Author Topic: Uh...  (Read 28686 times)

0 Members and 8 Guests are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Uh...
« Reply #90 on: December 02, 2005, 10:51:22 pm »
As MyndFyre said (while I was typing this, *grr*), he straightened everything up.  You can fix your names (Except Sigh Dough.. we alll agree that you should keep that name). 

As far as we can tell, somebody either found out or guessed an Administrator's password on the forum (probably Quik, he's a n00b (kidding)).  We've fixed it so he can't get back in through that route.  Hopefully that's all he did...

Hopefully, it's all back to normal.  I'm still going to dig through some logs and see if I can find out who actually did it.  All I know at this point is that he was going through a proxy, but I might be able to dig up some records on the proxy, who knows?

Stay tuned!

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Uh...
« Reply #91 on: December 02, 2005, 10:53:59 pm »
I like it as Sigh Dough :). This is better than any movie this year o_o.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Uh...
« Reply #92 on: December 02, 2005, 11:03:21 pm »
OK, iago got me back my permissions and I reset the admins. People should be able to update their names again. Sidoh should do so :P

If anyone has any problems with anything, please let me know. The permissions were kind of weird, but I think I got them back to normal.

yeah I'm not moderator of off-topic yet..
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Uh...
« Reply #93 on: December 02, 2005, 11:31:49 pm »
OK, iago got me back my permissions and I reset the admins. People should be able to update their names again. Sidoh should do so :P

If anyone has any problems with anything, please let me know. The permissions were kind of weird, but I think I got them back to normal.

yeah I'm not moderator of off-topic yet..

Hmm, how'd we miss that?  Well, I'll get right on that. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Uh...
« Reply #94 on: December 03, 2005, 02:05:29 pm »
Hmm, I was checking up on some things, and I wonder if this might be a problem:

Quote
root@darkside:~# chkrootkit
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `cron'... not infected
Checking `date'... INFECTED
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `killall'... not infected
Checking `ldsopreload'... not tested
Checking `login'... not infected
Checking `ls'... INFECTED
Checking `lsof'... not found
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not found
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... INFECTED
.............. [it goes on like that]

*** WARNING: illegal modifications were made to certain system files, indicative of an infection!!!
*** the infection started between 06 Nov 2005 18:10:00 and 06 Nov 2005 18:30:00
*** BACK UP ALL IMPORTANT DATA AND SHUT DOWN IMMEDIATELY


:-/

Anybody remember what happened on November 6?  It was a long time ago :(

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Uh...
« Reply #95 on: December 03, 2005, 02:21:01 pm »
What happened November 6th? :|
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Towelie

  • pwnstar
  • x86
  • Hero Member
  • *****
  • Posts: 4873
    • View Profile
Re: Uh...
« Reply #96 on: December 03, 2005, 02:53:32 pm »
no idea, that sucks :-P

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: Uh...
« Reply #97 on: December 03, 2005, 03:26:13 pm »
Ugh, this is a perfect application as to why you do not run porn.wmv.exe.

Nov 6 was about the time BnetAxe was hacked..that's about it. :-\

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Uh...
« Reply #98 on: December 03, 2005, 05:05:35 pm »
Hmm, on that day there was a lot of traffic from 207.180.144.222...

Also, I checked up on the proxy that the "pnc" account was using.. I found their logs, an it turns out that 207.180.144.222 was the ip that was posting as phc, so I'm sure it's the same guy.

So I looked up the ip 207.180.144.222 on the forums, and there is one account associated with it: Hitmen

Also, Nov, 6 was the day that Hitmen created his account on this forum. 

Also, Dec. 1 (the day of the "incident") was Hitmen's birthday. 

Now, the problem is, I always thought that the Hitmen I knew was inept.  So how, suddenly, did this happen? 

Your answer is as good as mine..... for the time being, I'm not sure how to proceed...

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Uh...
« Reply #99 on: December 03, 2005, 05:44:39 pm »
Hmm....

Wtf?

Well, I'm gonna ban Hitmen, and have a very long discussion on AIM.
« Last Edit: December 03, 2005, 05:46:18 pm by Newby »
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Uh...
« Reply #100 on: December 03, 2005, 05:51:52 pm »
Ugh, this is a perfect application as to why you do not run porn.wmv.exe.

Nov 6 was about the time BnetAxe was hacked..that's about it. :-\

Eh, wouldn't affect you in Linux.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: Uh...
« Reply #101 on: December 03, 2005, 06:14:41 pm »
But why would Hitmen do it? Possibly not the real Hitmen? I don't know him really at all, but he seems a bit more controlled then that.

Also, who does all that then leaves it to be that obvious. Almost as if someone wanted Hitmen gone.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Uh...
« Reply #102 on: December 03, 2005, 06:20:38 pm »
And whos to say this wasn't meant to be a nice little tap on the shoulder saying "you're not as secure as you think"? We all thought darkside was imbreachable, but aparently he wasn't. If he was a real "blackhat", he would have just deleted the whole database. He distroyed next to nothing, except maybe 30 minutes of MyndFyre's time when he set permissions back.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Uh...
« Reply #103 on: December 03, 2005, 07:22:38 pm »
Who is this "We"? Nothing is inbreachable. Maybe you sleep at nighty knowing that but I sure don't.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Uh...
« Reply #104 on: December 03, 2005, 07:40:56 pm »
I don't know hitmen very well, but he doesn't seem to be a person to do something stupid like that...
And like a fool I believed myself, and thought I was somebody else...