simply reading about a hole and trying it out is pointless. But adding to it, making it work for you takes more than that, and that's what happened here.

What I meant by not too malicious was that yes, I did obtain several passwords, but I didn't really use them because that wasn't the point. Also the fact that all the accounts and all the threads are intact contribute to proving the "not too malicious" nature of my "attack". Someone else could've just deleted all the threads and messed up all the accounts.

Pages: 1 2 3

Sciencemadness Discussion Board » Non-science » Forum Matters » Sciencemadness hax0red!