Early this morning a member named "Administrator" on the forums hacked into my account, along with most of my email accounts, and later continued to spread havok accross the boards. Luckly Neku, Kyll, Hyades and XCalibur saved the day by defeating the hacker and restoring the peace on the forums. Not everything has been ironed out yet, so as a precaution, member registration has been disabled until further notice.


Discuss :rolleyes:

Sucks to be hacked. No ones ever done any serious damage here but I've always been careful about keeping things secure.

Lame of them to spam their "WE'VE BEEN HACKED" message all over the place. Pretty funny though, but must be pretty fucking annoying for them. :aldo:

dksahdasjkl

LOL. I think this is funny. "LUCKILY... we saved the day by defeating the hacker and restoring peace to the forums."

They make is sound so... Grandiose. :rolleyes:

We are sorry but the page you have requsted is down for the time being.

The reason this page is down is for breech of TOS.

in section 3.5.6 in our TOS you agreed not to upload any kind of malicious software and or promote any kind or pirating or "warez".

O____O

And then scroll down:


The hacker you were dealing with has led us to this information and asked us to relay this message" You got OWNED and thats what you get for breaking TOS sincerly Kyle from London:)"

O_____________________________O

rofl

Looks like someone has hacked their site and planted some warez. :lol: Unless they actually were hosting stuff against the TOS but FFK doesn't seem like the type.

I'm actually starting to think that message isn't real now. I don't think Dream Host would associate with the hacker. They've also spelt "requested" wrong. rofflecake.

Yeah, it's a pretty big pain in the ass. That message was posted by the hacker, think he was trying to pose as Dreamhost, and then me, since I'm Kyle, and I love in London.

Ah right, I wondered why it was from someone also named Kyle. :aldo:

What's going on now, then?

Ohhhhh that makes things more clear. I assumed they meant London, England. Sounds like they're either a disgruntled random or a person who has far too much time on their hands getting to know your community.

@Neal: Hmm, I'm not really certain, last I saw this person had Davids Dreamhost log in, and took the site offline while David was at work. I had gone to sleep by the time David finished his shift, and I woke up this morning to see the site is now sorta back online.

@Robb: I have a feeling i know who it is. I don't think they used a proxy for their IP either, I checked if before my staff account was deleted when this person originally screwed up the forums, and it goes to Virginia in the USA. I called the ISP of IP too. Apparently we need to send them somce server logs and a UTC time stamp, heh, hope David knows how to get at that info.

No one in England would dare hack us for fear we'd send Cathryn after them. :aldo:

No one in England would dare hack us for fear we'd send Cathryn after them. :aldo:

Or we could threaten to give their MSN addy to Clone.

The horror :blink:

No one in England would dare hack us for fear we'd send Cathryn after them. :aldo:

holy shit. :aldo:

She's pretty controllable if you just throw some cigarettes at her.

The guy still has access to my DreamHost account, so whenever I try to upload something(the hacker was too idiodic to change the FTP password :P) a little while later, the main directory gets wiped. He also got all the databases. Thank god for backups :D

She's pretty controllable if you just throw some cigarettes at her.
I tried that before it doesnt always work, she'll just take the cig and keep on coming while still smoking it and fuck you up, she put me in the hospital for a couple days



Call the police Kid >: (

No, it doesnt work that way does it?
>>;

The guy still has access to my DreamHost account, so whenever I try to upload something(the hacker was too idiodic to change the FTP password :P) a little while later, the main directory gets wiped. He also got all the databases. Thank god for backups :D

So change your pass

^I couldn't even log in O_o

---

Yay I got everything back :D

(>^.^)>

Thats good, howd you do it?

Looks like your news backup is from a pretty long time ago, what happened?

Ya that one didn't work for some reason, but I have another way of restoring everything back. Kyle and I will just put everything back manually because he copied all of the last two pages of updates.

EDIT: Ok this is pretty important. I discovered how he was able to hack into the site. This guy used an exploit in topsites, which allows him to see the hashed passwords(along with other info, but obviously the password is the most important thing). So I suggest that if you used the same/similar password for anything(email addresses, hosting account, domain registration etc.) then I suggest that you change your passwords because he may be able to access them and eventually get into some more important ones.

At first I thought he got through from an exploit in vbulletin since I am not using the most up to date version, but now I believe this not to be the case anymore!

Yeah, the guy signed into David's (FFK) hotmail and I talked to the guy for like 5 hours, he is SUPER fucked in the head.

Nice to know the topsites are so vulnerable =/. I'm glad that it was nothing to do with hacking anything else, just some similar passwords which are now all different.

Ya that one didn't work for some reason, but I have another way of restoring everything back. Kyle and I will just put everything back manually because he copied all of the last two pages of updates.

EDIT: Ok this is pretty important. I discovered how he was able to hack into the site. This guy used an exploit in topsites, which allows him to see the hashed passwords(along with other info, but obviously the password is the most important thing). So I suggest that if you used the same/similar password for anything(email addresses, hosting account, domain registration etc.) then I suggest that you change your passwords because he may be able to access them and eventually get into some more important ones.

At first I thought he got through from an exploit in vbulletin since I am not using the most up to date version, but now I believe this not to be the case anymore!
Really? How did you figure that out?

Our passwords are different anyway, so no big deal. Thanks for letting us know though!

Sounds like you use the same password for everything... learnt the hard way, I guess. ;(

We figure it out when the guy was talking to me through Davids msn, he was talking about how it all started and he posted this:

'ffxiii','[Removed]','http://www.ff-xiii.net','http://ff-xiii.net','FF-XIII.net','Your #1 source for all Fabula Nova Crystallis media and information.','Final Fantasy','http://www.ff-xiii.net/images/mini2.gif','finalfantasykid@gmail.com'

mini2.gif is our topsite icon thing, and that other info all is from it too. That string of numbers and letters is the md5'd password.

Wow...free to find md5 hash. I just randomly googled a decrytper, put in the hash and found out his password. I assume he's changed all his passwords but I'll edit out the hash anyway just in case their are a few he hasn't.

Still, nice detective work and it proves how extremely vulnerable that topsite script is.

Wow, I just found that decryption site too, nice pass david xD.

Anyway, the only topsite David uses that log in 'ffxiii' is finalfantasy13.orgs topsite. They use an old version of Aardvark.