|
|
DzzD
|
 |
«
Reply #1 - Posted
2010-04-23 18:47:58 » |
|
Since the successful hack on JGO
http://java-gaming.org/
redirects to:
http://www.java-gaming.org// (note the double slash)
 |
|
|
|
|
Riven
|
|
«
Reply #2 - Posted
2010-04-23 18:49:58 » |
|
Faulty redirects are NOT funny  Edit: Let me add that that HTTP Location header was already b0rked during the hack.  |
|
|
|
Games published by our own members! Check 'em out!
|
|
|
DzzD
|
|
«
Reply #3 - Posted
2010-04-23 18:51:39 » |
|
funny that you did it, it is that no ? you change the redirection ? perfect for spoofing/fishing
|
|
|
|
|
Eli Delventhal
|
|
«
Reply #4 - Posted
2010-04-23 18:52:50 » |
|
Faulty redirects are NOT funny Edit: Let me add that that HTTP Location header was already b0rked during the hack. Well it was messed up anyway. It's probably getting close to JGO needing to migrate somewhere else, actually. With Chris no longer at Sun and now a hack, this might be a logical step. |
|
|
|
|
Riven
|
|
«
Reply #5 - Posted
2010-04-23 19:00:37 » |
|
funny that you did it, it is that no ? you change the redirection ? perfect for spoofing/fishing
I'm not sure what you mean. If you mean that I was behind the attack: no. Anyway, that redirect is not really usable for spoofing, as it doesn't really do much, and is noticable by the enduser. If you hack a site, it's much more evil to not deface it, so that people will still login, allowing you to grap their password in plain text (assuming it is salted+hashed in the database). |
|
|
|
|
DzzD
|
|
«
Reply #6 - Posted
2010-04-23 19:03:02 » |
|
ok I was thinking it was a demonstration of hack (that you did). about spoofing it is very usable as it is the second step after fishing, like if you redirect to www.javagamming.org then grab password and then "spoof the victim" |
|
|
|
|
Matzon
|
|
«
Reply #7 - Posted
2010-04-23 19:08:18 » |
|
why is there no info regarding the defacement?
why are we still running 1.1.5?
fwiw, I am assuming my profile info is already retrieved and that the server may be sending malicious content - so javascript is off for jgo.
|
|
|
|
|
Riven
|
|
«
Reply #8 - Posted
2010-04-23 19:08:51 » |
|
ok I was thinking it was a demonstration of hack (that you did). about spoofing it is very usable as it is the second step after fishing, like if you redirect to www.javagamming.org then grab password and then "spoof the victim" The hackers replaced /index.php They were nice enough to copy the original file to /index2.php  That means they had write access to the web-root. Once you have that, you don't need to spoof anything. You can modify the php script that handles the login, and send every login to an IRC chatroom of your choice. It would (probably) take a long time before anybody would notice that. |
|
|
|
|
DzzD
|
|
«
Reply #9 - Posted
2010-04-23 19:10:52 » |
|
so do we need to change our passwords ? |
|
|
|
Games published by our own members! Check 'em out!
|
|
|
Riven
|
|
«
Reply #10 - Posted
2010-04-23 19:11:30 » |
|
so do we need to change our passwords ? Ofcourse. |
|
|
|
|
elias4444
|
|
«
Reply #11 - Posted
2010-04-23 19:15:36 » |
|
so do we need to change our passwords ? I'm pretty sure SMF stores the passwords via a one-way MD5 encryption in the DB. So, probably, no... you don't NEED to. |
|
|
|
|
DzzD
|
|
«
Reply #12 - Posted
2010-04-23 19:17:10 » |
|
I'm pretty sure SMF stores the passwords via a one-way MD5 encryption in the DB. So, probably, no... you don't NEED to.
I suppose it depend when I connected last time, how long does this hack has been running ? |
|
|
|
|
Riven
|
|
«
Reply #13 - Posted
2010-04-23 19:37:52 » |
|
I'm pretty sure SMF stores the passwords via a one-way MD5 encryption in the DB. So, probably, no... you don't NEED to.
Never heard of rainbow tables? The passwords must be salted too, or you can simply lookup most 'one way' MD5 hashes (MD5 encryption does not exist) MD5 Hash: 7232ae7254ffb527ca0db6cd1ec41152 http://passcracking.com/index.phpThis is how easy it is to 'crack' that MD5... Once a hacker grabs an unsalted hashed table column, most passwords are retreivable this way. |
|
|
|
|
Riven
|
|
«
Reply #14 - Posted
2010-04-23 21:20:00 » |
|
why is there no info regarding the defacement?
why are we still running 1.1.5?
I find the lack of info disturbing... if no admin is posting anything, it might mean that no admin has done anything, and we are still hacked, just not defaced |
|
|
|
|
Eli Delventhal
|
|
«
Reply #15 - Posted
2010-04-23 22:25:38 » |
|
I find the lack of info disturbing... if no admin is posting anything, it might mean that no admin has done anything, and we are still hacked, just not defaced
This is a good point. I tried to email Chris about it but the email I have (a Sun email) no longer works. So does he even know? |
|
|
|
|
teletubo
|
|
«
Reply #16 - Posted
2010-04-23 22:27:41 » |
|
This is a good point. I tried to email Chris about it but the email I have (a Sun email) no longer works. So does he even know?
Minutes after the site came back, I saw ChrisM on the "Latest Active users", so I guess he does . |
|
|
|
|
kappa
|
|
«
Reply #17 - Posted
2010-04-23 23:42:32 » |
|
Minutes after the site came back, I saw ChrisM on the "Latest Active users", so I guess he does .
how do you know that was really him and not the hackers using his account? |
|
|
|
|
|
Eli Delventhal
|
|
«
Reply #18 - Posted
2010-04-24 02:08:11 » |
|
how do you know that was really him and not the hackers using his account? Oh noes! It's a conspiracy! Quick, Chris, tell me something only you would know! |
|
|
|
pjt33bis
Junior Newbie 
|
|
«
Reply #19 - Posted
2010-04-30 11:47:29 » |
|
Any status update? I don't dare log in with my real account.
|
|
|
|
|
|
Riven
|
|
«
Reply #20 - Posted
2010-04-30 14:58:27 » |
|
Any status update? I don't dare log in with my real account.
Why not? Who knows how long the site was hacked before the defacement. Changing your password is about as much as you can do. But yes, it's beyond all reason that none of the admins mentioned the... hack, what happened, and what they did to secure the site (like upgrading from SMF 1.1.5... seriously!) |
|
|
|
|
princec
|
|
«
Reply #21 - Posted
2010-04-30 15:30:53 » |
|
Can't be arsed to change my password. If you see any complete bollocks being posted under my username then you'll know it's a hacker. Oh, wait, hang on... Cas |
|
|
|
|
Roquen
|
|
«
Reply #22 - Posted
2010-04-30 15:33:49 » |
|
Ninja'd. I was about to say something along the same lines!
|
|
|
|
|
|
Markus_Persson
|
|
«
Reply #23 - Posted
2010-04-30 17:01:01 » |
|
For the record, I know nothing, and I can't investigate anything.
|
|
|
|
pjt33bis
Junior Newbie
|
|
«
Reply #24 - Posted
2010-05-04 23:17:58 » |
|
Why not? Who knows how long the site was hacked before the defacement. Changing your password is about as much as you can do. If the site is still hacked then changing your password gives it directly to the hackers, so I'd rather have some credible evidence that it's safe before I do so. |
|
|
|
|
|
Riven
|
|
«
Reply #25 - Posted
2010-05-04 23:21:56 » |
|
If the site is still hacked then changing your password gives it directly to the hackers, so I'd rather have some credible evidence that it's safe before I do so.
There is nothing of value here for me. Even if they have my password, they can only use it to access JGO. And if the site is not hacked anymore, it actually was a good move to change your password. |
|
|
|
|
Riven
|
|
«
Reply #26 - Posted
2010-06-02 14:46:21 » |
|
*BUMP*
Please be responsible and at least update the forum software.
|
|
|
|
|
Markus_Persson
|
|
«
Reply #27 - Posted
2010-06-03 08:56:09 » |
|
I get the feeling that the server this is on is a bit unmanaged at the moment..
|
|
|
|
|
Riven
|
|
«
Reply #28 - Posted
2010-06-03 10:34:19 » |
|
I get the feeling that the server this is on is a bit unmanaged at the moment..
Probably. The invalid redirect is still there, and ChrisM, despite having posted in some other threads, apparantly doesn't think it's even remotely polite to the users of this forum, to explain: what happened, what data was stolen (if any), and how he ensured it won't happen again. Oh well. |
|
|
|
|
