poli
|
Posted: Mon Dec 20, 2004 5:00 pm Post subject: tournamenthouse hacked?? |
|
|
I signed up for tournement house yesterday--went in to check it all out today and saw "this site has been defaced....."
wtf??
http://www.tournamenthouse.com |
"What is your major malfunction ?????" |
|
Back to top |
|
|
|
Luft_KnHan
Rep: 1.2 votes: 1
|
Posted: Mon Dec 20, 2004 7:22 pm Post subject: |
|
|
Yeah??
What's hap |
Paint'n friends |
|
Back to top |
|
|
GS_v_Witzleben
Rep: 25.1
|
Posted: Mon Dec 20, 2004 11:06 pm Post subject: |
|
|
such happened before, when i remember right...think we have to hope, that homba gets´it working, if he finds time....or doesn anyone else has the might to do something (mooxe?) |
regards
GS_v_Witzleben aka _irgendwas |
|
Back to top |
|
|
TogashiD
Rep: 0.1
|
Posted: Tue Dec 21, 2004 12:09 am Post subject: |
|
|
Several PHP sites were hit. I saw 2 others this morning that were also down. One had generation 7. I see TH says generation 13. Now this afternoon one site is back up, so it shouldn't take much to get TH back up. |
|
|
Back to top |
|
|
Homba
Rep: 34.9
|
Posted: Tue Dec 21, 2004 1:26 am Post subject: hacked |
|
|
Im afraid this was a general attack on our service provider or some other kind of broad attack just to prove a point about a security flaw. At least i cant think of any other motivation for these bastards that cause so much pain. I don't believe our site was specifically targetted.
I have opened a tech help request ticket with our provider, but all of our posts, htm and html files were overwritten throughout the thouse site, including the forum. I am afraid we are going to have to wait until mooxe gets back on the 27-28 of Dec to load a backup. Im afraid that backup will be a couple of weeks old at best, so we will lose a lot of posts and games at the site. I hate the people who did this.
If our web provider can help with a better solution, i will be very surprised. I don't think they were any help last time this happened. They said our site security was not their responsibility.
So hate to the hackers and our provider, but happy holidays to everybody else. See yall after Christmas unless we get a miracle fix from the provider. I'll let u know here when I get the haughty rejection notice from them.
H |
|
|
Back to top |
|
|
mooxe
Rep: 221.7 votes: 25
|
Posted: Tue Dec 21, 2004 3:20 am Post subject: |
|
|
I have backups but I am in Texas right now and the backups are at my home in Canada. I wont be home untill the 28th.
Yes it was just a general attack that exploits holes in Apache webservers. TH was NOT HACKED, just exploited.
No data has been lost like forum posts or ladder stats. It was just an exploit to overwrite htm files. Consider TH on hold for now. |
Join Discord for technical support and online games. |
|
Back to top |
|
|
CSO_Sbufkle
Rep: 32.2 votes: 1
|
Posted: Tue Dec 21, 2004 2:22 pm Post subject: |
|
|
Sorry to hear this..
This kind of BS really steams me.. its not as if the CC community is ever doing anything like animal testing or something 'politically incorrect' to merit any of the community sites being hacked.
Hope all is set up soon.
People who use backdoors to steal info/downloads or hack a site should have thier balls cut off. |
|
|
Back to top |
|
|
mooxe
Rep: 221.7 votes: 25
|
Posted: Tue Dec 21, 2004 3:00 pm Post subject: |
|
|
You cant say someone used a backdoor to steal info/downloads when a site is improperly setup to begin with. With www.ccmarines.com the front door was basically open, wide open. Not providing a link on the main page doesnt mean people cant access it. All you had to do was type in the URL and you could get the downloads. If you need help with .htaccess, CHMOD and user groups (in PHPNuke) let me know. |
Join Discord for technical support and online games. |
|
Back to top |
|
|
CSO_Sbufkle
Rep: 32.2 votes: 1
|
Posted: Tue Dec 21, 2004 5:51 pm Post subject: |
|
|
mooxe wrote:
|
You cant say someone used a backdoor to steal info/downloads when a site is improperly setup to begin with. With www.ccmarines.com the front door was basically open, wide open. Not providing a link on the main page doesnt mean people cant access it. All you had to do was type in the URL and you could get the downloads. If you need help with .htaccess, CHMOD and user groups (in PHPNuke) let me know.
|
??? Okay then.. not sure what you are talking aobut.. but whatever...
Are you sayiung you hacked the ccmarines site???
Im not sure what your trying to say! |
|
|
Back to top |
|
|
Pizzaman
|
Posted: Tue Dec 21, 2004 8:58 pm Post subject: |
|
|
He's saying if you leave your house door open and your stereo is stolen, it maybe considered theft, but NOT breaking and entering. |
|
|
Back to top |
|
|
CSO_Sbufkle
Rep: 32.2 votes: 1
|
Posted: Wed Dec 22, 2004 12:09 am Post subject: |
|
|
Theft is theft.. since this thread has turned to this topic. Shopping it around is even worse. |
|
|
Back to top |
|
|
Pizzaman
|
Posted: Wed Dec 22, 2004 12:53 am Post subject: |
|
|
Quote:
|
Theft is theft.. since this thread has turned to this topic. Shopping it around is even worse.
|
Not quite. This thread has turned to the topic of BREAKING AND ENTERING verses OPEN PUBLIC ACCESS. The theft aspect is irrelevant. Poorly designed websites lacking in security that allow public access to files cannot be considered "backdoor/breaking and entering" entry, due to the public forum the information resides in. Consequently such access to files cannot be considered "theft" as, public display of files implies public access i.e. free for downloading. Such aquisitions amount to a person taking a pamphlet on display in a public place and then the owner claims theft when the pamphlet is taken. |
|
|
Back to top |
|
|
mooxe
Rep: 221.7 votes: 25
|
Posted: Wed Dec 22, 2004 12:58 am Post subject: |
|
|
CSO_Sbufkle wrote:
Quote:
|
??? Okay then.. not sure what you are talking aobut.. but whatever...
Are you sayiung you hacked the ccmarines site???
Im not sure what your trying to say!
|
What I said was....
Quote:
|
All you had to do was type in the URL and you could get the downloads.
|
If thats hacking to you, I guess your hacking right now.
I was just giving you an example of the point I was making. Some people consider that a backdoor. The new CCM site was a good example. I know that only registered users with .mil address should have access downloads but I guessed the URL and found the downloads. In fact it was the same URL for downloads here, just had to replace the site name with ccmarines.com instead of closecombatseries.net. This site is the same example actually. You dont have to register to get the downloads if you simply guess at the URL. It would be something like www.closecombatseries.net/downloads/etc etc ...
So really if you access the downloads on the CCM site using the direct URL and not the phpnuke provided link that could be considered a backdoor. A site like CCS it would not be. |
Join Discord for technical support and online games.
Last edited by mooxe on Wed Dec 22, 2004 1:40 am; edited 1 time in total |
|
Back to top |
|
|
mooxe
Rep: 221.7 votes: 25
|
Posted: Wed Dec 22, 2004 1:38 am Post subject: |
|
|
Pizzaman pretty much just said everything I was trying to say in less words.
For PHPNuke to be a secure site you need to randomize the names of the folders and put an index.html file in each folder. If you dont do that PHPNuke cant be trusted to provide restricted access. Even these measures are not fool proof.
It sucks that TH was exploited but theres absolutley nothing me and Homba and the other admins could of done about it. The responsibility for that kind of attack lays with the host providor and they failed to protect the site. |
Join Discord for technical support and online games. |
|
Back to top |
|
|
CSO_Sbufkle
Rep: 32.2 votes: 1
|
Posted: Wed Dec 22, 2004 2:26 am Post subject: |
|
|
Please stop offering people the files you got from that site.. one of them is mine & you are distributing it without my permission.
Some guy in teamspeak today offered me my file from that site. A file that wasnt supposed to be available. I have legitmate reasons to be upset.
Had this site had the saem glitch I wouldnt be pimping the files out at Teamspeak.
Can you understand why Id be upset?
Have a little respect please.
STOP PIMPING MY FILES & THOSE YOU FOUND ON THAT SITE.
The CC community doesnt need this kind of lack of respect shown for fellow members. |
|
|
Back to top |
|
|
mooxe
Rep: 221.7 votes: 25
|
Posted: Wed Dec 22, 2004 2:45 am Post subject: |
|
|
Sbufkle... I am not and have not distributed any files from ccmarines.com privately or publically (through this site). Nor did I tell anyone the link. Just because I knew about it doesnt make me guilty. Work on fixing the security holes rather than accusing people. Find another suspect!!
Start with the list of people you gave the file(s) to, then ask them who they gave it to and said not to tell anyone, and so on and so on. If you want something private keep it friggin private!! |
Join Discord for technical support and online games. |
|
Back to top |
|
|
ANZAC_Lord4war
Rep: 3.5
|
Posted: Wed Dec 22, 2004 4:12 am Post subject: mmm |
|
|
pimping implies that some1 is selling ur files.and that ur files r a prostitute.
just say what ur files r and the cc community will stop sharing them with each other and most likely never use them again. |
Forget words,actions will show your true ambitions!The Battlefield,In many cases, the terrain of a battlefield can be the best resource a commander has. A clump of trees, an abandoned house, or a drainage ditch can all be powerful tools in the right hands |
|
Back to top |
|
|
Homba
Rep: 34.9
|
Posted: Wed Dec 22, 2004 5:23 am Post subject: |
|
|
Having talked to the TH server host, I think there is nothing to be done until you get home, mooxe. I am really afraid we lost all forum posts since the backup. When i check my IE 'history' and try to jump directly to posts i had looked at using the direct links in the history, I still get the worm-exploit message. I'll be happily surprised if you can restore it with up to date posts and ladder stats.
Homba |
|
|
Back to top |
|
|
RedScorpion
Rep: 11.7
|
Posted: Wed Dec 22, 2004 11:09 am Post subject: |
|
|
may the force be with ya moxxy |
Ceci tuera cela |
|
Back to top |
|
|
mooxe
Rep: 221.7 votes: 25
|
Posted: Wed Dec 22, 2004 11:54 am Post subject: |
|
|
Its all there homba. Posts are stored in the database not in html. |
Join Discord for technical support and online games. |
|
Back to top |
|
|