Jump to content
MakeWebGames

Server down

ColdBlooded

By ColdBlooded
in News and Announcements

 Share

Recommended Posts

URBANZ Contributor

URBANZ

Posted
Posted

the thing i laugh about him he says he is a cop ( bullshit) but if he was he would know the laws like copyright and ect and look at this

http://www.gambino-army.com/test/ (SO CALLED GAME ENGINE THAT IS DEFO MCCODES)

login: demo/demo

i was having a look about and ffs mailbox looks the same uses same querys same as forum and for profiles he has just made them read usernames instead of ids i think he just needs to go live his pathetic life somewhere that dont bother anyone else

Link to comment
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Ishraq Enthusiast

Ishraq

Posted
Posted

LMFAO

Laughing My FFing Ass Off........

Everything is the same. Even the shops. preferences. game stats.

It's so obvious some files were deleted or renamed like mainmenu.php That's easy to rename. You can rename that to usermenu or menu. Etc.

But for forums.php he got stuck there lol.

OMG.

for viewuser he changed it to profile. But that ?u=

Is still used HAHA

 

User Level: Administrator

Signed up: August 22, 2010 8:21:54 am

Last active: June 29, 2011 11:56:29 pm

Last Action: 150 days ago

Last Login: 150 days ago

Status: Offline

Age: 1 years, and 3 months old

Gender: Male

 

Typical viewuser details.

lol so much more I can say.......

Link to comment
Share on other sites
Dave Community Regular

Dave

Posted
Posted
Regardless of Gambino whats funny is that you allowed your server to be compromised probably by sheer laziness.

I wonder if they stole any user information? Thus making it a potential breach of the data protection act...

I'm seriously interested in seeing what they've done to the server because I doubt they just defaced it. They're clearly not whitehat thus most likely using their compromised servers for some profit gain.

Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted (edited)

No. 1 - If it was a DOS(since it was actually just one line) attack, it would've been easy to rescue if you actually attended to your damn sever.

No. 2 - Rooted via web exploit? Apache should chroot'ed, that's just terrible that you were so loathsome.

No. 3 - Turkey is easy to stop, ban their ipblock, allow home-orientated ISPs.

All this could have been avoided by following the most basic of security procedures: updating software.

Oh, ps: I'm positive that the attack was made through an hosted MCC version on the server, go figure.

Edited by Spudinski
Link to comment
Share on other sites
rulerofzu Newbie

rulerofzu

Posted
Posted

As the server was never actually offline. Just the index pages then Im assuming all they have done is replace the index files back to originals. So we are all discussing this on an exploited server.

The server hard drive should be wiped and everything reinstalled obviously not bringing back the redux demo, monodistrict and any other mccodes demos and updating VB to the latest version.

Really IF you cannot be bothered to do that then delete my account as I do not wish my details stolen and as David has stated your already in breach of the data protection act.

Ive already had one spam msg from here from someone I dont know. Have never know....

Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted (edited)
As the server was never actually offline. Just the index pages then Im assuming all they have done is replace the index files back to originals. So we are all discussing this on an exploited server.

The server hard drive should be wiped and everything reinstalled obviously not bringing back the redux demo, monodistrict and any other mccodes demos and updating VB to the latest version.

Really IF you cannot be bothered to do that then delete my account as I do not wish my details stolen and as David has stated your already in breach of the data protection act.

Ive already had one spam msg from here from someone I dont know. Have never know....

I agree.

That is the normal practice if the machine has been compromised... Actually, steps from my manual.

1. Unplug network cable.

2. Wipe hd, DoD method or better.

3. Re-install software from sources.

4. Restore a safe backup.

5. Plug cable back in.

6. Optional forensics, in which case you would've needed to replace step 2 with another hd.

As for the privacy laws and else, it don't think it counts for free message boards like this.

Edited by Spudinski
Link to comment
Share on other sites
Dave Community Regular

Dave

Posted
Posted
I agree.

That is the normal practice if the machine has been compromised... Actually, steps from my manual.

1. Unplug network cable.

2. Wipe hd, DoD method or better.

3. Re-install software from sources.

4. Restore a safe backup.

5. Plug cable back in.

6. Optional forensics, in which case you would've needed to replace step 2 with another hd.

As for the privacy laws and else, it don't think it counts for free message boards like this.

I doubt McCodes will do this.. for obvious reasons.

Hmm I'm not entirely sure.. but they do hold every users email address along with potential locations. Probably not much of an issue.

Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted
I doubt McCodes will do this.. for obvious reasons.

Hmm I'm not entirely sure.. but they do hold every users email address along with potential locations. Probably not much of an issue.

I have a strong suspicious that they keep archived passwords as well, either from access logs or another form.

See, my alias was hacked a day after this thread was made, and the only place who has held the credentials within the past two years is this site.

It's weird actually, because my present password on MWG is a randomly generated one, and my password on my mail account would take longer than a day to successfully have been bruted.

Link to comment
Share on other sites
Dave Community Regular

Dave

Posted
Posted
I have a strong suspicious that they keep archived passwords as well, either from access logs or another form.

See, my alias was hacked a day after this thread was made, and the only place who has held the credentials within the past two years is this site.

It's weird actually, because my present password on MWG is a randomly generated one, and my password on my mail account would take longer than a day to successfully have been bruted.

Rather strange.. I wonder if McCode will follow the correct legal procedure when dealing with this mess. Will be a shock if they do.

Link to comment
Share on other sites
chicka Newbie

chicka

Posted
Posted
Rather strange.. I wonder if McCode will follow the correct legal procedure when dealing with this mess. Will be a shock if they do.

Yea right. They don't take legal action against those running games with out a proper Mccodes license.. i'm sure nothing will be done, but who know's I could be wrong!!!

Link to comment
Share on other sites
rulerofzu Newbie

rulerofzu

Posted
Posted

Sheesh you know less than I thought you did CB which is not a lot to begin with.

Lets dumb it down a bit for you.

A script is insecure on your server.

They hack into the server through the script (see look still no mention of SSH)

They then write onto the server itself and are now in control of your server.

So unless you wipe the drive then your server is still compromised.

Link to comment
Share on other sites
a_bertrand Newbie

a_bertrand

Posted
Posted

Well not true ruler. If a script is insecure, and your apache runs with let's say the user apache, you can write ONLY where the user apache has the right to write... which is normally not a lot. Now if you enable binary CGI then you could maybe face other kind of attacks as they could have entered with PHP and then switched to C/C++ and use one of the linux vulnerability to escalate the privileges. If this is the case then you are in big troubles but I highly doubt it. It look like (from a simple research of that kind of hackers and the effect I saw as user) simply a PHP attack and simply the index replacement nothing so bad in my opinion. Wiping the drive seems way useless for me, but well, hey, everyone is free to think differently.

Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted
Well not true ruler. If a script is insecure, and your apache runs with let's say the user apache, you can write ONLY where the user apache has the right to write... which is normally not a lot. Now if you enable binary CGI then you could maybe face other kind of attacks as they could have entered with PHP and then switched to C/C++ and use one of the linux vulnerability to escalate the privileges. If this is the case then you are in big troubles but I highly doubt it. It look like (from a simple research of that kind of hackers and the effect I saw as user) simply a PHP attack and simply the index replacement nothing so bad in my opinion. Wiping the drive seems way useless for me, but well, hey, everyone is free to think differently.

The fact is that someone was able to gain enough privileges to write somewhere(they already have read and execute privs), there's nothing that says they didn't use a vulnerable setuid program to gain access to other places.

Link to comment
Share on other sites
gambino Newbie

gambino

Posted
Posted

well, if you said you (I think it was you) and someone elses IP address has access to the server, could it be that the hackers gained access using a proxy IP set up to look like your IP address? Also, my server has been set up where no one externally has access to the server through a different server or domain that isn't set up on the main server. But can only gain access to the control panel. I tried doing another means to access the server like using dreamweaver, but I get an error "Can not access server" so it's a fact that no one can gain access through an external source.

Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted
well, if you said you (I think it was you) and someone elses IP address has access to the server, could it be that the hackers gained access using a proxy IP set up to look like your IP address? Also, my server has been set up where no one externally has access to the server through a different server or domain that isn't set up on the main server. But can only gain access to the control panel. I tried doing another means to access the server like using dreamweaver, but I get an error "Can not access server" so it's a fact that no one can gain access through an external source.

The term for it is called spoofing, but it's rather easy to setup a firewall rule to check for it.

In addition, OpenSSHd would not be able to be configured without a password/key.

And what I think you're talking about is discarding echo icmp packets, which would result in remote places not being able to tell if you're online by using the traditional ping.

Link to comment
Share on other sites
gambino Newbie

gambino

Posted
Posted

well, with the server configurations that was given to my from the server administration blocked the SSH port, which is 22, and blocked access ports from remote file access of 21. The only access you can get access to the files is from the local server or from the domain specified to the server. Other ports, which are used for external access, has also been blocked on my server so there's no way of pulling it from a remote source.

I may have gotten my control panel slowed down at certain times, but it's worth it if I want to be safe with my info.

Have y'all set the .htaccess file, and changed the server configuration? It would probably help most the time.

Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted
well, with the server configurations that was given to my from the server administration blocked the SSH port, which is 22, and blocked access ports from remote file access of 21. The only access you can get access to the files is from the local server or from the domain specified to the server. Other ports, which are used for external access, has also been blocked on my server so there's no way of pulling it from a remote source.

I may have gotten my control panel slowed down at certain times, but it's worth it if I want to be safe with my info.

Have y'all set the .htaccess file, and changed the server configuration? It would probably help most the time.

It makes no sense to block output ports, which is probably why your programs are lagging.

And SSH and FTP shouldn't be blocked, in or out.

Link to comment
Share on other sites
Dave Community Regular

Dave

Posted
Posted
Can someone anwser something for me?

Did something get hacked again? I'm confused as to what got hacked, and what is happening now besides the bickering on the last 3 pages that is hard to follow.

A server wide "breach" happened causing all index pages to be re-written/changed.

Link to comment
Share on other sites
gambino Newbie

gambino

Posted
Posted (edited)
It makes no sense to block output ports, which is probably why your programs are lagging.

And SSH and FTP shouldn't be blocked, in or out.

well, security is a number 1 priority for me. I used filezilla, but I can't use it anymore because someone hacked my friend using filezilla and using a secretly made program that works with filezilla to gain access using false positive. That is why port 21 is blocked on mine so there's no such thing as accessing through external source.

Edited by gambino
Insomnia.... couldn't spell right.
Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted (edited)
well, security is a number 1 priority for me. I used filezilla, but I can't use it anymore because someone hacked my friend using filezilla and using a secretly made program that works with filezilla to gain access using false positive. That is why port 21 is blocked on mine so there's no such thing as accessing through external source.

Yea, it's called a buffer overflow exploit. Most ftp severs have a long history of this.

It's very easy to reproduce, but very hard to actually find/create it.

Edited by Spudinski
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...