8th November 2007, 2:40 PM
I actually do have multiple people that are part of the TovenNet network working on this DJ, and I would be a corporate entity when I get around to filling the paperwork.
My crises response team consisted of a Level 2 Network Team Leader who manages the Dedicated server and farm that TendoCity runs on, and several other network analysts who pulled an all night-er working on this, so please don't cut them short.
Here is my latest update, this is all the information I have...
Apparently threw a PHP backdoor vulnerability the hacker was running a Phishing scam on TendoCity servers, not just to hack us, but he was also impersonating several banks as well. We don't know how he hijacked Ryan's account, his and other passwords are MD5 encrypted and hashed against itself. We think he may have gained access to Tendo Citys directory tree threw a vulnerability in PHP where he reciently was able to upload several malicious scripts. The scripts he uploaded have been desabled by removing permissions on the files. This will not let them run but allow us to still examine the files as we continue the investigation.
His IP address has been banned from the server at the server request level. The server should no longer be able to accept TCP/IP or UDP packets from him of any kind.
That's all I have for now, you all will be the first to know if anymore information develops.
My crises response team consisted of a Level 2 Network Team Leader who manages the Dedicated server and farm that TendoCity runs on, and several other network analysts who pulled an all night-er working on this, so please don't cut them short.
Here is my latest update, this is all the information I have...
Apparently threw a PHP backdoor vulnerability the hacker was running a Phishing scam on TendoCity servers, not just to hack us, but he was also impersonating several banks as well. We don't know how he hijacked Ryan's account, his and other passwords are MD5 encrypted and hashed against itself. We think he may have gained access to Tendo Citys directory tree threw a vulnerability in PHP where he reciently was able to upload several malicious scripts. The scripts he uploaded have been desabled by removing permissions on the files. This will not let them run but allow us to still examine the files as we continue the investigation.
His IP address has been banned from the server at the server request level. The server should no longer be able to accept TCP/IP or UDP packets from him of any kind.
That's all I have for now, you all will be the first to know if anymore information develops.