Home General Discussion

Don't you just love hackers...?

polycounter lvl 18
Offline / Send Message
odium polycounter lvl 18
So I wake up this morning, and find the main OverDose site has been deleted from the FTP, and in its place theres a .sql exploit file, as well as loads of other ShellBOT files and phpbb exploit files all over the site... Thankfully, only the main OverDose site has been deleted, and the forums, Blur site and other little things (Like my portfolio etc) are still ok...

But I have to say, I'm slightly vexed... Its not that it wasn't backed up, because it is, its just that now I'll have to install the damn thing again, and its not a quick 10minute job either... Whats the chance on the main hosting saving snapshots of the FTP so they can replace the dir?

Why are people so pathetic they have to hack something for no reason at all? Ugh... Really grinds my gears...

Anybody else had any trouble with dirty hackers...?


  • notman
    Offline / Send Message
    notman polycounter lvl 18
    I'm getting really annoyed with hackers taking over yahoo accounts. I have several relatives who have had their yahoo accounts hacked, and the hack starts sending out bogus links to everyone in the contact list. My brother and his girlfriend have had it multiple times, my wife's cousin has had it, and right now, my Aunt is sending me spam links.

    I guess their hack tries to serve a purpose and earn the hacker some click thru money. Hacks like the one you've received, really piss me off, because as you mentioned, it serves no purpose other than to destroy shit on the net.
  • Saman
    Offline / Send Message
    Saman polycounter lvl 14
    notman: That sounds like the trojan virus' for msn messenger. It sends out spam links to people(Yeah they're fake because I doubt my male friends would honestly want me to look at "cool" nudie pictures of them).
    odium: I really don't understand the point of hacking a random site and deleting everything just for the fun of it. I mean what if you get caught? I guess they think something like that is worth going to jail for.
    The only experience I've had was in WOW where some gold seller hacked my account and got it suspended. Thankfully they helped me get the stuff back and reactivated my account.
    Offline / Send Message
    FAT_CAP polycounter lvl 18
    @Notman - I was the victim of that Yahoo spam thing as well - definitely not a Trojan on my machine though. I have trawled the web and a load of other people have had the same thing happen - lots of people saying they think someone has found a security hole somewhere in Yahoo mail. I ended up changing my all my mail/ site passwords and (fingers crossed) theat seems to have stopped them from returning.

    Theres a blog article here: http://dagblog.com/humor-satire/who-hijacked-yahoo-mail-3151 which goes over the Yahoo mail thing with some lengthy comments which make interesting reading.

    I would really like to just stop using Yahoo mail and transfer over to GMail or similar but this seems like a lot of hassle to update everything/ everybody to use a new ail address.
  • oXYnary
    Offline / Send Message
    oXYnary polycounter lvl 18
    odium wrote: »
    So I wake up this morning, and find the main OverDose site has been deleted from the FTP, and in its place theres a .sql exploit file, as well as loads of other ShellBOT files and phpbb exploit files all over the site... Thankfully, only the main OverDose site has been deleted, and the forums, Blur site and other little things (Like my portfolio etc) are still ok...

    But I have to say, I'm slightly vexed... Its not that it wasn't backed up, because it is, its just that now I'll have to install the damn thing again, and its not a quick 10minute job either... Whats the chance on the main hosting saving snapshots of the FTP so they can replace the dir?

    Why are people so pathetic they have to hack something for no reason at all? Ugh... Really grinds my gears...

    Anybody else had any trouble with dirty hackers...?

    What version and type of forum sotfware were you using? THere was a recent exploit published earlier this month that required all Vbullitens of a certain version to upgrade ASAP. In fact I would question was all your php and such up to date with security patches. Finally. You hopefully arent using a Windows server, and FTP is too insecure for most things.
  • r_fletch_r
    Offline / Send Message
    r_fletch_r polycounter lvl 9
    FAT_CAP wrote: »
    @Notman - I was the victim of that Yahoo spam thing as well - definitely not a Trojan on my machine though. I have trawled the web and a load of other people have had the same thing happen - lots of people saying they think someone has found a security hole somewhere in Yahoo mail. I ended up changing my all my mail/ site passwords and (fingers crossed) theat seems to have stopped them from returning.

    Theres a blog article here: http://dagblog.com/humor-satire/who-hijacked-yahoo-mail-3151 which goes over the Yahoo mail thing with some lengthy comments which make interesting reading.

    I would really like to just stop using Yahoo mail and transfer over to GMail or similar but this seems like a lot of hassle to update everything/ everybody to use a new ail address.

    If your Yahoo uses POP3 you can make Gmail pickup your mail from the Yahoo Box.
    I switched a while back, sent out emails to my contacts alerting them of the change and any stray emails going to my old account get spam filtered and arrive in my mailbox courtesy of Google.
  • notman
    Offline / Send Message
    notman polycounter lvl 18
    FAT_CAP wrote: »
    @Notman - I was the victim of that Yahoo spam thing as well - definitely not a Trojan on my machine though. I have trawled the web and a load of other people have had the same thing happen - lots of people saying they think someone has found a security hole somewhere in Yahoo mail. I ended up changing my all my mail/ site passwords and (fingers crossed) theat seems to have stopped them from returning.

    My recommendation to everyone so far, has been to change their password and it seems to resolve it. My brother was too lazy to change his the first time I mentioned it, and thought everything was good because it seemed to have stopped. Then, a month later, it started sending the spam emails again. He finally changed his password, and the problem went away.

    I have a theory, that the hacker is maybe getting into your cookies, and finding one that stores a yahoo email and password. Then, it goes to yahoo and tests the same password. Since most people use the same password for other sites, as they do for email, it probably works.

    *crosses fingers* This has never happened to my yahoo account, but I use a very unique password for my email accounts, that I don't use on any other site. So, for instance, if polycount used my email addy as a login, and had my password as part of a cookie, a hacker would not be able to use my password here to get into my yahoo account.
  • notman
    Offline / Send Message
    notman polycounter lvl 18
    r_fletch_r wrote: »
    If your Yahoo uses POP3 you can make Gmail pickup your mail from the Yahoo Box.
    I switched a while back, sent out emails to my contacts alerting them of the change and any stray emails going to my old account get spam filtered and arrive in my mailbox courtesy of Google.

    I thought Yahoo stopped allowing pop3 with their free accounts?
  • arrangemonk
    Offline / Send Message
    arrangemonk polycounter lvl 17
    im having it security exams tomorrow^^

    and i learnt its totally easy to hack some sites, especially phpbb based forums
    just sql inject something into the logon screen and your in the admin panel and can destroy everything

    my recomendations:
    use safe passwords, and (since one usually uses the same pwds ovber and over)
    dont use them passwords assigned to importand things in social networks
    since facebook and myspace is also very hackable (simple cross site script in user content is able to send the cookies to the attackers computer)
    allowing him to using your account,

    them big bot networks are only there for money, the people behind it usually get paid
    for sending mass spam

    and deletion of stuff is usually some frustraded hacker kiddie trying to be awesome
  • KWolmarans
    Offline / Send Message
    KWolmarans polycounter lvl 13
    with the knowledge of the coders in our industry why cant it be back traced affter the fact and reverse hack the attacker.
  • Mark Dygert
    err probably because not everyone that knows a bit of "code" knows every bit of code.
    "You just need a terminal to hack into the mainframe through the backdoor"

    "I don't get it, I thought you said you where a programmer? Why can't you re-target Chinese ICBM's to obliterate Russia using my Commodore 64!?"

    It's that simple...
  • MattQ86
  • arrangemonk
    Offline / Send Message
    arrangemonk polycounter lvl 17
    it is possible to track ones ip when get hacked, but that requires a proper security concept including logging suspicious events (suspicious event is a behaviour thats not in the whitelist of proper events)
    but hacking together a gui in visual basic after someone postet at a forum or something that doesnt log, is totally worthless, i would fire that chick, immediately
    proper way is getting the date of the post (usually year month day hour secons) and then you ask the provider for the log opf that specific second , and then you filter them postrequests that contains the text and then you can see the ip, but what now?

    i would say i get to know which telephone company owns the ip , and ask him who logged in under that ip in that time, and gotcha

    but that all would require data retention, and around here (germany) its illegal:D
  • eld
    Offline / Send Message
    eld polycounter lvl 18
    not just a gui

    a gui INTERFACE!
  • bbob
    A graphical user interface interface?

  • sampson
    Offline / Send Message
    sampson polycounter lvl 9
    its like saying atm machine.
  • haiddasalami
    Offline / Send Message
    haiddasalami polycounter lvl 14
    bbob wrote: »
    A graphical user interface interface?


    wonder what that would look like..man an interface for the interface. MINDFUCK!
  • defecticon001
  • Electro
    Offline / Send Message
    Electro polycounter lvl 19
    Inception has nothing compared to a GUI interface.
  • arrangemonk
    Offline / Send Message
    arrangemonk polycounter lvl 17
    wonder what that would look like..man an interface for the interface. MINDFUCK!

    one calls that "proxy" :D
    sometimes theres also the decorator pattern thats usually an interface for an interface too
  • Psyk0
    Offline / Send Message
    Psyk0 polycounter lvl 18
    I got an alternate gmail account "hacked", the fucker was probably from nigeria or some shit like that (i found his ip and proxy he used). Anyway, he did'nt get much out of it. He tried to impersonate me and asked money to Johny over gmail chat, since Johny is broke as hell the scheme didnt work. I got the account back within a few hours.
  • odium
    Offline / Send Message
    odium polycounter lvl 18
    Well guys, a few days ago they hacked us again, did the same thing, deleted the OverDose site. I restored it.

    I wake up this morning to find the entire site is still there, but down...

    It seems that this time, the hackers deleted every single .SQL database we used. That means our forums, our main site AND our developer SDK and wiki (A whole site made JUST for helping people) are all gone, because the data was deleted...

    Also, the only page that still works is the main Team Blur Games homepage because its made in shitty html as a base... but oddly enough every page works fine... Except the "projects" page which links to OverDose, which was deleted...

    So it looks like we were right, some Killing Floor fan has hacked us AGAIN, just for kicks, and to be honest I'm getting tired of it. It's made me decide to stand down as lead artist on the project and also take all my work with me. Its just utterly childish that people have to stoop to such retarded levels.
  • Michael Knubben
    odium wrote: »
    It's made me decide to stand down as lead artist on the project and also take all my work with me. Its just utterly childish

    Now I realise I don't have all the information (what's going on between you and Killing Floor fans, for instance), so feel free to clue me in, but right now it looks a lot like 'I'm leaving and I'm taking my ball!'
  • oXYnary
    Offline / Send Message
    oXYnary polycounter lvl 18
    odium wrote: »
    Well guys, a few days ago they hacked us again, did the same thing, deleted the OverDose site. I restored it.

    I wake up this morning to find the entire site is still there, but down...

    It seems that this time, the hackers deleted every single .SQL database we used. That means our forums, our main site AND our developer SDK and wiki (A whole site made JUST for helping people) are all gone, because the data was deleted...

    Also, the only page that still works is the main Team Blur Games homepage because its made in shitty html as a base... but oddly enough every page works fine... Except the "projects" page which links to OverDose, which was deleted...

    So it looks like we were right, some Killing Floor fan has hacked us AGAIN, just for kicks, and to be honest I'm getting tired of it. It's made me decide to stand down as lead artist on the project and also take all my work with me. Its just utterly childish that people have to stoop to such retarded levels.

    I have no sympathy for you if in fact if you were in charge of the site if you did nothing to prevent this after the first attack, nor if this was maintained by another and you failed to stress updating security implementations. You speak of childishness yet how are you not acting like one by leaving?

    If you did however and you were ignored. I can see leaving. Not because of the hackers, but because your fellows took so little value in your opinion or were too lazy to actually do something about the issue.
Sign In or Register to comment.