Sudo Update And All that I know--Regarding Issue with McFarlin

[Joshua]

Although I'm sure someone will jump on this post and eventually get it locked, i impore you not do so as I'd like to get to the bottom of what is going on while I've slept.

Yesterday Morning, several sites that I do work for were maliciously attacked. To my knowledge none of them were hurt during this attack, including my own site. I do beleive they did DDos my site as for approximately 5-10 minutes the servers I run on with my host went down. Late last night, around 10:30p.m central standard, a buddy of mine "BludCart on mwg" was having issues with an xss injecor on his site. After about half an hour to an hour working to stop that entirely ( Ended up using secure variables and an .htacess re-write ) We managed to thwart the would be Hacker and I logged off to get some sleep.

 

I logged on approximately an hour ago from this post time to see that McFarlin has been hacked and a lot of his files were lost. They then proceeded to re-direct his site to my own personal gaming site. As this would make absolutely NO SENSE for myself to do, as McFarlin has been a paying customer of mine and has had plans of purchasing more stuff off of me, I can only assume someone is attempting to ruin my rep, perhaps for their own personal gain in some area or another. I assure you this isnt the first time this has been tried, though I know the culprit that did this last time and it has been delt with.

I also noticed someone used a Demo Account on My site to claim they were elite hackers and they were going to "bring it down".

Although i'm sure this is most probably a proxy, you just never know.

The IP of the user that claimed fame on my site was

98.16.209.176 98.16.209.176 - 98.16.209.176

I assure you I will get to the bottom of this.

McFarlin.

Though I'm sure you are set in stone that it was (Me) I implore you to use common sense of what I've already discussed. It would make no sense for me to "hack" your site, none whatsoever. I will offer my services to you for free to get you back on your feet however, as you have been a good customer up until today, when you obviously should have gotten in touch with myself before trying to throw my name in the dirt.

Again, I understand you would be upset, as I would be, But common sense should have told you it wasnt myself.

I'll post more as I gain more updates. Sorry for turning mwg into myspace drama.

[Joshua]

Just gets more fun.

 

There was more than 1 games this was done to, My IP was used.

[Joshua]

Side Note--

If anyone could inform me who I need to contact about my IP theft so I can clear my name and catch the culprit I'd be grateful.

[Curt]

Good luck, I hope you get to the bottom of this soon, because from the way it sounds this person is definitely trying to frame you and doing a damn good job of it.

cheers

[Joshua]

I'm not 100% sure how or what they are doing. I am contacting my ISP provider to get LOGS as concrete proof what time I disconnected last night.

I'm on dial up, so my comupter usually isnt on-line much, and proving that my ISP wasnt connected at the time of the attacks is step one.

 

It would be differant if it was one game, but as it turns out it was 3-4 games all last night.

 

As a side note, None of these sites had strong security, i've just sold them mods and was planning on securing them in the future. Well two of them that is. So whoever it is knows My current game, My IP and their sites.

The chance of a virus on this computer is high as the virus program on this computer is garbage, and being on Dial up i can't download a better one. Random disconnects every 3-4 hours kill that option ><

[Mcfarlin]

While i do not know 100% wtf all had happened.

you have to see this from all sides.

All of the evidence pointed to you bro.

and i know we will get this figured out soon enough and the ppl or person who has done this will pay, if it be you or some other.

like i told you earlier i hope its not the first.

?( ?( ?( ?( ?( ?( ?( ?( ?(

[Joshua]

McFarlin I am in no way shape or form pointing any of the blame at you.

The only thing I wish you had done differantly is get with myself first, but I understand why you posted here.

 

I know you have put a lot of work into your site and that's why I always offered to help you with basic stuff free of charge. I only wish I had secured your site free of charge so this would not have happened >,<

 

I'm not 100% who the culprit or culprits are, but rest assured, I will find you.

 

Beleive that.

[iR00T]

98.16.209.176

xD - I know that skiddie. I got his msn and all that. Google "r00t-x" if you want to find out more about this dude, I can tell ou a little bit, He's hacked 4,000+ servers I watched him hack hackforums less than 2 months ago, He's pretty good.

[Joshua]

I've already discovered who that IP belonged to, even tho it was through a Proxy.

I assure you, he has zero, hacking skills =)

Self Admitted as well, so i'm 100% sure. :)

[Redex]

Immortal, it's unlikely but your not on Messenger? Sorry for spamming your topic!

[Mcfarlin]

well i had not went public with my site to this point BECAUSE I KNEW it was not secure, the plan was to run through the security after all the things that were added to the site were running 100% and bug free.

There are a lot of things that could be said here, but i really dont think they are needed.

[Redex]

Mcfarlin, i think many people will agree with me that your a good Human-being. Community of Makewebgames, has not / and will never try to discourage someone from running a game. We are all here to help, whether someone has limited knowledge or maximum knowledge of languages such as php/mysql, with everyone's input and knowledge you and many other people will be able to take there site to the level there happy with. There are many people on here, who aim to help people as much as they can, becuase it's the good feeling that's preventing them from going back from the right path. I'm sure many people would agree with me here, that most of the times, when a member of this forum needs help and he posts his problem here, generally it is solved. I know i'm not a experienced coder, nor i am that good with security, but it's motivation from other people that keeps you going, and the feeling that hopefully if your work does not help one person then it may help the other. I attempted to secure 2 files yesterday, they might not be the best but who knows it could have helped some of the people out there who were looking for a bit more security on there bank file or preferences file . I'm just trying to make a point here, never give up and always try your best at everything. I for one can say, if you ever need my help in anything, and i have the capabilities to do it i will spend all my time and effort, into ensuring that you get what you want, and it is achieved to the best of my ability. I would also like to inform the members of Makewebgames, not only Mcfarlin but anyone else who needs my help i am always willing to play my part where necessary. I know, my skills and knowledge are limited but i'm sure everyone would agree, i'm going through the learning process, and i am progressing at a acceptable rate. Consequently, this is a message i would like to portray to everyone, never give up and always take negative criticism as motivation, as that will help you in the long run, and at the end you will go back to the person who gave you that criticism and say thank you, becuase without them motivating you, and providing you with that last energy needed to complete you task you would not be where you are now. I hope this helps many people, and Mcfarlin i'm always there for you buddy.

Best Regards: Redex

[iR00T]

Um, Immortal we must havea differnt dude's because the dude that I know that uses that proxy as well, He is a damn good hacker. Like I said he took down HackForums, And the owner Omniscient paid over 2 grand for security. and he just sold the site to a nwe owner for 30k so I'm pretty sure this udde can hack as he did and I watched him, We must totaly have diffrent people xD

[Zero-Affect]

Immortal, a possible reason for the recent weird events may be due to you rubbing someone up the wrong way, have you done anything to someone that might pee them off?

To me it sounds like your computer is open to stuff like teamview or programs which allow a external user to access your computer and use your computer. <Possible or maybe they just figured out a way to bypass ip checks with cpanel and disguise their ip as yours im sure that's not so difficult.

Immortal don't use the words 'zero' and 'hack' in the same sentence it's bad PR lol

[Eternal]

lol

Lol. First of all i personally would have to say i don't like you immortal

 

But in this case i would have to say DDOS lasting 5-10 mins wouldn't be a ddos, Just a server malfunction.

You say xxx persons files deleted. IF they had access to delete the files and "if" they on the same server i would say if they using your ip then they have changed it to match your ip adress. cheap ass passwords and insecurities are the worst thing you can ever do.

 

Rules of engagement on designing and running a website.

NEVER TRUST THAT THE USER WON'T FIND THOSE VULNERABILITIES.

CODE FIRST SECURITY LAST IS NOT THE RESPECTABLE IDEA.

IF YOU ARE HACKED BECAUSE OF THIS THEN IT IS YOUR OWN FAIL.

 

If you require help towards these issues please send an email to [email protected]

or signup to the websites forums. http://www.justgothacked.com

We are getting more and more private members via email asking for our help. Don't be ashamed to ask for help

your name and website won't be listed in our repository if you don't want it to be.

 

Love always Eternal.

[Zero-Affect]

Seems were both offering our services eh Eternal, either way I'm sure it will be secured up-to a point.

[Redex]

Eternal, after logging into your website there is not many boards ;)

[Eternal]

Eternal, after logging into your website there is not many boards ;)

as far as you know ;) read the first post about rules.

members will only see two forum boards

updated members "official members" will see more ;)

[mdshare]

Jumping in defence of mcfarlin now

 

You can't accuse someone blindly without real proof. If you would have checked thoroughly you would have noticed that mcfarlin holds a dynamic IP. Do not accuse people solely based on IP.

[Joshua]

The problem with that being said, is Dynamic IP or not, It was My IP.

I've already checked, and changed my current IP to avoid any further damage.

A cpanel bruteforce was discovered on McFarlins computer and has been removed.

Hopefully anything else found that did not belong was removed as well.

 

------

 

Eternal it matters not if you like me or dislike me, I said what I said in regards to you following other people's posts about you. I have had no personal experience with you other than the garbage over Decio which has been more than resolved.

-----------

 

The person who hacked McFarlin did not do a great job in setting me up, as even an idiot would know to use some form of proxy when hacking websites.

Why in the world would i use my real IP? seriously :p

My clients, and my friends, know full well that I was not involved in these malicious attacks. Just goes to show you can spend tons of time building up a reputation for your clients only to have a hacking teenager damage it in the blink of an eye.

[Zero-Affect]

The person who hacked McFarlin did not do a great job in setting me up, as even an idiot would know to use some form of proxy when hacking websites.

Why in the world would i use my real IP? seriously :p

Just say i was you, i would simply use my IP then claim conspiracy... not difficult i mean people would never assume you would use your real IP therefore it wasn't you.

[Joshua]

Understandable

 

BUT IT WASNT ME lol :)

[Zero-Affect]

Was it just Mcfarlin's website that got hacked or more?

[Joshua]

I beleive 3 that I know of, but I know the culprit of the other 2 >,<

This person isnt good enough to do what was done to McFarlin tho.

[Eternal]

lol9

*cough* The person is probably reading this right now laughing at you

and the 3,000 mistakes you have made in your choice of words.

 

Let me get this straight.

They used your ip

but you don't use your ip

you use a proxy.

i am trying to think dumb to understand you.