Results 1 to 11 of 11

Thread: Nadiar %^$^ Up

  1. #1
    Systems Administrator
    Nadiar's Avatar
    Join Date
    Jun 2003
    Posts
    16,176
    Blog Entries
    9

    Nadiar %^$^ Up

    Quote Originally Posted by From the Announcement
    While preparing to copy Graffes to Linode for our server move, I discovered that Graffe.com was hacked and had a backdoor installed on August 15th 2011.

    I have no evidence that they actually did anything on the server.

    The exploit they used was with a flawed version of vBulletin which we have since patched (unfortunately I don't keep logs of when I complete upgrades, so I'm not sure how long we were vulnerable).


    They had permissions to create additional files, but not update, overwrite, or delete files. This means that I have a copy of any file they created, and I haven't found a single file that appears to have enabled them to access the database. The files they would have had access to are all attachments, as well as the configuration for Graffes. Private Messages, Posts, Usernames and Passwords are not contained in files, they are contained in the database.


    In spite of my belief that only the Graffe.com passwords have been compromised, please update your passwords anywhere you used the same password as on Graffe.com, and recognize that


    I apologize for the horrible failure on my part, and I'll try to clarify any questions in <a href="http://www.graffe.com/forums/showthread.php?73841-Nadiar-Fucked-Up&p=1749510#post1749510">this thread</a>.

    Ugh, I feel mildly sick now. Researching additional information.

    The backdoor they installed was Locus7shell.
    Last edited by Nadiar; July 23rd, 2012 at 04:45 PM.
    "Complaining is the modern metagame" - BNet forums

  2. #2
    Mangina at large.
    Delores Mulva's Avatar
    Join Date
    Jul 2003
    Posts
    15,935

    Re: Nadiar %^$^ Up

    I believe that's roughly when I started getting phishing e-mails for Runescape (which I've never played), WoW, and one other Asian MMORPG. I would assume that they had access to e-mail accounts at the very least.

  3. #3
    Elder Arcanist
    The other opinion
    Branaman Starbinder's Avatar
    Join Date
    Jun 2003
    Posts
    9,070

    Re: Nadiar %^$^ Up

    I use a hotmail account for all game and web related issues. They have a nice spam filter and it is filled with Phishing mails already that I just ignore it anyway.

    It might as well be some phishing service, after all, the only other viable option is that the Men with the black helicopters are keeping tabs on the state of civil discontent.
    Terry Pratchett: A European says: I can't understand this, what's wrong with me? An American says: I can't understand this, what's wrong with him?
    Torcer Arcana: There are times I really love the Dutch.
    Zedd: Bran, I think you exhibit moonbat qualities at times
    ?????????: Never argue with a stupid man, because he will drag you down to his level and beat you because of his experience.

  4. #4
    Forum Sorcerer

    Join Date
    Sep 2004
    Posts
    897

    Re: Nadiar %^$^ Up

    Don't beat yourself up over it. Accidents happen.

  5. #5

    Re: Nadiar %^$^ Up

    Shit happens. Sounds like the harm was an email dump. So? No one uses their real email I am sure. Mine is gnomes@gmail.com, which while and AWESOME email address, is just a gamer dumping email.

  6. #6
    #YesAllCats
    Goladus's Avatar
    Join Date
    Jun 2003
    Posts
    25,071
    Blog Entries
    1

    Re: Nadiar %^$^ Up

    If someone cracked my graffe password they could have access to lots of personal stuff assuming they figured out how to swap case on a few of the letters and if they could warp back in time to the year 2000. Haven't used this password for anything else in years (except, oddly enough, LinkedIn, which was hacked earlier this year).

  7. #7
    Formerly: Tzakapotek
    Celine Dijon
    Lysandor's Avatar
    Join Date
    Jun 2003
    Posts
    25,711
    Blog Entries
    9

    Re: Nadiar %^$^ Up

    You remember all the times I posted something you personally disagreed with?

    That was the cracker.

    And it is totally Nadiar's fault.

    I'm saying.
    I go missing
    No longer exist
    One day
    I hope
    I’m someone you miss

  8. #8
    Locked Account
    MSEvangelista

    Join Date
    Jun 2003
    Posts
    8,687
    Blog Entries
    2

    Re: Nadiar %^$^ Up

    I already use a password on this site that I know is compromised and has been so for about five years. Obviously, no one gives a fuck about hacking Graffes. Site probably came up in a script that scans domains for exploits and in the end probably no one noticed.

  9. #9
    Systems Administrator
    Nadiar's Avatar
    Join Date
    Jun 2003
    Posts
    16,176
    Blog Entries
    9

    Re: Nadiar %^$^ Up

    I actually realize now that I realized we had "weird issues" at this time where people were trying to brute force some admin passwords (jokes on the hacker assholes, since Rombus isn't the Admin!), and this resulted in me doing an emergency security upgrade with little/no notice. So I just missed a file in the cleanup. Derp.
    "Complaining is the modern metagame" - BNet forums

  10. #10
    Elder Arcanist

    Join Date
    Jun 2003
    Posts
    4,743

    Re: Nadiar %^$^ Up

    Thanks for the disclosure. Feces occurs.
    Virtually all U.S. senators, and most of the representatives in the House, are members of the top 1 percent when they arrive, are kept in office by money from the top 1 percent, and know that if they serve the top 1 percent well they will be rewarded by the top 1 percent when they leave office

  11. #11
    Chair warmer, Sector 7G
    Alikat Astrae's Avatar
    Join Date
    Sep 2003
    Posts
    44,198

    Re: Nadiar %^$^ Up

    You forgot the "Good news, everyone!" opening, Professor!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •