Users browsing this thread: 1 Guest(s)
tSR hacked
#16
does anybody want me to check ovber on MFGG forums and get help if i have permission to start a topic?
(06-29-2009, 11:04 AM)sky_blue_wiggler Wrote: I just looked up NobodyCoder on Google, and he has hacked more than just us.

who has he hacked? tell me plz
Thanked by:
#17
Couldn't hurt. But it might also be a good idea to wait until the staff have seen this.
BTW DragNaut, calm yourself. The staff will be able to handle it when they get here I'm sure.
Thanked by:
#18
Crisis over, took 5 seconds to fix. NobodyCoder is a hacker from Iran who tries to spread political messages from what I can tell.
Apparently he doesn't like Israel.
Tsunami Bomb - The Simple Truth
We could run away
Leave behind anything paper
Not knowing where we're going to stay
When there's no Mondays

You're part of me, it's so easy to see the simple truth
When I'm in your arms, I feel safe from harm and sorrow too
You're part of me, it's so easy to see the simple truth
But most of all, nothing couldn't be solved when I'm with you
Thanked by:
#19
Figured it would be a quick fix. Thanking you, Dazz. Big Grin
Thanked by:
#20
(06-29-2009, 11:09 AM)Dazz Wrote: Crisis over, took 5 seconds to fix. NobodyCoder is a hacker from Iran who tries to spread political messages from what I can tell.
Apparently he doesn't like Israel.

Dazz, your'e a life saver. thankyou so much oh yeah, and if you click on the link to the main page at the bottom, it takes you to the hack page.
Thanked by:
#21
You just have to refresh, it'll be in your browser cache.
Tsunami Bomb - The Simple Truth
We could run away
Leave behind anything paper
Not knowing where we're going to stay
When there's no Mondays

You're part of me, it's so easy to see the simple truth
When I'm in your arms, I feel safe from harm and sorrow too
You're part of me, it's so easy to see the simple truth
But most of all, nothing couldn't be solved when I'm with you
Thanked by:
#22
Aw, I missed it.
[Image: b1.php?u=39480955]
Quote:You had wasted MY LIFE... waiting for just a goddamn bunnelby model.
-The prestigious Farlavor
Thanked by:
#23
Dazz saves the day once again~
Thanked by:
#24
thanks dazz, wjhen i saw that in the search box i was deeply offended!!!!! my brothers and sisters are from israel and i know they would not like this at all. thank you dazz. i can not thank you enough. ill give u all my rep you just own so much. fuck. god damn dazz. god damn. you just own. plain out own. dazzelz Heart3 xoxo
Thanked by:
#25
I sense a ticket tape parade in the name of Dazz.

Job well done good sir.
Thanked by:
#26
It was a MyBB vulnerability (color me unimpressed, why is MyBB so shitty).

The guy used a public MyBB 1.4.6 exploit, gained admin privileges on the forum (strangely enough, the account he used didn't have admin privileges anymore when I checked), dropped some php exploits into the forums cache folder because he couldn't write anywhere else (he didn't get root, couldn't escalate privileges. He could only run things with the same permissions as the webserver. He also failed to backdoor the forum's code for the same reason)

Then he overwrote index.html, which is a cached file generated by tSR's update system (so the webserver must have permissions to write to it), which was promptly regenerated by Dazz when he hit the "Regenerate index" button.

Then I just had to clean up the exploits he dropped and upgraded the forums so this wouldn't happen again.
Thanked by:
#27
(06-29-2009, 02:36 PM)Solitaire Wrote: thanks dazz, wjhen i saw that in the search box i was deeply offended!!!!! my brothers and sisters are from israel and i know they would not like this at all. thank you dazz. i can not thank you enough. ill give u all my rep you just own so much. fuck. god damn dazz. god damn. you just own. plain out own. dazzelz Heart3 xoxo

Search box? For me the page was just that text.
Thanked by:
#28
(06-29-2009, 03:17 PM)K.D. Wrote: so this wouldn't happen again.

For another two weeks. Fucking MyBB.
[Image: tumblr_lctx1p6L3L1qzvjn8o1_500.gif]
Thanked by:
#29
I'm part Israeli. But I did not check the TSR main page in a couple days, thus I didn't get to see the hack. But good job clearing it up anyway.
Gifts
[ PK - TomGuycott - MoneyMan ]
Thanked by:
#30
I didn't actually se this happen. I was on this morning, but nothing happened. At least it's over Smile
I have Animal Crossing: Let's go to the city, so if you wanna wi-fi, PM me Smile
Thanked by:


Forum Jump: