• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Hacked... grrr

Slavik

XenForo moderator
Staff member
#1
Well, not down to server security or scripting, good ol fassioned "find the guys password and log in".

One of the other admins for p8ntballer had his password stolen, fortunately the hacker didn't realise I was browsing the site (logged out) so when he defaced the homepage, I saw it right away and shut apache off before he could do anymore.

Sneaky little **** though.


Fortunately the damage was contained from being too bad, I have nightly backups so at worst I will just restore from 24 hours ago, there is however, some items which will never be able to be recovered.


Oh well, even the best of us!
 

EQnoble

Well-known member
#6
We have all the logs and IP's and already have a very good idea who it is.
Good...very good. Do you plan on making a move against them....I ask for reasons I don't want to post publicly but if you are going to move against them and you are interested in how I got rid of the most pesky of arsenuggets from my server pm me.

(almost 100,000 attacks in one week over 7 vectors of attack actually was the most pesky but they were from china and china isn't interested in respecting american web properties so I just blocked every cidr range in china....funny thing is besides that one....50% of attacks are hitting me originating from California, Washington state and one other which I am not sure if that is just a proxy or not yet so it is not worth mentioning beyond what I have)

One question...was the person at one time or presently in your circle...or was it a random but known douche?
 

Slavik

XenForo moderator
Staff member
#7
Good...very good. Do you plan on making a move against them....I ask for reasons I don't want to post publicly but if you are going to move against them and you are interested in how I got rid of the most pesky of arsenuggets from my server pm me.

(almost 100,000 attacks in one week over 7 vectors of attack actually was the most pesky but they were from china and china isn't interested in respecting american web properties so I just blocked every cidr range in china....funny thing is besides that one....50% of attacks are hitting me originating from California, Washington state and one other which I am not sure if that is just a proxy or not yet so it is not worth mentioning beyond what I have)

One question...was the person at one time or presently in your circle...or was it a random but known douche?
We know EXACTLY who it is, he thinks he covered his tracks by deleting his IP from the vbulletin admin pannel, but it didn't take long to track it down in apache logs. He is a "know it all" kid we banned a few weeks back for showing no respect to other, older, more experienced members who were only trying to help him out.

Nasty accidents often occur on a days paintballing...
Particularly so when this is the admin whos account he accessed...

167620_10150384319155384_572040383_16883113_5155473_n.jpg
 

EQnoble

Well-known member
#8
We know EXACTLY who it is, he thinks he covered his tracks by deleting his IP from the vbulletin admin pannel, but it didn't take long to track it down in apache logs. He is a "know it all" kid we banned a few weeks back for showing no respect to other, older, more experienced members who were only trying to help him out.

Put like this, nasty accidents often occur on a days paintballing...
Particularly so when this is the admin whos account he accessed...

View attachment 18574
Nice...I hope he receives his pwning...obviously he knows everything so he isn't interested in learning anything...it sucks but sometimes people who make bad decisions at the cost of others need to feel pain since morals are not something they hold in regards.

So lemme see if I understand you correctly...

You have an admin and on days that it is known that he is away ( I am assuming since it is a paintball forum that he probably announces his gamedays and there is not many other times when someone would know for sure that he wont be there.) someone is using his account to be a POS in a cowardly way.

If that is the case that is very similar to what my situation was except they were watching my activity on all site's that I frequent and not my forum itself.

sidenote: who is the beastly lookin dude in that pic?
 

ManagerJosh

Well-known member
#18
The police have taken all the evidence, and should we decide to push criminal charges they are looking at up to 10 years in jail.

As of today, I have filed the relevent N1 and N244 forms along with 120 pages of evidence to take them through civil courts and recover our damages.
I have to ask Slavik, how did he gain access to your admincp or server to inject the plugin?
 

AzzidReign

Well-known member
#20
It's nice to hear someone going after punks like these. Unfortunately, I've tried to do the same...with mounds of proof and other information to put multiple people away for 10's of years, but the FBI just either moves slow or doesn't do **** about it. I hope yours turns out differently.