what happened ?

Anything and everything that's related to OGRE or the wider graphics field that doesn't fit into the other forums.
MrSandman666
Gnoblar
Posts: 18
Joined: Sun Dec 05, 2004 6:34 pm

Post by MrSandman666 »

Well, although it really does make me furious I can't help but see a pattern here!
Yesterday I wanted to check out another forum which I read regularly (The Forge at www.indie-rpgs.com, which is THE site for serious indepentant rpg design) and it was totally and completely hacked. All I got was a message from the admin that the site has been hacked and that he was out of town but would restore everything as fast as possible.

Is someone trying to destroy my life here??? :evil:

First The Forge, now Ogre...

Damn these guys!

[gollum]nasty hackerses! nasty hackerses! will kick their asses, precious! yeeeeeessss! Will spit on their food, will make them feel sorry for what they did! Yeeesss, precioussss, yeeeeeesss! We will do that! Nasty hackerses![/gollum]

P.S.: I would have some stronger things to say but I'm trying to stay away form things that could get me to court ;)
Mr. Sandman bring me a dream...

fantastico
Halfling
Posts: 46
Joined: Sat Oct 02, 2004 12:32 pm

Post by fantastico »

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563.

One missing '=' leaves phpbb completely vulnerable.

fantastico

User avatar
sinbad
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 19265
Joined: Sun Oct 06, 2002 11:19 pm
Location: Guernsey, Channel Islands
x 66
Contact:

Post by sinbad »

Yes, we're on 2.0.13 now. I updated to 2.0.11 (the last major flaw) before getting hit, looks like I missed it this time.

The kind of people who do this are like the big dumb kids who smash other kids sandcastles. Too dumb or lazy to create anything themselves, so they destroy other people's hard work to take their minds off how pathetic and utterly pointless their own little lives are. In a way I pity them - with all the opportunities and tools the internet offers (I would have killed to have a tool like this when I was a kid), this is how they choose to use it.

Having said that, I would also take the opportunity to rip their scrawny little balls off if the chance arose. :evil:

User avatar
temas
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 390
Joined: Sun Oct 06, 2002 11:19 pm
Location: The Woodlands, TX
Contact:

Post by temas »

Just a few notes for the people that are wondering. Yes we upgraded to 2.0.13. No, I still don't feel safe running phpBB, but we're in too deep to change right now. Yes, we did try to find the intruder. No, we could not get any real information about the intrusion because we really don't have control over logs or anything on SF. Yes, we think the escalation hack was probably how they did this, because it was two specific forums that were compromised and not a clean wipe. No, I have no no for this point. Yes, we have another backup plan in effect for now. No, that is not all we're relying on, we're also going to move our web hosting to a machine we can control more. More about the move soon.

[edit]Files, CVS, bugs, and what not will stay on SF, just the web matters will move for now.[/edit]

User avatar
glateur
Halfling
Posts: 44
Joined: Mon Aug 02, 2004 6:39 pm
Location: Belgium

Post by glateur »

Yes, it's great to see you guys on top of this.
No, I don't think I could restrain from physical violence, either.

User avatar
sinbad
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 19265
Joined: Sun Oct 06, 2002 11:19 pm
Location: Guernsey, Channel Islands
x 66
Contact:

Post by sinbad »

SF have escalated this issue and are working to identify the source. The access logs (which we can't see, but they exist) are large but now we have a better idea what to look for, there is a chance we will identify the person responsible.

User avatar
glateur
Halfling
Posts: 44
Joined: Mon Aug 02, 2004 6:39 pm
Location: Belgium

Post by glateur »

That's good to know, I'm sure you'll keep us posted on how this works out.

Suppose for a minute, though, we did find ('without a reasonable doubt') the person(s) who did this. Do you think it's possible (t)he(y) will ever be held responsible for this misbehaviour? Can (international) justice really ultimately prevail in this case?

Don't get me wrong here, I don't want to get all gloomy about it. And I do think you should (and will) try everything you can to find the intruder. I'm just wondering who's going to pay our lawyer, that's all..

Anyway, the main thing is most of the topics have been recovered. :)

RoundSparrow
Greenskin
Posts: 145
Joined: Wed Jan 19, 2005 4:36 am
Location: Arica, Chile
Contact:

Post by RoundSparrow »

Sinbad and/or ogre team. I can donate 200GB of disk space from a server hosted at HE.net in Fremont, CA. I also have a second site in Phoenix.. I have an entire rack of servers at HE.net, and I own the server... I can agree to terms over not using the data/etc... I'm an ogre fan, not trying to gain anything other than the loss of the forum posts :) We have a OpenBSD firewall and our servers are pretty low-profile (we use them mostly for development / coding - not for hosting web sites).

We could even agree to be a MySQL replication partner (slave) and do our own snapshot backups for ya. This requires little bandwidth on your end. Contact me PM on the forum if you are interested.

User avatar
:wumpus:
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 3067
Joined: Tue Feb 10, 2004 12:53 pm
Location: The Netherlands
x 1

Post by :wumpus: »

sinbad wrote:In a way I pity them - with all the opportunities and tools the internet offers (I would have killed to have a tool like this when I was a kid), this is how they choose to use it.
I wonder why those kids were so destructive, back in my 'kid' times just placing a message or picture on a hacked site was 'hot'. Nothing like wiping everything.

I hope the police gets them and they'll piss in their tiny little pants.

User avatar
Antiarc
Greenskin
Posts: 120
Joined: Thu Jan 23, 2003 8:40 am
Contact:

Post by Antiarc »

:wumpus: wrote:
sinbad wrote:In a way I pity them - with all the opportunities and tools the internet offers (I would have killed to have a tool like this when I was a kid), this is how they choose to use it.
I wonder why those kids were so destructive, back in my 'kid' times just placing a message or picture on a hacked site was 'hot'. Nothing like wiping everything.

I hope the police gets them and they'll piss in their tiny little pants.
It's entirely possible it wasn't even some kid. I believe there are worms out there now that crawl the web for vulnerable phpBB installations and deface them.

If it was some kid...how pitiful. You're obviously someone with an interest in technology, and it's a crying shame to see it wasted on maliciousness. Go learn something useful, rather than destroying the hard work of others, eh? You're not big or bad, your e-penis has not grown, you're just a common, run-of-the-mill annoyance slightly below spammers on the respect totem pole. Grow up.

User avatar
temas
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 390
Joined: Sun Oct 06, 2002 11:19 pm
Location: The Woodlands, TX
Contact:

Post by temas »

Do you think it's possible (t)he(y) will ever be held responsible for this misbehaviour? Can (international) justice really ultimately prevail in this case?
Honestly, no. I would say the chance is next to zero. I've handled so many hacks, and only one I ended up with any kind of ability to do anything about it. Plus, like Antiarc suggested, odds are it was a worm or something else that some punk put out there just to screw with stuff.

User avatar
monster
OGRE Community Helper
OGRE Community Helper
Posts: 1098
Joined: Mon Sep 22, 2003 2:40 am
Location: Melbourne, Australia
Contact:

Post by monster »

...e-penis...
:lol:

Behaviour of this kind is like the "music" of Jennifer Lopez; it beggars belief that there are people out there who think it's cool, doesn't it just piss everyone off?

I reckon the first place to look for the culprits are the people who post "we're gonna make a MMOPRG" type messages, then get frustrated because they can't actually create anything good or nice and get angry at the world. They're the kind of kids that would smash up someone else's toys if they were cooler than theirs.

I dunno, kids today eh?

User avatar
johnhpus
Platinum Sponsor
Platinum Sponsor
Posts: 1186
Joined: Sat Apr 17, 2004 2:49 am
x 3

Post by johnhpus »

I reckon the first place to look for the culprits are the people who post "we're gonna make a MMOPRG" type messages, then get frustrated because they can't actually create anything good or nice and get angry at the world. They're the kind of kids that would smash up someone else's toys if they were cooler than theirs.
I pissed one of these MMORPG punks off in our irc channel and got port scanned for a good while by him. I think that theory is a strong possibility. I still recall the name of the server that was used if anyone thinks there's a chance they're the same fucker.

edit: And actually, the General Discussion forum had the "MMORPGs are doomed" thread. The recruitment forum contained a solicitation for programmers by this MMORPG wannabe. Coincidence?

User avatar
PeterNewman
Greenskin
Posts: 128
Joined: Mon Jun 21, 2004 2:34 am
Location: Victoria, Australia
Contact:

Post by PeterNewman »

I think that this has been handled in the best way: We don't care, we have backups, you have no effect on us. ph34r t3h h4x0r 5k1llz, NOT.

I sure bet their e-penis is shrinking now that they can see every-thing back the way it was (give or take). They ae only slightly above "server glitch" in the amount of trouble they have caused.

E-penis *snicker*

T.T.H.
Gnoblar
Posts: 14
Joined: Tue Jul 06, 2004 5:33 pm
Location: Regensburg, Germany
Contact:

Post by T.T.H. »

to the whole OGRE team: neither loose faith nor motivation, not due to some stupid, destructive behaviour like this hack - all your work is highly appreciated by a lot of people.

T.T.H.

User avatar
:wumpus:
OGRE Retired Team Member
OGRE Retired Team Member
Posts: 3067
Joined: Tue Feb 10, 2004 12:53 pm
Location: The Netherlands
x 1

Post by :wumpus: »

T.T.H. wrote:to the whole OGRE team: neither loose faith nor motivation, not due to some stupid, destructive behaviour like this hack - all your work is highly appreciated by a lot of people.
We won't, don't be afraid, a little kid isn't going to make any difference in that.

I agree with PeterNewman. As we're an open source project we should just make sure a lot of backups exist of our data (and yes we do backup the CVS tarball regularly), we have nothing to fear of l33t haxxor kids. What are they going to do, steal the source code? :lol:

CodeMeister
Gnoblar
Posts: 16
Joined: Wed Jan 15, 2003 4:58 am
Location: Idaho, USA

Post by CodeMeister »

The unfortunate downside of locating the perpetrator is that the victim is virtually powerless to prosecute. My ISP was hacked several times despite efforts to "bulletproof" my servers. Despite the fact that we were able to identify the miscreants on three occasions, we were unable to prosecute.

Reliable backups and attention to security details is about the only way to combat these jerks.
"Experience: what you get when you didn't get what you really wanted."

ranakor
Gnoblar
Posts: 1
Joined: Thu Sep 04, 2003 1:49 pm

Post by ranakor »

CodeMeister wrote:The unfortunate downside of locating the perpetrator is that the victim is virtually powerless to prosecute. My ISP was hacked several times despite efforts to "bulletproof" my servers. Despite the fact that we were able to identify the miscreants on three occasions, we were unable to prosecute.

Reliable backups and attention to security details is about the only way to combat these jerks.
out of curiosity why where you unable to prosecute?

max621
Gnoblar
Posts: 14
Joined: Wed Jul 07, 2004 2:01 am

Post by max621 »

I don't understand why somebody would hack a site like this. I can understand hackers/ script kiddies targeting sites like AOL or something, but why something that provides a good open source product? Just to increase their ePenis I guess.

Post Reply