+- Tendo City (https://www.tendocity.net)
+-- Forum: Tendo City: Metropolitan District (https://www.tendocity.net/forumdisplay.php?fid=4)
+--- Forum: Ramble City (https://www.tendocity.net/forumdisplay.php?fid=44)
+--- Thread: Tendo City Service Disruptions.... (/showthread.php?tid=4581)
Tendo City Service Disruptions.... - etoven - 7th November 2007
Tuesday September 6, 2007 shortly after 2:00 PM our beloved Tendo city met with a violent attack by an hacker in egypt. He ruined permissions, deleted forums, and deleted files from the server.
I wish to thank all the dedicated crises response teams within the TovenNet network. Within just hours the site was restored to working order. The database has been rolled back to yesterday, and site, and server security tightened. The only ill effect is that we lost a days worth of posts.
Threw careful examination of server logs, and the hackers own email address which he gracefully left us, we have determined the hackers identity and will be reporting it to the proper authorities.
Please email admin if the site experiences any problems.
Thank You....
Etoven
Site Owner: Tcforums.com
Tendo City Service Disruptions.... - A Black Falcon - 7th November 2007
Hackers... :bummed:
Tendo City Service Disruptions.... - etoven - 7th November 2007
Edenmaster I'm afraid the earth worker racers suffered massive casualties.
Sorry....
Tendo City Service Disruptions.... - Dark Jaguar - 7th November 2007
So my questions is did you figure out what they did? If so, have you "fixed" this entryway, or would that require some major upgrade?
Tendo City Service Disruptions.... - etoven - 7th November 2007
Dark Jaguar Wrote:So my questions is did you figure out what they did? If so, have you "fixed" this entryway, or would that require some major upgrade?
We haven't figured out exactly how they did it, but we do know that they compromised Ryan's account and gained access with his credentials.
We took all the usual precautions, we banned the hackers last known IP on all TovenNet and TendoCity servers (at the tcp/ip request level), reset all major passwords, and contacted the proper authorities with the information we gathered from the server logs.
That's all I have for now, I'll keep you posted with any updates.
Rest assured all your personal information on TendoCity is MD5 Hash encrypted and was not stolen. We think the hacker was able to log in as Ryan some how with out having to supply accurate credentials.
Tendo City Service Disruptions.... - Great Rumbler - 7th November 2007
Tendocity is under attack from terrorists?!
Tendo City Service Disruptions.... - EdenMaster - 7th November 2007
That's terrible and all but...really...who took the time to hack a website that ten people know about...?
Ah, my poor little Earthworkers...Well, fortunately, they're cheap :D
Tendo City Service Disruptions.... - etoven - 7th November 2007
Were still investigating means by which the hacker obtained account information but we have some important clues which led to a working theory, that's all I can say for now, until I confirm, I'll spill all the details when I have more.
All I can say for now is that TendoCity Admin's may have inadvertently sent the hacker their passwords, so for now I am asking that all admins/mods change there passwords so he can not make another attempt at chaos using your forum privileges.
We have taken steps so he well not be able to retrieve the new passwords.
Thanks...
Etoven
Tendo City Service Disruptions.... - EdenMaster - 7th November 2007
DJ did have that weird imposter a few weeks back. Possible relation?
Tendo City Service Disruptions.... - alien space marine - 8th November 2007
Fucking gypsies !
How the fuck and why the fuck did he do it to TC?
Tendo City Service Disruptions.... - Dark Jaguar - 8th November 2007
I actually explained what I was able to find about that person that took over when I was gone those two weeks to ABF. If you want you can ask him for the details.
Anyway, I doubt this is the same person, and I already changed my password after that one incident so that couldn't be it anyway.
Tendo City Service Disruptions.... - Dark Jaguar - 8th November 2007
etoven, while I love your energy I think it's time to stop talking like a corporate entity for a bit as we'd like juicy DETAILS.
Basically, say "I" instead of "we" unless you really do have multiple people working with ya right now (which I only say because if you have actually started something with people, you never told us!). Also, what have you been investigating? Inquiring minds want to know! Basically I just want to know if I can come up with anything to help you, and that means details. For example, do you think they got our passwords AFTER hacking or that they got the passwords TO hack the site, and either way, how'd you find that out?
Tendo City Service Disruptions.... - A Black Falcon - 8th November 2007
Agreed! :)
Tendo City Service Disruptions.... - etoven - 8th November 2007
I actually do have multiple people that are part of the TovenNet network working on this DJ, and I would be a corporate entity when I get around to filling the paperwork.
My crises response team consisted of a Level 2 Network Team Leader who manages the Dedicated server and farm that TendoCity runs on, and several other network analysts who pulled an all night-er working on this, so please don't cut them short.
Here is my latest update, this is all the information I have...
Apparently threw a PHP backdoor vulnerability the hacker was running a Phishing scam on TendoCity servers, not just to hack us, but he was also impersonating several banks as well. We don't know how he hijacked Ryan's account, his and other passwords are MD5 encrypted and hashed against itself. We think he may have gained access to Tendo Citys directory tree threw a vulnerability in PHP where he reciently was able to upload several malicious scripts. The scripts he uploaded have been desabled by removing permissions on the files. This will not let them run but allow us to still examine the files as we continue the investigation.
His IP address has been banned from the server at the server request level. The server should no longer be able to accept TCP/IP or UDP packets from him of any kind.
That's all I have for now, you all will be the first to know if anymore information develops.
Tendo City Service Disruptions.... - Great Rumbler - 8th November 2007
Man, it's like a real-life Swordfish going on over here!
Tendo City Service Disruptions.... - Dark Jaguar - 8th November 2007
Oh I wasn't selling them short or anything. You were just talking "funny" and I was wondering how much of that was humor and how much was actually real.
MD5 encription isn't really the strongest. It only makes one "pass" and all and I've heard there are some hacks for it out there as it is.
Is this a vulnerability in PHP scripting language itself or just a vulnerability in TC's specific site scripts? If it's the latter, all the more reason to see if we can't get the latest version of our forum software set up. While that IP address is banned, it is only a temporary fix, but I'm sure you're aware of that. Really though if the guy doesn't travel much or isn't that motivated to keep bothering us, we're probably safe.
Thanks for the update!
Tendo City Service Disruptions.... - hephaestus - 8th November 2007
damn. I thought it was the start of an elaborate joke. I mean... death to Israel? who actually says that?
Tendo City Service Disruptions.... - EdenMaster - 8th November 2007
hephaestus Wrote:damn. I thought it was the start of an elaborate joke. I mean... death to Israel? who actually says that?
...what...?
Ahh the little bastard deleted everything in my folder on the FTP! It's gonna take me MINUTES to put that stuff back in there!
Tendo City Service Disruptions.... - A Black Falcon - 8th November 2007
Hmm, I'm not sure if I even remember the FTP password... not that it should be mentioned on the forum. :)
Tendo City Service Disruptions.... - hephaestus - 9th November 2007
Eden/ bra! fo reel, dirka-dirka was talkin shit about Israel and killing Bush. Dont they know yet that WE want him dead too?
Tendo City Service Disruptions.... - Dark Jaguar - 9th November 2007
Hey my bro my, wanna sign this petition to stop animal testing of office supplies?
Tendo City Service Disruptions.... - etoven - 11th November 2007
Update: Provided Ryan can find the necessary shit...
I will be updating the forum software as soon as I get paid on Thursday.
Hopefully the update won't be as devastating as the hacker.
Tendo City Service Disruptions.... - EdenMaster - 11th November 2007
I'm still unclear as to what the hacker attempted to achieve by hacking a website that 10 people know about...
Tendo City Service Disruptions.... - Dark Jaguar - 11th November 2007
Simple. The hacker wants to be "bad" without getting too much attention from "the man", thus negating any image of being "bad" but rather "petty".
Tendo City Service Disruptions.... - etoven - 11th November 2007
And he was stealing money from bank customers....
Tendo City Service Disruptions.... - EdenMaster - 11th November 2007
You don't...think our Egyptian friend had anything to with <a href="http://tcforums.com/forums/showthread.php?t=4647">this</a> do you?
Tendo City Service Disruptions.... - A Black Falcon - 11th November 2007
Yeah, I'd imagine the purpose would be the 'using server as dummy to do other bad stuff elsewhere' thing, not 'taking down a forum with 10 members'. :)
Tendo City Service Disruptions.... - etoven - 12th November 2007
EdenMaster Wrote:You don't...think our Egyptian friend had anything to with this do you?
He was impersinating Bank Of America but I'm shure a lot of people are...
Tendo City Service Disruptions.... - EdenMaster - 12th November 2007
etoven Wrote:He was impersinating Bank Of America but I'm shure a lot of people are...
Perhaps, but the coincidence is striking.
I'd recieved the mail another couple of times, same basic idea but differently worded. The second time, while still obviously a scam, was at least more professional LOOKING than the first.
I wouldn't doubt it.
Tendo City Service Disruptions.... - Dark Jaguar - 12th November 2007
What coincidence exactly? I'm not sure I see the connection.
Tendo City Service Disruptions.... - A Black Falcon - 12th November 2007
Yeah, there's a lot of identify-theft spam like that out there...
Tendo City Service Disruptions.... - EdenMaster - 12th November 2007
It's possible there is no connection.
There are just similarities is all.
Tendo City Service Disruptions.... - Dark Jaguar - 12th November 2007
I mean I don't see anything. One's a web page hack (that didn't seem to turn us into an advertisement at all) and the other is a spam e-mail.
Tendo City Service Disruptions.... - EdenMaster - 13th November 2007
Dark Jaguar Wrote:I mean I don't see anything. One's a web page hack (that didn't seem to turn us into an advertisement at all) and the other is a spam e-mail.
The connection is that our hacker was using it to (according to etoven) steal money from bank customers and impersonate Bank of America, the same as the spam I recieved.
Tendo City Service Disruptions.... - Dark Jaguar - 13th November 2007
Oh yeah, I thought that sounded a little weird actually. So etoven what sort of thing were they trying to do? Were they setting up special software on our server so if the scam was traced it would link back to us?