Virginia's board

[Steve LeMaster]

Hi all.

What happened!? LOL!

About two months ago somebody was actively spamming Virginia's board; spambots cannot read graphics, such as what's in the registration page.

I implemented some anti spamming code which didn't work, until I figured out that a semicolon was missing from one of the strings. Once I fixed that issue, I reimplemented the anti-spam code and it banned 100+ IP addresses and 30+ email domains.

I received an email that somebody was attempting a brute force attack and I did the best I could do to prevent it.

On the 11th of February, this individual or group, managed to gain entrance and change everyone's passwords and place them in the ban list.

I tried to correct it through MySQL and fixed some of the problems. I then broadcasted an SOS and was sent an admin toolkit, which I uploaded and managed to inject the corrected tables in the MySQL database.

Unfortunately, I had to delete some accounts that had zero posts.

Anywho, I will remain signed onto Virginia's board to reset password requests.

[Minimalist]

The Club will do ANYTHING to maintain Clovis-First, Steve!

[Beagle]

Glad you're back up Steve and thanks for your help. Glad you got logged in here too.

[Beagle]

The Club will do ANYTHING to maintain Clovis-First, Steve!

Pretty obvious, huh?

[Minimalist]

They're unscrupulous.

[Steve LeMaster]

Thanks guys

Tell Michelle that her email is set up incorrectly on the board. I kept receivng a DEBUG message when I tried to register.

That's indicative that a setting is wrong.

Time to get dinner. Be back in about 30 minutes.

[Forum Monk]

Yeah, except in this case, the 'club' is probably some 23 year old. unemployed, loner, hacker living in Punjab.

[Minimalist]

It's called "outsourcing", Monk.

[Beagle]

23 year old. unemployed, loner, hacker living in Punjab.

......and has a "thing" about some archaeological forums.

[Steve LeMaster]

What really confused me at first was the md5 hashes appeared to be ok when I looked at them in the MySQL tables. When I took a closer look, I then noticed that they were concatentated in my browser. Which meant that they were changed from there originals.

Thank goodness this pissant didn't get into the actual website control panel!

[Steve LeMaster]

23 year old. unemployed, loner, hacker living in Punjab.

......and has a "thing" about some archaeological forums.

Which leads me to my primary question:

Who on earth would go to all that trouble to hack a decent person's site? Are people that afraid of her that they would go to these lengths?

[Beagle]

My take on it, for what it's worth, is that Hueyatlaco and the search for the First Americans is being discussed a lot right now on the Internet, and some scumbag popped his orthodox fuse and resorted to vandalism.

We were attacked also. Michelle has only said that a server was attacked so that's all I know but the forum was shut down all of one afternoon.

[Steve LeMaster]

Holy smokes! I never new academia was cut throat.

[Forum Monk]

Min - the 'outsource' crack was very funny

The software you and Michelle use may be out of date. The MD5 hash algorithm had a security flaw identitified in the '90s. This vulnerability mainly exists (if I understand it well) in the encoding algorithm which does not necessarily guartanee uniquness within a 128 bit code. This can result in scrambled messages in certain cases. For this reason checksums are often added. I'm not really sure what the intent was in concatenating MD5 hash, but clearly it was being manipulated or more likely corrupted as a consequence of him cracking in the database. Once inside, SQL is simple to write.

It just violates my sense of propriety to think this was a 'club' lackey. Its been known to happen, where someone will hire a hacker to get corporate secrets or some other gain but at the end of the day it almost always involves financial opportunity. This sounds more like some goof who may have figured out how to get email addresses or something by attacking vulnerable message boards. I wonder how many other Phpbb boards are being smacked?

[Steve LeMaster]

Min - the 'outsource' crack was very funny

The software you and Michelle use may be out of date. The MD5 hash algorithm had a security flaw identitified in the '90s. This vulnerability mainly exists (if I understand it well) in the encoding algorithm which does not necessarily guartanee uniquness within a 128 bit code. This can result in scrambled messages in certain cases. For this reason checksums are often added. I'm not really sure what the intent was in concatenating MD5 hash, but clearly it was being manipulated or more likely corrupted as a consequence of him cracking in the database. Once inside, SQL is simple to write.

It just violates my sense of propriety to think this was a 'club' lackey. Its been known to happen, where someone will hire a hacker to get corporate secrets or some other gain but at the end of the day it almost always involves financial opportunity. This sounds more like some goof who may have figured out how to get email addresses or something by attacking vulnerable message boards. I wonder how many other Phpbb boards are being smacked?

You nailed it. The concatetating was what my browser was doing because I didn't have it maximized. When I maximized my browser window the md5 hashes appeared like they are supposed to, but, I noticed that they were changed.